Linux for Travelers - Windows Security

Linux for Travelers Forums

LFT — Wed, 25 Oct 2006 10:38:42 -0400

The Linux for Travelers forums are back online. You can now register for this site and ask questions about Linux in the forums.

There are also forums for topics like Windows security, and using Linux in Internet cafes...

Portable Apps

LFT — Mon, 29 May 2006 17:16:40 -0400

A couple of people have written and asked me to mention Portable Apps. PortableApps.com is the most well-known source for portable software, but there are many more programs that will run on a USB thumb drive. Many programs will even run from a thumb drive with little or no modification, for example, Skype on linux (and possibly on Windows too).

PortableApps.com

Portable Apps as offered by PortableApps.com are Windows programs that you can put on a USB thumb drive (or on any kind of storage device) that will run without needing to install them on the computer. The advantages to this are:

The Risks of Using Public Computers

LFT — Sun, 28 May 2006 02:07:44 -0400

Most public computers that I have scanned in my travels are infested with spyware, viruses and/or trojans (malware). It is hard enough to keep a Windows computer clean of viruses if you are the only one using the computer. It is extremely difficult to keep a computer clean if hundreds or even thousands of people are using it.

These are some common activities that people do that can get a Windows computer infected with malware:

Opening email attachments, even ones sent by friends
Browsing the Web with Internet Explorer (especially non-XP/SP2 version of Windows)
Using programs like Kazaa, Limewire, and Bearshare to share files online

Public Web Surfing Article in the New York Times

LFT — Tue, 31 Oct 2006 22:39:35 -0500

The New York Times ran an article on the dangers of using public Internet access.

While it is hard to say how likely it is that someone is lurking on a public network, many public networks do not have adequate security.

Last fall, InfoWorld magazine published an article about a security researcher who managed to collect more than 100 passwords, per stay, at hotels with lax security (about half the hotels she tested).

Gathering reliable statistics about security breaches is notoriously difficult, since companies are reluctant to reveal this information. Still, the most recent computer crime and security survey, conducted annually by the Computer Security Institute with the Federal Burea Description of Investigation, found that the average loss from computer security incidents in 2005 was $167,713 per respondent (based on 313 companies and organizations that answered the question).

As Jim Louderback, editor of PC Magazine, noted, the statistics may not matter given the problems one data breach can cause.

The article mostly covers wireless computing. You can read the full article here.

Beware of Hardware Keyloggers

LFT — Thu, 10 Aug 2006 23:25:10 -0400

It is not common, but computers can have hardware keyloggers attached to them. If a computer has a hardware keylogger on it, it will be able to record your keystrokes even if you are using a Linux live CD.

There is a solution though. While using an on-screen keyboard will not protect you against software keyloggers, an on-screen keyboard should protect you against hardware keyloggers. So the combination of a Linux live CD and the use of an on-screen keyboard to enter your passwords should protect against both hardware keyloggers and software keyloggers.

The Risk of Hardware Keyloggers in Public Internet Cafes

I suspect that hardware keyloggers are not common in public Internet cafes. It is much easier for Internet criminals to use malicious software to do their work for them remotely. Physical devices attached to the computer increase their chances of getting caught.

While most public computers have spyware, viruses, and trojans, very few have hardware keyloggers. In any case, here are some tips:

What Do Hardware Keyloggers Look Like?

I've linked to some images of hardware keyloggers below. The most common hardware-based keyloggers are a physical device that fits between the end of the plug of the keyboard and the box of the computer:

A hardware keylogger that fits between keyboard and computer
A hardware keylogger for USB keyboards
A before and after shot of a computer with hardware keylogger installed. Notice the extra length of cable in the "after" image.
Another hardware keylogger

Hardware Keylogger Lookalikes

Be aware that not every device that fits between a keyboard and a computer is a keylogger. There are similar-looking devices that are made to convert one type of plug to another (for example USB to PS/2). These adapter plugs are harmless.

How to Protect Yourself Against Hardware Keyloggers

It's always good to take a moment to look at the connection between the keyboard and the computer before you use a public computer. That is not the only kind of hardware keylogger though. There are also hardware keyloggers that can be put inside keyboards, or in other hard-to-detect places. By using a Linux live CD in combination with an on-screen keyboard, you should be able to bypass hardware keyloggers.

Keylogger Exploit

LFT — Thu, 27 Jul 2006 17:17:59 -0400

A recent story on the Register describes a computer attack that shows how easily a Windows computer can become infected with a keylogger:

"Surfers who follow this link are taken to a spoof copy of the BBC story hosted on a maliciously constructed site that exploits the unpatched createTextRange vulnerability in an attempt to install key logging software on victim PCs.

This key logger monitors activity on various financial websites and uploads captured information back to the attacker, security firm Websense warns."

It is very easy to infect a Windows computer with malicious software, which is why strong precautions should be taken when using public computers for financial purposes.

New Invisible Rootkit

LFT — Sun, 16 Jul 2006 19:19:23 -0400

CIO.com has an article about a new type of invisible rootkit.

"Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code.

The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors."

A rootkit, is a type of malicious program that allows someone to conceal that they have taken over your computer. Rootkits are very difficult to find, and this new method is even more sophisticated.

As usual, using a Linux live CD will bypass all possible rootkits that may be running on public computers.

Europe Has the Most Zombies

LFT — Sun, 16 Jul 2006 01:43:42 -0400

EmailBattles.com has an article about how Europe has the most zombie computers.

Zombie computers are computers that have been taken over by malicious software. Zombies are used for various unwholesome purposes, such as the creation of botnets — massive networks of zombie computers that combine computing power and bandwidth to distribute spyware, send spam, and perform other bad activities. One botnet was found to contain 1.5 million zombie computers. It was controlled by only three persons, and as the article said, "...it was just a drop in the ocean". That gives some idea of the magnitude of the problem.

Computers can be turned into zombies through trojan horses. They are just another example of the high security risk of using public computers that have thousands of different people using them. You just don't know what kinds of bad things the computer might be doing. Fortunately you can entirely bypass the infected state of a public computer by using a Linux live CD.

Zombie Computer Statistics

If you are interested in seeing live statistics about zombie computers, check out CipherTrust.com.

Wireless Drive-by Attacks

LFT — Fri, 23 Jun 2006 12:28:07 -0400

A new type of security exploit has been mentioned on ComputerWorld.com.

"Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver...

"This would be the digital equivalent of a drive-by shooting," said Maynor. An attacker could exploit this flaw by simply sitting in a public space and waiting for the right type of machine to come into range.

The victim would not even need to connect to a network for the attack to work."

Disable Autoplay / Autorun

LFT — Sat, 17 Jun 2006 22:38:41 -0400

One of the highly insecure features of Windows is the way it can automatically execute files on a CD or USB device when that CD is inserted or the device is plugged in.

An example of this computer attack: someone comes up to you at an Internet cafe and says "can I plug my iPod into your laptop to charge it?" The iPod is plugged in, a file is automatically executed, and your computer has been successfully attacked. (Note this is generally only a problem with Windows, not with Linux or Mac OS X.)

Another example of this kind of computer attack is when a record company used it to install spyware on people's computers.

The most basic method to prevent autoplay is to hold down the Shift key when inserting a CD or attaching a device. It is not always easy to remember to do this though.

To permanently disable Autoplay on Windows NT (including XP), you can edit the Windows Registry with the following steps. These can be found on Chami.com, but I have added screenshots to the steps. If you are using Windows 95, see the Chami.com page for instruction on disabling Autoplay on Windows 95.

1. Go to the Start Menu and click on "Run", as highlighted in the image below:

2. In the Run box that appears, type regedit as shown below: