catacomber.com : : ride the light

Post your security tips here. One is not to post your email address or date of birth or other similar personal information because the internet is constantly trawled by bots who collect such stuff. If you have anything like that posted here, you should delete it--not your whole post but just that info.

Hi everybody,

I've just noticed some of you are posting dates of birth (I hope you lied), area you live in (I hope you lied) and other personal details on the forum. Don't! Please don't! If you have done so, then you are putting, to put it bluntly, your life's savings at risk.

The golden rule is never, ever, ever put personal details on the web if you don't have to.

I would hate beyond measure to hear from any of you that you have been cleaned out, and the bank denies liability (and they will), because you have posted personal information.

THIS IS SO IMPORTANT THAT I AM GOING TO REPEAT IT
never, ever, ever put personal details on the web if you don't have to.

And as an adjunct, you must follow the basic rules of web hygiene as follows:

Keep AV up to date
Don’t visit sites your AV says are unsafe
Get a good firewall and keep it up to date
Run anti spyware once a month
Make sure your OS has the latest security updates
Never ever ever open email from an unrecognized source!
Change your passwords once every three months (minimum)

People, too many of you are reconstructing hard drives/have done so because of viruses. How many of you have checked/changed your access codes recently?

DO IT NOW, PLEASE

You're too good a bunch of people to lose any of you because of simple internet hygiene.

I can't help beyond the above, because I am merely a computer journeyman, but I am SERIOUS this time.

Best
Moth

Excellent advise Moth. I can't tell you how many times I have had to remind my son of many of the things you have mentioned.

I'm also very cautious with forwarded emails. Many years ago I go a virus from a fwd email a friend sent me. Now, I pretty much delete anything that's a fwd. If you do want to pass on info, just copy and paste it in a new email. It's very simple to do. You will also be doing your friends a favor by eliminating the headers and auto signatures that are often in those forwards. Many times people send things from work and the email contains their full name, work phone #, address, etc.

Remember, what you put on the Internet stays on the Internet and it's readily available to be viewed by millions of people.

Moth,
Thank you,thank you,for your posting this! I myself am going to heed your advice.


Echo,
Your advice on forwarded e-mails is valuable, as well. A lot of folks really don't think twice about opening e-mails that have been forwarded to them by a trusted friend.

The only virus I ever got came from a seller on ebay that I had bought a lot of books from.

Someone infected her and when she forwarded a "thank you" for purchasing my book email to me, I got the virus too.

That was about 5 years ago and am a wiser Cat now.

So emails even from people you're used to dealing with can be iffy--which is why it's good to have as much protection as you can.

Hi Everybody,
Just to show you what you should say, I've entered my location.
As Torquemada said:
Be pure
Be vigilant
Behave

Best
Moth

Nowadays if you have a good antimalware product, such as Vipre, AVG, BitDefender, or whatever you like, it should have the ability to monitor your email and visited websites while you are accessing them, so you aren't likely to get anything.

Don't even ask about Symantec/Norton (*spits out bad taste*).

It is still advisable to not open email that you can't identify the source of, or anything that has pictures or Flash files embedded, or go to "adult" or pirate websites, but you can even get something bad from your own bank's website if their server has been compromised.

The only way you are really going to be safe is to unplug your computer, stick it in an impregnable safe and never take it out again. Obviously some sort of balance has to be struck

I have a hate relationship with Norton--for some reason it kept me from getting on the internet.

LOL, Moth. Is your name Moth? Or something else? : ) My name is Catacomber. : )

Oddly enough, Norton managed to completely glitch my registry five years ago leaving me unable to indtall any anti virus software at all! Hence now using McAfee.

My name is definitely Moth, I think! But there again....

Too confusing for me!

I had a lot of issues with Norton several years ago too.

I am not very computer literate, though I have improved in that regard over the years. I'm definitely a "once burned, twice learned" kinda gal. I still delete forwarded emails and will continue to do so. It's really not difficult to send something to someone without simply using the fwd button. Sure, it might take you 2 minutes longer to do so, but if Echo can figure out how ti do it, anyone can lol.

Certain forwarded emails I will open, because they are from individuals whom I know are as careful (paranoid) as I am (or worse if that's possible) about their computer security.

Other things to watch out for, do not click anywhere on any popup that appears on your screen unless you know absolutely that it is something legitimate, such as a chat window that expands from a technical support site after you click the Chat button. Popups can be closed from the Task Manager (Ctrl+Alt+Del and click Task Manager or Start Task Manager) by selecting the title of the window in the Applications or rarely the Processes tab. Be careful about closing Processes as there are a lot there which are necessary for your computer to keep running!

Oh, one more thing: this involves the wmp:

A couple of years ago I got a nasty addware/spyware thingie from using Windows Media Player to listen to Internet radio stations on the computer. When I had to have my hard drive scraped, the tech warned me about using wmp to access Internet sights like radio stations. Apparently there were (at the time) a lot of security breaches with that application and it was an easy portal for viruses. Not sure if the security issues have been corrected since then, but I no longer use wmp.

Hi everybody,
Some of the stuff being talked about here is techie. Some of you might be going what do you mean? Spy ware? Fire walls?
I hope anyone with better knowledge than I have will jump in and correct me where I'm wrong.

Just to deal with spyware. It is used on the whole to prevent tracking of your internet usage, but at a higher level can help to stop unauthorised recording of keystrokes you make (eg entering your credit card pin on an internet transaction). Almost every web site you visit will track your presence, many will attempt to download software onto your computer which reports your buying/surfing habits. In it's benign take this allows you to be targeted by businesses interested in selling you stuff you had looked for on the web. Its less benign take means your credit card has been maxed out!

I use Ad-Aware by Lavasoft to regularly clear my computer. At it's basic level, this is a free program. There must be many others out there as well.

But the responsibility for keeping you safe on the web lies with you.

Best
Moth

By all means, anyone who has a question of "well just what the heck is a ...?", please do ask, I am sure anyone who knows would be happy to explain. I would.

Up until Vista came out, Microsoft was very lax with security on their client (home/office computer, as opposed to server) versions of Windows. It was always considered best to use any possible alternative for things like web browsers, media players, etc. and to secure your computer in any way possible. Now you still need to secure your computer, but things like Windows Media Player and Internet Explorer are more secure.

I still prefer to use alternatives as I see them as better, but that's just a personal preference.

Hi GlassDeviant,
I don't want to get started on Microsoft, because that's a never ending tale of woe, but it sounds like you've moved past Vista and onto 7. Is it as good as the press report? Or should we take the cautious approach and let someone else deal with the bugs first?
Thanks
Moth

7 is not revolutionary, it is evolutionary. It is Vista "fixed", and as such shouldn't be avoided. If you are moving from XP, go straight to 7, do not pass Vista, do not lose $200.

At work my colleagues and I have been not just testing but using 7 (the RC or Release Candidate version) for months. We use it at home as well, though I haven't gone as far a one fellow who uses 7 on all of his computers (he has 4).

If you've gotten used to Vista and don't have any complaints about it, there's not a significant reason to upgrade just yet; however, a lot of people have and like 7 a lot. Plus you can get a special "Family" license for 3 copies of Home Premium (I think it's Home Premium) for a significantly reduced price.

Hi Glass
See my previous, I use XP at work, but have stayed with 2000 at home. How secure is 7, and should we all be migrating that way?
Obviously 7 is going to be the new virus target. Is it robust enough? Or is it like Vista, which didn't live up to the hype?
I'm afraid I'm dubious about anything coming out of Microsoft, because they've promised the world and delivered Hades in the past.
My take is it is probably safe to move to XP now, because the virus merchants will be concentrating on Vista and 7. Your thoughts would be welcome.
Best
Moth

Moth, I've been using XP for awhile now and I really don't have virus issues per se. My problematic issues (spyware/adware/mild Trojans) stem from my son's use of my computer. He has a habit of visiting freeware sites and other sites that are notoriously problematic, as Glass previously mentioned. That said, my MacAfee is very good at quarantining these buggers, so I can remove them before they wreak havoc on my system.

As an aside for others: you should still heed Glass' advice re: steering clear of the known problematic sites, the fact that the buggie prgrams can often be caught by antivirus, etc., software should be viewed as a safety net, rather than a cloak of invicibility. I'm just sayin'

A lot of my xp programs don't work on vista so have stayed with xp. If 7 fixes what needs to be fixed for vista that's great, but still waiting to see if my programs will work without a significant investment. : ) I also feel safer in xp as figure most Trojan guys are targeting Vista and now 7. : | When xp no longer does the job or this computer dies will move to 7. : )

There is a 32-bit XP virtual machine than you run on top of 7 that will solve that problem, except in a few instances.
http://www.bit-tech.net/gaming/pc/2009/10/22/windows-7-games- compatibility-testing/2

I will see if I can find a list of things that don't run in XP mode.

I figured out a way to completely and infallably Mothproof my computer. I installed a bug zapper.

I hope it's a humane one!

Nooo! Don't zap our Moth! *gasp*

Moth wrote:

QUOTE:
Never ever ever open email from an unrecognized source!

DEAR SIRMADAM

I AM MR. MARGARET VISCHENKO CREDIT OFFFICER WITH THE ROYAL BANK OF VLAGOS, SAVIRIA. I CAME TO KNOW OF YOU IN MY SEARCH FOR A RELAIBLE AND REPUTABLE PERSON TO HANDLE A VERY CONFIDENTIAL BUSINESS TRANSACTION, WHICH INVOLVES THE TRANSFER OF A LARGE SUM OF GOLD TO AN ACCOUNT REQUIRING MAXIMUM CONFIDENCE.

I HAVE SUCCEEDED IN CARRYING FOUR METAL BOXES OUT OF THE COUNTRY WITH THE AID OF SOME TOP ROYAL OFFICIAL WHO SHOW SYMPATHY TO MY FAMILY, TO A NEIGHBOURING COUNTRY (LUKOMORYE) TO BE PRECISE. I PRAY YOU WOULD HELP US IN GETTING THESE BOXES TRANSFERED OVER TO YOUR COUNTRY. EACH OF THESE METAL BOXES CONTAINS SGC5,000,000.00 (FIVE MILLION SAVIRIA GOLD CROWNS) AND TOGETHER THESE FOUR BOXES CONTAIN SGC20,000,000.00(TWENTY MILLION SAVIRIA GOLD CROWNS ONLY). THIS IS ACTUAL WHAT WE HAVE MOVED TO LUKOMORYE.

THEREFORE, I NEED AN URGENT HELP FROM YOU AS A PERSON OF GOD TO HELP GET THIS MONEY IN LUKOMORYE TO YOUR COUNTRY. THIS MONEY, AFTER GETTING TO YOUR COUNTRY, WOULD BE SHARED ACCORDING TO THE PERCENTAGE AGREED BY BOTH OF US.PLEASE NOTE THAT THIS MATTER IS STRICTLY CONFIDENTIAL AS THE NOBILITY WHICH MY LATE WIFE WAS PART OF IS STILL UNDER SURVAILLANCE TO PROBE US.

YOU CAN CONTACT ME THROUGH MY FAMILY SCRYER AS INDICATED ABOVE AND ALSO TO LIAISE WITH HIM TOWARDS THE EFFECTIVE COMPLETION OF THIS TRANSACTION AS HE HAS THE MANDATE OF THE FAMILY TO HANDLE THIS TRANSACTION.

THANKS AND BEST REGARD

JUST A WARNING!!!
According to research, private messaging (pm's) are really easy to hack...
Which can lead to spammers and eventually, even the site can be hacked...
So cat, apparently, its recommended to delete the plugin that is used for the pm system, and just to start using regular email address to talk with other forum members privately.

Hi Civil Striker,
Way above my paygrade. I started this thread because the lack of security frightened me. Can you send an email to Cat giving full details and let her make an informed rather than Knee jerk response.
Best
Moth

Can do.

thanks

Lenny? Really? I sent you a reply pigeon mail but pigeon has one wing and is often stopping for pitstops.

Thanks, guys. Will consider the pros and cons but from comments I've read other places people are unhappy without a pm system. I have an open mind about this however.

Cat, have you gotten my pm on the subject? It includes the site where I found the info. Depending on which plygin you use for pm, you might not need to worry.

Yes, thanks! Will check it out.

re-re-restart:

Sorry, I'm a bit late to the party.

I see some recent (and frantic) comments about issues with bbPress / WordPress forum software, and its Private Messenging plugin.

Is that the issue here?

Also, some other, more recent comments regarding SQL injection vulnerabilities in a few Joomla plugins- not PM specific. Is it that?

Sorry, I'm new and probably not qualified to talk or even ask.

____

Looks like the greatest concern would be an older version of Fireboard / Joomla running the site.

Cat: if you haven't upgraded the forum software in the past 18 months or so, it might be a real good idea.

Anyone's qualified to do anything here

The problem with the pm system is that its easy to hack, not virus injected.

There are some problems common to *all* messaging systems. Impersonating or spoofing other users, sending deceptive or dangerous advice (for people to read and follow).

Using PMs to directly compromise the forum or its database- is a problem with specific versions of software. Its more serious, but fortunately easier to repair.

'SQL injection' is not a virus- its about sending specially formatted messages to Web site input boxes, to disrupt the forum's database, and "hack inside". Older forum software is more likely to have bugs that would allow this.

But plugins are usually where the problem shows up these days.

I think I get them all the time but I never open them. : )

Hi All,
This won't be news to many of you, but could help point some in the right direction. I've recently, on an up to date OS/firewall/antivirus etc etc had a couple of instances where following links have caused what Microsoft refers to as a DEP error. You can follow Microsoft advice but unfortunately it won't cure the problem.
This error manifests itself by immediately closing down your web browser as soon as you try to open it. Which is frustrating to say the least as you can't then access internet support!
What you should do to cure the problem is:
1. Run a Full antivirus scan (not strictly necessary but do it anyway) and apply the cures it recommends.
2. Run a full spyware scan, and again, not strictly necessary. If you don't have anti spyware software, Ad-aware (search it on Google) have a very good free program. Stick with the free bits, don't pay for the frills.
3. Run "system recover", This is one of the options (in Microsoft XP at least) that you will get when you hit the help button on the main drop down/pop up "Start" menu. Choose a date and time just before you started to get problems.

Hope this helps.
Best

Moth

3. On vista its called "System Restore"

Why are you running Vista?
Just curious.

My father swears by it... I want to get windows 7... soon

Is that swears by it or swears at it?
The nice thing about XP and 2005 is that most of the viruses these days are aimed at Vista, so you stand a chance of dodging them. And your right in XP it is also called "system restore", I feel so guilty already, maybe I should go for a job with Mibrosoft!

Lol

My father swears by vista, I swear at it

I hope you didn't have your SvcHost.exe deleted this week. McAfee really messed up this time.

Hey Moth,
Thanks for the info along with everyone else here! I had problems with my PC for a while and restored it a couple of times and still had problems. I had Norton 360-crappy anti-virus. A friend of mine that programs computers told me that he uses Kaspersky anti-virus. I bought it, installed it and it found so much junk in my computer- including a worm in the partitioned side of my PC that you restore from! When I installed the Photoshop elements and Corel painter pro that came with my writing tablet, it let me know that it contained malware! Anyway, my PC runs great now! Thanks!

Thats great!!!
Good choice for antivirus. It has yet to let me and my family down