I’ve just found this site. Here you can learn about almost any process. This library helped me to detect two new trojans on my PC. You can also visit this page for faster navigation in the library.
To close open ports choose “Traffic Policy” in left column of the window. There is a list of current options. Then press “Add” under the list of options to create new one. Double click on “Any” in “Destination” section will open this window.
Press “Add” and enter “localhost”. The press “OK”. Double click in “Action” section will open this window.
Please choose “Drop” and press “OK”.
To finish operation click on “Service” section and enter a number of port you want to close. That’s all.
Open application. Press “Firewall” in the left menu of main window than press “Expert”.
Here you have to select protocol and type a name of port you want to close.
Using this method you can close all open ports you want.
When you are surfing the global network uses opens a number of ports. The most of software applications are intended for using of fixed port. As you can see on this picture Interne Explorer uses 80 port. Mail delivery applications such as Outlook and The Bat! use 25 and 110 ports. If you install Emule it will open 4662 and 4672 ports. Thus I computer is not secure because every application can open any port and transmit data by way of it. Besides, any external application also can connect to these ports. For example, I-Worm.MyDoom trojan can infect you PC. It opens 3127 port and hand over your private information. To reduce this threat and to monitor all ports there is some special applications. To reduce such thread you should close ports that you don’t need. There is some ways to it. For example to use Windows Worms Doors Cleaner. It is easy to use but it gives an opportunity to close only 135-139, 445 and 5000 ports. But to set up more reliable protection you should use special applications such as Firewalls. In next posts I’ll describe how to reduce this threat by means of such firewalls as Outpost Firewall, Kaspersky Internet Security, ZoneAlarm PRO, Comodo Firewall and Kerio Personal Firewall
PS Here you can see the list of common ports and to check them.
Almost all Internet users face problem related to passwords and personal data storage. Usually we use a lot of different services and most of them ask you to inter your unique password and username. Some people use the same combination for all sites and services they use but it is clear that such method is not reliable. Fraudsters can still your combination and act like you on every site. So we have to do smth with the great number of passwords that we use.
There is some software applications which store you passwords but they have a number of disadvantages – for example, you can not use them when you use not your own computer. It is more secure and comfortable to use online passwords storage services. I know that there is a number of online password storage services which are reliable and easy to use but I use this one.
Clipperz - This service is very easy to use and provides a lot of opportunities. You can create different cards for different sites. There is also Direct Login function – it creates special links. Clicking them you can directly login to any site without entering password/login combination. If you are Firefox user you can use this service in sidebar window. There is another interesting feature – disposable passwords. You can list them and to use in the place were it can be stolen for example in a library or Internet cafe.
Present day viruses can infect not only your computer but also for your mobile device. Kaspersky Lab has just reported about detecting of three variants of new trojan application for mobile phones. It is Trojan-SMS.SymbOS.Viver. This spyware sends paid SMS messages to premium number. Thus money is transferred from users account to fraudsters account. This kind of trojan applications is not so new. Similar applications were detected last year. They are able to run on almost every mobile platform. But Viver virus is assigned only for Symbian mobile operating system. Thus it is first trojan-SMS virus for smartphones. The analysis shows that this virus is distributed by means of free warez sites and looks like useful Symbian applications such as media players, photo editors and etc.
Today we have to pay for almost everything, but there are still some pleasant exclusions. I have to note that all free antivirus applications doesn’t guarantee maximum security and defend your computer only against the most widespread viruses. It is said that more than 200 of new scumware applications appear each day. So the key factor is regularly updates. Unfortunately in case of free antivirus applications doesn’t give such opportunity.
There are two kinds of antivirus software. The first one is “on-demand”. Such applications are recommended for those users who don’t use Internet and email and don’t copy too much files to their computes. You can use “on-demand” antivirus only to check new disk or storage device. The second type is “on-access” applications – usually they include “on-demand” scanner but have also special mode which monitors all processes. Such application are more effective but can slowdown your PC (it is not of current importance for present day computers).
Among “on-demand” scanners I can recommend Bitdefender. You can find free version of this application on official web site. Virus definitions bases are updated regularly. Due to this Bitdefender is one of the best of free antiviruses of such class. According to some specialist it is able to detect more than 88% of all viruses.
Another free “on-demand” antivirus is ClamWin. It is assigned for Windows. It can not delete infected files but can move them to “quarantine”. It also can integrate with Internet Explorer and Outlook. It is said that it detects 48.44% of all known viruses.
“On-access” antiviruses have more opportunities. For example avast! 4 Home Edition. It has so much features that it is difficult to believe that it is free) This application supports Windows XP Professional x64 and has an opportunity to monitor web traffic. Virus bases are updated regularly. It detects about 79% of all known viruses.
The next antivirus is developed by German AntiVir. AntiVir® PersonalEdition Classic has no such impressive list of features but nevertheless it copes with a task. Antivirus bases are also updated very often. It is said that it detects 84.5% of present day viruses.
The last antivirus application is AVG Free by Grisoft Inc. . It is rather famous and updates its bases some times per day. Unfortunately according to research the percent of detected viruses is only 54. But it has very nice and usable user interface.
Cookies are text information which is saved on users’ computers on demand of web server. This information is transmitted back during next site visit. Main functions of this technology are
1. session organization for online shops, forums and other interactive systems. In that case cookies contain unique user ID.
2. different user’s parameter keeping.
3. user’s identification in such systems as rating systems, counters, banner advertising systems, online polls and etc.
For the last time cookies technology attract a lot of attention of infroamtion security experts. The main reason is that cookies can contain private infroamtion and can be stolen by means of spy applications.
Here is some ways to steel this information
1. Сross Site Sсriрting This method is based on including trojan code in legitimate web page. This script transmits cookie to fraudster.
2. Web browser vulnerability
3. Trojan applications using. This application amylases cookies and transmits information to malefactor
5. Using of public computers (for example in libraries). A lot of users don’t care about deleting cookies after using such computers.
6. Cookies interception by means of network traffic analysis tools.
To reduce cookies theft threat you have to apply these browsers settings
Internet Explorer
Medium position of this switch means that your browser blocks some cookies (counters, ratings). Maximum position means that your IE blocks all incoming and outgoing cookies. Due to “Sites” button you can specify exclusions.
There is also “Advanced” button. Here you can stop automatic cookie handling and specify browser activity for first-party cookies and exterior ones. It is also recommended to allow switch on session cookies – they are stored only for a session time.
Mozilla FireFox
The settings for FireFox are little bit differ. You can allow or disallow cookies. You can allow receiving of cookies only from that site you are browsing (it analogue of exterior cookies blocking system of IE). Besides you can set expire date. That means that after customized duration all information will be automatically deleted. There is special option which deletes cookies files after FireFox window closing. By the way FireFox supports special hotkeys combination which helps you to delete all private information in a matter of seconds. It is Ctrl+Shift+Del.
Online virus and spyware scanners are applications which are downloaded only for one session. That means that after system checking they delete themselves). Usually such applications don’t need installation and don’t need a lot of free hard disk space. Frankly speaking online antivirus scanners are not assured way to protect your computer from online and virus thread. Nevertheless they can be useful. It is obvious that virus and security scanners are different. Not only user interface are different but also scanning method. This fact means that one antivirus application is able to find harmful application which can’t be detected by other antivirus applications. So if you have antivirus software of one producer it can be useful to check you system using other one. Here are some online security scanners:
Kaspersky Online Virus Scanner
It is rather interesting application because it is able not only to scan your computer for harmful applications but also to test security level in full. It shows you vulnerabilities of you systems and gives advices to fix them. If you are not very experienced user this application is for you.
Panda ActiveScan
It disinfects you computer for viruses, worms and Trojans. After pressing button you have to download 8 Mb file. Supports Panda TruPrevent scanner technology.
F-Secure Online Virus Scanner
This free service is used to find out if your computer is infected, and disinfect your computer if needed. It will automatically download the necessary components and virus databases. The size of the downloaded package is about 30 Mb.
Symantec Security Check
The main advantage of this application is simple interface. It runs rather slowly but reports you about vulnerabilities of you system.
Here is description of the most widespread kinds of trojan applications.
Mail Senders
This is the most widespread group. The most of them send passwords to their owners. Here are some examples: Trojan-PSW.Win32.QQPass.du (Chinese trojan, steals Windows passwords), Bandra.BOK (it is downloaded during visit of specific site and steals passwords of bank account), Bancos.LU (saves passwords as temporary files and sends them to remote owner), Banker.XP (collects personal information, passwords, accounts and sends them to customized address).
Remote control applications
Such applications usually have opportunities of mail senders in combination with functions of remote computer control. Trojans of this type wait for connection on the client side and send commands to server. Examples: Backdor.Win32.Whisper.a – is a trojan which gives an opportunity to control remote computer. Famous Back Office which was created by Cult of Dead Cow hackers group. This application gives an opportunity to control remote computer, to access all hard drives, to get online picture of screen, to hear and to look after user by means of microphone and web camera.
Dialers
This kind of applications is not widespread today because of spreading of more present day technology but it is still dangerous. Such application can cause financial expenditure. Dealers change provider’s phone number and make a call to exotic countries. Examples: Trojan- PSW.Win32.DUT, Trojan-PSW.Win32.Delf.gj, not-a-virus:PSWTool.Win32.DialUpPaper, not-a-virus:PornWare.Dialer.RTSMini.
Keyloggers
This kind of applications also includes functions of mail senders. They are able to track keystrokes and send this information to malevolent user. Examples: Backdoor.Win32.Assasin.20, Backdoor.Win32.Assasin.20.n, Backdoor.Win32.BadBoy, Backdoor.Win32.Bancodor.d (keylogger.trojan).
DDos emulators (Distributed Denial of Service)
It is very interesting type of trojan applications. Server side application is waiting for a signal and after getting it begins working as nuker (such applications send gust of data packages to customized IP)
Downloaders
This trojans download files from global network without user’s knowledge. This files can be either adult pages or harmful software. Example: Trojan-Downloader.Win32.Agent.fk (It creates %Program Files%\Archive folder and copies itself to it)
Droppers
The aim of such applications is concealed installation of other trojans. Example: Trojan-Dropper.Win32.Agent.vw.
A lot of users believe that trojans are the same as viruses. It isn’t true. In contrast to them trojans don’t break operating system and format hard drives. They seem to be peaceful. But it also isn’t true. The sphere of their interests is private information theft. Trojan application usually consists of client application and server. Server part is usually situated on the user computer and client application on the side of owner who created or modified this trojan. The connection between this two parts is realized through some open port. Usually they use TCP/IP protocol but some of them also use ICMP, UDP and other. Trojans are mask and often look like harmless files with such extensions as GIF, HTM and etc. There are some kinds of trojans:
Spy applications (example: Mail Sender)
Remote control applications (example: BackDoor)
Keyloggers
DDos attack emulators
Dialers
Downloaders
Proxy servers
Destructive trojan applications (example: FlashKiller)
In the near future we will describe them in detail.
Computer can not be infected by viruses if user doesn’t open any files or emails.
Some years ago it was true. But today some viruses use more than one method of attack. They find the joint in the armour of different software such as Windows and Internet Explorer. Such viruses find new victims in the global network on their own.
To protect your computer the only thing you need is to install antivirus software.
To detect new viruses your antivirus software has to have their signatures. So you need to update it routinely. But this fact doesn’t guarantee perfect security. To reduce threat you have to install firewall and special software to detect spy applications.
Emails from well known addressee are safe.
It is not truth! The most of email viruses use address books of their victims.
I don’t keep my private information on my computer so it isn’t of interest of spy applications.
The most of spy applications collect not only private information (such as passwords and credit card numbers) but information about users’ actions. All sites you visit and all clicks are registered. This information can be used for different purposes for example context ads. Such applications use system sources and slow down computer performance.