Wirehead Studios

General Discussion => Rants and Randomness => Topic started by: Makou on 2006-03-17, 06:35



Title: More computer stuff (This time, protecting it)
Post by: Makou on 2006-03-17, 06:35
Okay, so I'm usually pretty far behind the curve when it comes to this kind of thing.

I have an antivirus program (Norton Systemworks) that I keep up-to-date, and I run Adaware and Spybot Search & Destroy on a regular basis. Something tells me, however, that I'm missing something.

Is there anything else that I should have and be running on a regular basis?


Title: Re: More computer stuff
Post by: Angst on 2006-03-17, 07:14
firewall, if you're picky.


Title: Re: More computer stuff
Post by: Makou on 2006-03-17, 08:48
I'm not quite that picky. And I've suddenly run into a pair of issues.

I downloaded the most recent definitions for Ad-Aware. I ran the program, and it decided that mIRC (version 6.03) was a trojan. Running cleanup killed mIRC's installation. This seems to be an issue others who still use that version are having -- can anyone else confirm?

Also, I had a hell of a time getting my NAV definitions up-to-date. Running LiveUpdate produces the error:

"LU1875: This update failed during its preprocessing welcome text phase"

And nothing I seem to do (even following their instructions) gets rid of it. I managed to get the definitions current using their Intelligent Updater thing, but LiveUpdate persists in giving me that error. Any help?

Edit: After making sure everything was updated and such, and with mIRC fully uninstalled, Ad-Aware, Spybot, and NAV found nothing, and Norton One-Button Checkup also didn't find anything amiss. I guess that's a good thing.


Title: Re: More computer stuff
Post by: shambler on 2006-03-17, 18:02
I'm not an expert, just paranoid, and I use:
Norton inc. firewall
adaware
spybot
peer guardian2 (never leave home without it)
Ewido (which I swear by)
and rootkit revealer






Title: Re: More computer stuff
Post by: Phoenix on 2006-03-17, 18:35
I'm not sure about ad-aware detecting mIRC as a trojan.  Sometimes programs report false positives.  Sometimes they don't.  I'd download a fresh copy and install it to be on the safe side, as a trojan might infect mIRC.  If your sweeps come up clean you should be ok so long as you don't have any more odd behavior, eg popups out of nowhere, slow system response, antivirus software mysteriously vanishing off the task bar, etc.

Got broadband?  Router.  Use one.  Period.  D-Link DI-604 for hardline is a nice model with nice features.  I use one, I like it, I've had no problems with it.  It's user preference of course, however, if you plan on doing anything fancy like forwarding ports to host a visible Quake server, avoid Linksys.  Their BEFSR41 v2 routers were nice.  Since Cisco bought them and they replaced the v2 with the v3, they suck.  If you go for wireless, well, talk to someone who uses a wireless router.  I hardline everything because it's more secure and I don't have to worry about EMI.  Still, up to you what to use, but any router is better than no router.  Just remember to secure the wireless router so some 2-bit script kiddie can't go war-driving with a laptop and hack you or your neighbor leech your connection.  Also, if you plan to host, learn how to configure port forwarding.  Setting a computer to DMZ Host (De-militarized Zone) is akin to unplugging the router and plugging the computer straight into the net.  IT'S A STUPID IDIOTIC THING TO DO.  (None of this really applies if you're in college of course, you're at their mercy but I post this for the benefit of all.)

Web browser, I'm assuming you use something other than Internet Explorer?  If you're using Firebird, er, that's right they renamed it to some small, furry mammal (bastards) download the Adblock extension and get with either Con or myself for some nice default filters.  Also download the No Script extension.  I recommend this one religiously because most nasty agents that can infect you from a web page execution require java script in the first place, including active-x controls, flash, iframe triggers, etc.  Locking out java script on everything except sites you know and trust will almost completely eliminate the chances of getting infected by a bad website.  No Script won't protect against email worms or anything that you view with internet explorer however.  Disabling java script and active-x in IE, except for Trusted Sites, is advisable but can be a pain to manage, and for Windows Update you MUST have java script AND active-x working, so you either have to leave it all on, or else throw every Windows Update-related site into your Trusted Sites list.  Best to just use IE only when another browser won't work, like Windows Updates.

And yes, Windows Update.  Patch, patch patch!  Patch every flipping security hole you can.

Peer-to-peer file sharing.  Bad idea.  If you do share files, scan every flipping file that's uploaded to you, and everything you download.  There are several trojans that spread over peer-to-peer fileshares, and also unscrupulous people who get their kicks from uploading malware to anyone they fancy.  Don't peer with strangers.

Lastly, preview pane in Outlook Express.  Bad idea, turn it off.  That's how most people get hit with email worms nowadays because it opens and executes the email in the process of previewing it.  Go into your inbox (Inbox, NOT the main Outlook Express welcome page), then go to View, Layout, and uncheck the box that says "Show Preview Pane".  This will prevent the very act of simply highlighting an email causing an infection.  If you ever want to examine the contents of a questionable email without risking opening it, right-click the email, select "properties", click the "details" tab, then click "Message Source" and you can see the contents of the message (in source code form) without triggering a code execution.  Beware of anything that has an attachment, regardless of who it's from, and any time you get a message that says something like "Hi" or "URGENT" or something like that, treat it as suspect even if you know the sender.  Often times it's a forged address and actually originated from a third party that may have received a message from both you and the sender in the past.  I've had a few messages from "ConfusedUs" that were stripped of viral code, and Ward's gotten a few from "me" that also contained viral code, yet neither Con nor myself sent them nor had a virus at the time.

Programs I use:

Symantec Antivirus Corporate Edition (Client Install).  Low footprint, no subscription requirements, and scans realtime.
Spybot S&D - occasional scans of my own system just incase Counterspy misses something.
Counterspy - VERY nice program, has lots of nifty features, including process termination, control over system hooks, Browser Helper Objects (BHOs), toolbars, etc.  It can be a little bit of a resource hog, so remember to shut it down when gaming.  Has a fully-functional trial period, so it's not "gimped" when you install it.
Rootkit Revealer - if you don't know what a rootkit is, google it.  "Sony" might come up in the list. ;)
Cookie Pal - cookie utility for Internet Explorer.  I started using this when most people didn't even know what a cookie was.  IE's cookie handling has improved vastly since IE4, but I still use it because IE doesn't clear things properly when you flush the cache, and I like Cookie Pal's handling of cookies better.

Those are the ones I use regularly and keep running.  I don't use Spybot's TeaTimer function because Counterspy does the same thing.

For fixing a system I know is infected I'll throw Ad-Aware in the mix, along with Hijack This!  Hijack This! is good in that it reports potential threats based on behavior, and shows you a lot of techincal stuff that helps pin things down.

Now I will say straight up that I've seen Spybot, Ad-Aware, and Counterspy miss things on compromised systems that I've had to fix.  Symantec Antivirus Corporate (build 10) caught 2 trojans that EVERYTHING, and I mean EVERYTHING ELSE missed on one system, including Trend Micro's "housecall" web-based scanner AND Symantec Corporate build 8.  One of these was BizDollars (or something like that) that kept popping up internet explorer ads any time the system was connected to the net, without any obvious running process, and no system hook.  It was buried nice and deep into the OS to the point that I couldn't find it even manually checking the registry and running modules - and it wasn't even rootkitted.  The other was the dropper program that initiated the infection in the first place.  The older antivirus program on the system (Norton Antivirus 2002 Professional) missed 12 virus infections all total on this machine.  I've had other machines where I've had to manually kill processes and remove infected files myself because they were overpowering the antispyware aps.  It's not just a matter of having updated definitions, you really need to have an updated antivirus ENGINE to catch this crap.  They're getting sneakier and sneakier all the time.  The best defense is to never get infected in the first place.  If you DO get hit by spyware, running your scans from "safe mode" is the best way to remove them because more often than not spyware doesn't run in safe mode and you don't have the spyware process defeating the antispyware and antivirus programs.

Now as to my advice, some may seem obvious and some overly paranoid, but remember that I have, to date, NEVER had an active virus or spyware infection on my machine.  I'm not saying it can't happen to me, but I figure I have a pretty good record so far.  :thumb:


Title: Re: More computer stuff
Post by: Makou on 2006-03-17, 21:37
Thanks for the advice, Pho. I'll look into a couple of those.

Rootkits suck.

Now, I try to figure out what inside my computer is making funny noises. I think it's a fan (they're about the only real moving parts in these things, other than disc drives -- and this definitely isn't a disc drive), but I'm not sure which one. And there's not a lot I can do about it at the moment, anyway. At least my system isn't running abnormally otherwise. Sigh.


Title: Re: More computer stuff
Post by: Phoenix on 2006-03-17, 22:31
Most of the time it's a fan.  Fans on video cards seem to be the worst offenders.  They're usually pretty cheap and not very reliable.  The good news is they're not usually necessary in the first place, especially on the lower end cards.  You just don't want to let it go if it's the CPU fan or a power supply fan.  Fans tend to rattle a bit when the bearings go bad, hard drives will groan horribly, usually when the drive is first started and the system is cold.  Easiest way to tell is let the system cool down completely overnight, unplug the hard drive, and turn it on.  If it makes noise you know it's not the drive.


Title: Re: More computer stuff
Post by: Makou on 2006-03-17, 22:42
It's not a constant noise -- it's random at best, and lasts for random durations. I actually haven't heard it for a while now. It sounds like a semi-high-pitched grind when it does make it, but the temperature on the video card is staying fairly constant (between 32 and 34 degrees C). I can also feel the other fans pushing air around if I place my hand over the vents, and the harddrive is acting normal (access speeds and such are the same, and its usual "I'm thinking, damnit!" grind-ish sound is the same as it was on day one).

To be on the safe side, though, I'm not going to push this thing that hard until I have a chance to really look at it. This campus is usually fairly dry -- that means a lot of static, so I don't feel safe opening the case here. Worst case scenerio is that the noise bugs me to the point that I turn the thing off and tell the campus that I need my account reset so I can put my old laptop on the network until I get the PC fixed.


Title: Re: More computer stuff
Post by: YicklePigeon on 2006-03-17, 23:26
Y'know, I still recommend wholeheartedly: Pegasus Mail (http://www.pmail.com/) and here's just  two simple reasons why:-


  • Pegasus loads up extremely quickly considering I've got over 6300 emails archived back here
  • The ability to selectively download emails - that is, you download the email headers temporarily and you can double click on any of these for more technical information (often showing that suspect email came from "g4875739sfks@gmail.com" or other such address).


I started using Pegasus about 6 weeks or so after first going on the net and using Outlook, to read about all of the security breaches in Outlook (this...in 1999!) and the article recommended other email clients...after trying them all...I chose Pegasus :)

Regards,

Yickle.


Title: Re: More computer stuff
Post by: Phoenix on 2006-03-18, 15:54
Mak, I'd recommend picking up a grounding strap.  You can get them from any computer hardware store, and I think Radio Shack stores must certainly carry them.  You clip them to the PC chassis and strap it to your wrist and it'll remove any static on you.  Alternatively, you can keep constant contact with the case - power supply housing is best.  If your power supply has an "off" switch on the back of it, turn that off and plug it in.  The power switch on the PSU I'm referring to will be a black rocker switch with an I and a O next to it.  DO NOT FLIP THE RED VOLTAGE SWITCH!  For a US system it should always be set to 115, it should never be 230 unless you live in a country that uses 230volt AC.  If you flip that switch to the wrong setting and apply power you will kill your system, period.  If you don't have an off switch on the power supply but you have a power strip with an off switch, plug your PC into that, plug that into the wall and turn the power strip off .  I know it sounds backwards from conventional logic, but it allows the chassis to be grounded, which you want in a high-static environment.  You HAVE to have that AC power switch or the power supply still supplies some current to the circuitry.  You should always kill the AC power before working on internal PC components for that reason.  The old AT computers killed the AC to the power supply, but since the ATX design introduced all this "soft off" stuff you have to be a bit more careful.   Just remember to flip the AC power back on before booting.  (I've scared myself a few times by forgetting to do that!)

Another thing you can do to test the hard drive is unmount it from the case and boot the PC with the drive sitting outside the chassis on a suitable non-conducting surface.  It is not a good idea to do this when it's so dry that you're throwing lightning bolts at doorknobs, but if you ground yourself properly it's usually safe, just level the drive on a book or something, so long as it's not circuit-side up.  Booting with drives turned upside down is not a good idea, I know in older drives it was fatal.  You can listen more closely to the drive by getting your ear up next to it.  If it's the hard drive making a rattling, grinding, or squealing noise (not to be confused with the normal clicking heard when accessing data that you mentioned) then odds are it's the drive bearings becoming worn.  If you have worn drive bearings you will have to replace the drive fairly soon since worn bearings will eventually result in the drive failing.  Drive bearings will usually be noisy when you first start the system, and as it runs more and heats up a bit the sound tends to go away.

Still... that intermittant grinding sound certainly sounds like a small fan somewhere in the case.  Rattling fans will still push air, and temperatures can be fine, it's just that the longer this goes, the more likely the fan is to seize the next time you start the PC.  A case fan doing this won't kill the PC, a power supply or CPU fan will, though a failed PSU fan takes a bit longer since the PSU has to destabilize.  Again, I recommend pulling the hard drive and letting it run without it and checking all the fans.  If you want to isolate which fan it is usually you can press on the center of the fan to slow it down and stop it (not the blades, that might smart a bit) and see if the rattle goes away.  If you have a grill on the fan, or it's a high torque fan like a Vantec tornado (or any high CFM Sunon or Delta fan) you'll have to either unplug the fan or go by process of elimination.  Don't ever unplug the CPU fan, and never unplug a fan while the system is running.

To check the video card fan, you can always remove the video card and unplug the little two-wire connector and run the system with it temporarily disabled.  Just don't do anything smashing like running Gen or Doom 3 with the fan unplugged, and don't leave it like that for too long.  Sometimes you just need to use some compressed air and blow the dust out of the video card.  That solved it for a friend's BFG tech GF FX5200.

Besides case, CPU, power supply, and video card, there's one other place you can have a fan go bad.  My motherboard came with a heatsink and fan on the Northbridge chip.  It went bad and started the intermittant rattling sound.  I replaced it with a Vantec copper northbridge active cooler.  Looks very nice, and does a decent job.

You can run for a while with a rattling fan so long as your system performs properly and so long as it's not a system-critical fan.  Just don't wait forever to get it fixed.


Title: Re: More computer stuff
Post by: Makou on 2006-03-18, 20:08
Thanks, Pho. I've already determined that it's not the harddrive -- it makes no funny noises when I boot the machine nor when I'm trying to access data.

And here's the odd thing -- my system is running just fine at the moment, it sounds identical to how it did when I first brought it home (no louder, no quieter)... and I haven't heard this noise since I mentioned it's intermittant. But, it's running as it should. I'm still concerned, but I'm not in the panic I was in for the last couple of days. As long as it continues to run normally, I can probably survive for a bit longer without having something fail.

I'm still going to look at it when I get the chance, but unless it does something incredibly stupid, I think I can wait until I'm in an environment better for working on a PC's internals. Not just in terms of static, but space, too -- I have nowhere to put the damn thing to work on it.


Title: Re: More computer stuff
Post by: shambler on 2006-03-19, 17:54
Quote from: Phoenix
you will kill your system, period.  

 
Lucas my son once did that on an old AT system.

Was trying to plug in a joypad at the time. tried at first to deny it, but I found it set to 115volts.


Title: Re: More computer stuff
Post by: Makou on 2006-05-06, 04:28
Time to jump on some of this.

Pho, which version of Adblock should I get? If you can help me with those filters, too, that'd be fantastic.

Also, I'm guessing the only version of NoScript Firefox's extention search finds is what I should use, and that one's something I should setup on the fly.


Title: Re: More computer stuff
Post by: Phoenix on 2006-05-06, 04:42
The NoScript version I'm running is version 1.1.3.4.  If a newer version is available go with what they're providing.  Run whatever version of Adblock is most current as well.  It should be version 0.5.3.042.  https://addons.mozilla.org/firefox/10/ (https://addons.mozilla.org/firefox/10/) might link to it.  http://adblock.mozdev.org/ (http://adblock.mozdev.org/) is the Adblock site page.


Title: Re: More computer stuff
Post by: Makou on 2006-05-06, 04:49
Wow, NoScript is blocking something from wireheadstudios.org. I'm sure this is one script I can definitely trust, of course. :P

If you have the time to help me set this up, I'm on IRC right now.