What's a Conficker?

What is the Conficker Worm?

Conficker (also known as Downup, Downadup, and Kido) is a worm that has been spreading across the Internet since around October of 2008, of course, this is just an approximation, and the actual origin is not known for certain. Conficker specifically targets the Windows operating system (Windows 2000 Pro, XP home, XP Pro, XP Media Center Edition, Windows Vista, Windows Server 2003, Windows Server 2008). It spreads via malicious web sites, emails, and sharing infected files via P2P software.

What does Conficker do?

As of now, all that is has done is install itself, break your antivirus software, and modify some system files to make itself very hard to remove. It is also likely that if you got the Conficker Worm, you got other malware as well that causes the common symptoms (pop ups, slowness, etc). In addition, it creates false URLs in order to spread it self, and also downloads more malware to your system.

The big concern with this worm is that is has spread so much. Current estimates indicate that it could be installed on as many as 15 Million computers world wide. Now, if it stay dormant and does nothing, that's not that big of a deal, but experts don't think that it is going to stay dormant. Analysts who have looked into the worm believe that on April 1st, 2009 (tomorrow) the worm is programmed to "phone home" and update it self with new instructions, and that is a major concern.

The potential for a worm like this is massive, and the update could make the worm do anything from delete files, download more malware, turn your computer into a spam bot (a computer that sends out massive amounts of spam) or all the infected computers could be combined to form a massive botnet, which would be leased to the highest bidder.

A bot net, is a network of computers, usually lots of home systems spread across the world, that are controlled as a single unit and used to either send out massive amounts of spam, or to DDoS targets. If used as a botnet and the target is a bank, a utility company, or even a few large organizations the results could be crippling. If they target ISPs, the Internet could come to a crawl, if they target a company, they could lose massive amounts of business.

The problem is, at this point, we don't really know what will happen, and that is scary. But not to worry, we are not helpless.

Symptoms of Conficker:

• Users being locked out of directories
• Access to admin shares denied
• Scheduled tasks being created
• Access to security related web sites is blocked.

How to stop Conficker:

This worm uses a known exploit in Windows that Microsoft has patched a long time ago. The problem is, many people don't update their computers, so the fix is never installed. So the first step is to update your computer.

1. Go to update.microsoft.com and install all of the latest updates for your computer. Once they are installed, reboot your computer, and go back and run the updates again. Keep doing this until no more updates show as needing to be installed.
2. Update your anti virus software. Open up the software and run the automatic update. If your subscription is expired, either renew it right now, or uninstall it, and download and install a free anti virus like AVG
3. After the updates, run a full system scan, and delete any threats that have been found.
4. Restart your computer, and run the full system scan again.
5. You can also use an online scanner like Trend Micro's Housecall,  Symantec's Removal Tool, or
Microsoft's Malicious Software Removal Tool

For more information about the Conficker Worm See the following:

Microsoft Malware Protection Center

Microsoft Help and Support

McAfee Conficker Information Page

Symantec's Conficker Information Page

Bookmark this post:

A Response To "Why Can't Windows Shutdown Properly"

An article written by Larry Magid and posted on CNET today complains about a problem with the Windows Operating system  taking too long to shutdown and start up. And while I agree that there are times Windows moves too slowly, I also have to point out that the reason is rarely Windows.

The first thing you have to understand is what actually happens when Windows is shutdown. If the only thing installed on a computer is the Windows Operating system, then all that needs to happen for the computer to shutdown is:

1. Anything in RAM that will be needed later is written to the hard drive.
2. All open files are closed
3. All Services required to run the computer are stopped
4. Power to the hardware is stopped and the computer is now shutdown.

This process doesn't change very much even after other software is installed, but what does change is what files need to be closed, what need to be written to the hard drive, and what services need to be stopped. This is where the problem comes in.

Think about what is running on your computer right now, you probably think "oh...just my Internet browser", and chances are, you are probably wrong (at least, you should be wrong)

On a typical computer the following types of software are installed, and at least a portion of them are running in the background (i.e. they aren't being actively used by the user)

1. Antivirus software - this is a good thing by the way.
2. Instant messaging software (I have 2 different IM services running, 1 for work, 1 for personal use)
3. File indexing software (things like Microsoft Desktop Search or Google Desktop)
4. Quicktime/iTunes services
5. Software update services (used to update various pieces of software installed, and there can be several services depending on the software)
6. Viruses (most computers I work on have AT LEAST 1 piece of Malware or a virus)

So when you shutdown a computer, Windows must go through each one of these and stop them from running, when they are told to stop, they all go through their own processes to store data, close files, and end services. If there is a problem with the software, it may hang, and you will see that wonderful "Program not responding" error. This happens frequently when several things are trying to close at once because they are trying to access similar resources. If any of these programs have trouble closing, Widows can't shutdown.

So why can't Windows just force a program closed and move on? Well, it is because if Windows just started forcing applications close, files that are being written to, or things that have not been saved yet can become corrupt or deleted, and that would cause even more problems.

Windows being slow to start is caused by the exact same thing. All of that stuff you have auto starting can cause problems, and many of the hang ups experienced are caused by other programs not starting properly.

The number 1 cause of these slowdowns are viruses and malware. Most software like this is not written to be efficient, they don't take standard coding 'rules' into account and are very rarely thoroughly tested. Because of this, they cause all kinds of problems, and the authors don't have to answer to anyone since the software shouldn't be installed in the first place. Pirated software that has been tampered with is also a major cause of these kinds of errors, as well as running software when your computer does not meet the required hardware specifications. Now, this isn't to say that Windows is always perfect, because it is not, but considering how universally used it is and how much different software can run on it, it is almost impossible to make sure it is 100% perfect all the time.

Oh...and if you are thinking about comparing it to a Mac, please think about the total combinations of hardware/software available to work on a computer running Windows, and what's available for your Mac. There is no comparison, and because of that, you cant fairy compare the problems they have.

Bookmark this post:

Writing an Effective Email

Email communications are a big part of most peoples day to day lives. I use email to keep in touch with friends and family, to get updates on things I am interested in, and of course, as my primary form of communications.

On any given day, I will receive between 100-150 legitimate emails; and by legitimate, I mean I need to at least look at them to see what is going on, of those, I actually read about 40-50 in full because I really don't have the time (or need) to read through every single one in its entirety. I am able to go through a lot of the emails because they are well written and formatted. If an email is properly written, I am able to easily determine if the email is meant for me, if I need to reply to the email, and am able to get the info I need quickly. So lets talk about how an email should be composed, we will start from top to bottom.

Determine who is going to receive the email:

To: - The 'To' field should only be used for people who the email is directed at, and who you may want a response of some type from. If you want others to get the email as an 'FYI' don't put them in the 'To' section.

CC: - CC stands for Carbon Copy, and that is exactly what this field is for. You add people to the CC section because while the email is not directed at them, you do want them to have a copy. Many times I will CC my boss or others who need to be kept in the loop on an issue, but don't actually need to reply to an email. They will get the email and have the information they need if asked about it, but really don't need to read it typically.

BCC: - BCC should be used for 1 thing, and 1 thing only. To hide who you are sending a message to. This is a helpful feature when sending out company or department wide emails because it prevents people from replying to everyone by accident (or on purpose), or can be used to send a copy of emails to superiors, or departments like HR or Legal if they need to be aware of an issue, but you don't want to let the recipient know.

The Subject Line:

Every single email you send should have a subject line, no excuses no exceptions. Subject lines give the person who receives the email an idea of what the message contains,it makes it easier to follow conversations via email that include multiple people, and makes it easier to find the email later when searching for it.

You Subject should be brief, and contain the primary topic of the email. I personally hate subjects like "a question" or "hey..." when I get them at work. Those are fine for emails between friends etc, but if you are emailing a client, or a business, don't use those. I also dislike subjects that are the start of a sentence then continue in the email, like "I was thinking about that car...." and then the body starts "...and it looks like a good deal". The subject is fine, but the body needs to be able to stand on its own.

Email body:

While everything above is very important, it is mostly just used for organizational purposes. The body of the email is where the meat is.

Your email should be well written, clean, and concise. If it is in a work environment, it should be treated as semi-formal (formal if to clients, or is a serious topic) writing. This means punctuation and grammar should be correct, thoughts should be complete, and the tone should be professional. Anything less than this makes it harder to read and hard to understand. An important thing to remember when writing an email is that meaning of things can be misinterpreted if not made clear. When talking to someone, you have things like tone and body language to help get your point across, you don't have that in email. Sarcasm is harder to detect, as are small jokes about things, so be careful, as a few poorly chosen words can turn something funny into something offensive.

Attachments:

Name attachments appropriately. Like any file, there should be a descriptive name to indicate what it is. Scanned documents typically have a generic letter/number combination as their name. Do the recipient a favor and rename it for them so they know what it is. Also, don't attach things that don't need to be attached. I have gotten emails from people that are word documents as attachments, with the only thing in the body saying "See Attachment". While this is ok sometimes, it usually isn't. Attachments should be in addition to the info you are providing.

Also, use common formats for attachments. If a document doesn't need to be edited by the recipient, send it as a PDF so they can open it on any computer they want instead of only opening it on one with your word editor installed. Images should be JPEG of GIF files when possible as they are highly compressed and can be opened in just about all software (this can always be done since sometimes the higher quality of TIFF or RAW images are needed).

Bookmark this post:

The Ultimate Steal Is Back

A lot of people like to hate on Microsoft, but they do a lot of good, especially when it comes to helping students. Right now, you can get Microsoft Office 2007 Ultimate Edition, which usually sells for over $600.00 for only $59.99 through a program called The Ultimate Steal, which is put on by Microsoft. The only stipulations to the program are that you must be a student, and you much have an email address ending in .edu.Other than that, this is a completely legit deal, so if you need MS office, and you are a student, there is no better choice.

 

Bookmark this post:

NIN|JA 2009

2 of my favorite bands, Nine Inch Nails and Jane’s Addiction, along with Street Sweepers have released a free for download compilation album as a preview to the up coming NIN|JA 2009 Tour.

 

Stream it to your computer, or download the Album for free at www.ninja2009.com

Bookmark this post:

When Life Gives You Lemons...

When you are busy, that 30 seconds your computer takes to do something can seem like an eternity, and for anyone who uses Gmail, the wait from when you click send, to when you can do anything else seems like forever...even though in reality, its only a few seconds.

So Google, being the totally awesome company they are have decided to do something with that 5 seconds. They have added a new feature (currently available in Google Labs) which allows you to stop a message from sending. It has happened to all of us, you click send, and you realized that you had selected Reply All instead of reply, or that there is a glaring mistake that you had missed, now you can stop the message from being sent!

To activate the feature, log into Gmail --> Go to Settings --> Labs and scroll down until you see the "Undo Send" feature. Choose Enable, and save your settings.

 

Now, when you send a message, you will see a message along the top that gives you the option to undo the sending.

 

But you have to be quick, the message is only there for a few seconds. If you do click undo, it takes you back to the message edit screen, and you can discard the message completely, add/remove recipients, or alter the message.

 

I know ill be leaving the feature turned on. I do my best to not make mistakes, but if I have to wait the 5 seconds anyway, I may as well add a benefit to it.

Bookmark this post:

This Email Confirms You Don't Want Email...

Yesterday JC Penny was having a sale on some decent Santoku Knives, so I decided to check it out and pick a set up for my girlfriend and I. During the sign up, I was asked if I wanted to receive promotional email from JC Penny, and of course, I said NO!

Not 60 seconds later, I get this in my mailbox

 

The first part of the email says:

"While registering as a shopper with jcpenney.com, you chose not to receive our promotional Email. This is being sent to confirm that **********@gmail.com will not receive Email from jcpenney.com."

They sent me an email, to confirm that I told them that I didn't want to receive emails from them. Of course, the email also includes a link that allows me to opt into getting emails, you know, in case I change my mind.

Now, I understand sending an email confirmation if I have previously been receiving things from a business, and then I unsubscribe, but this is not the case. I was a brand new customer, who said right from the start that I do not want email from you, I had to change the selection to "do not want" as the default is opting you into getting these messages.

And to top it off...the knives I wanted we sold out by the time I added them to my cart. What a waste. This is why I set up junk email accounts, so when I register for something that I deem unimportant, its not big deal when they send me crap after I tell them not to.

Bookmark this post:

Guest Blogging: 5 Rules For Life

Check out my 5 Rules For Life on the Five Rules for Life Blog.

Bookmark this post:

Your Digital Legacy

In a world where protecting your online identity is as important as protecting your credit cards, car titles, and home deeds, it only makes sense that if something happens to you, there is someone you trust to take care of it. 

A company called Legacy Locker has now made that task a little easier. According to their website Legacy Locker is

"a safe, secure repository for your digital property that lets you grant access to online assets for friends and loved ones in the event of death or disability."

Essentially, legacy locker gives you a place to store all of the information that makes up your online identity. Email account information, online banking usernames and passwords, online bill pay and stock trade account information. In addition to providing a secure and easily accessible place to store all of this information, they allow you to select a beneficiary (or multiple beneficiaries) and in the event something happens to you, the information will be released to them. This can potentially save your family days, if not weeks of grief while trying to hunt down this information.

I love this idea...but am hesitant. Not only are you putting all the information necessary to access your online life in a single place, but you are putting it in place that really has no reputation, and this for me is a major concern. Now, there are security risks any time you are storing valuable information anywhere, so to mitigate these risks, people spread their information around, but this means more time spend managing information.

 

The Bad:

1.  No real reputation: While founder Jeremy Toeman is known in the blogging and marketing world, he is not a security expert, nor is he an expert in estate management.
2. All of your information is in one place: Never put all your eggs in one basket. Not only does it increase the risk of loss if there is a breach, it also increases the chance of a breach because they are now a high profile target.
3. Website is not up to par: Their website lacks a lot of information, their ToS, Privacy Agreement, and Conditions of use are very cookie cutter, and not specific to the service they provide. In addition, there are A LOT of spelling errors, and other mistakes in terminology which indicates a lack of understanding of the service itself.  If they can't pay a proper copy editor, how can we trust they are paying someone to properly secure their site.

The Good:

1. They make it clear that they will share your information, but only with affiliates who will be working with them on the service you bought, not 3rd party services.
2. They have a proper SSL certificate in place through thawte, inc. Who is a trusted source in security
3. They claim to have been audited by both thawte and McAfee.
4. Data is encrypted at a higher level once stored than it is during transmission. Now this may sound bad, but they are using a 256 bit encryption during transmission, which is what banks use. Data is stored with a 512 bit encryption on the server, which is exceptional.
5. It really is a good idea, and with the proper backing and effort it can be a great product.

 

My Opinion:

I think it is too early to pass judgement, especially since the product doesn't go live for another month. I like the idea, and I like that they are working with known security experts. I am however highly skeptical of storing so much information in one place, especially online. I wont be one of the first to sign up, but I will be keeping an eye on this product.

Bookmark this post:

The Happy Computer Checklist

Computers are great tools and awesome toys. They do the work of thousands of people, allow you access to more information than any single person could ever need and let you play awesome games. And after all this, many people still treat them like crap, and its time we put a stop to it. A happy computer, is a great computer, and a computer you will love to use.

The key to a happy computer is maintenance! you clean up your house, you clean your car, you clean you favorite sun glasses, why wouldn't you clean your computer?

To keep your computer running like a champ, I recommend the following:

 

• Anti-virus software - This is a must. AV software comes in all shapes and sizes, and in all price ranges, find one that fits your needs and get it. I use the free version of AVG on my home computer, and my company manages over 1200 desktops and servers that use the paid for version. The software is clean and easy to use.
  
• Updates - Many updates that are released resolve bugs found in software. Bugs in software usually mean less efficient software, so keeping all of your software and hardware drivers up to date, will help keep your computer running smoothly. To update Microsoft products, you can use the built in update tool, most other software also comes with an update tool, but if they don't, just check the manufactures website from time to time.
  
• Elbow Grease - Once every few months, it is a good idea to look at what you have on your computer and get rid of what you don't need. Uninstall software you don't use, archive documents or photos you don't really access anymore to an external drive or DVD. This will keep hard drive space free, and that means faster responses when your computer is looking for other data.
  
• General Clean Up Tool -  With everyday use, computers are bound to get tons of files that really aren't needed. Temp files from viewing websites, residual files from software that you uninstalled, and numerous other things. And while Windows comes with tools built in to get rid of them, there are better solutions out there. I like to use a tool called CCleaner. CCleaner will remove all of the junk that gets on your computer during day to day use, and it will do it in a easy to use way. And best of all? IT IS FREE. I like to run a tool like ccleaner about once a month, you can do it more frequently, but once a month is what I find to be a good balance.
  
• Disk Defragmenter - When you save data to a hard drive, it will search for the first open space available to write that data. As you write more and delete more, the free space becomes scattered around (fragmented). When drives become fragmented, your computer starts running slower because it takes the computer longer to find what it is looking for. Windows comes with a disk defragmenter tool, and it will get the job done. For more advanced users, you can use a tool like Defraggler (free and made by the same people as CCleaner). You should run disk defragmenter each time you do any major clean up (like running ccleaner or manual clean ups like the ones listed above)

If you do these things, your computer will be happy for a long time. I've seen way too many people throw out perfectly good computers because they were "running slow" and had they followed the above, they could have saved themselves some money.

And as an added bonus, doing the above also helps keep your computer secure!

Bookmark this post:

Deleted a file by mistake?

At one time or another, everyone has mistakenly deleted a file from their computer, or deleted a picture from the memory card of their  camera thinking that they had another copy or that they no longer needed it. And while many of these files end up in the recovery bin and are easy to get back, sometimes you need something just a little better. Pirform, Ltd, the makers of awesome software such as CCleaner, has released a new piece of data recovery software called Recuva.

Recuva was released a few months back, but up until about an hour ago, I had yet to try it. Yes, even I delete things by mistake....but that's not what happened tonight. It was a nice quiet night, and my phone rang... an emergency call from a client. She was trying to move some files from a thumb drive to her desktop, but along the way, the files were deleted. What better time to try a new piece of software then in a crisis?

Recuva worked like a champ. I downloaded and installed it in less than 2 minutes. Then with an incredibly clean and simple interface, I was able to select the location that the files were originally located, the types of files I was looking for and where I wanted to recover the files to.

A minute later, I had a folder full of recovered files. My client is happy, I am happy, and my future clients will be happy because we now have a new tool to help them when mistakes happen.

So the next time you accidentally delete an important folder or file, give it a try, it worked for me.

Bookmark this post:

*FREE* Achieving Information Security *FREE*

Hey everyone,

I put together a white paper entitled "Achieving Information Security". Is is a compilation/rework of a series of blog posts I had done that got some good feed back.

It is now free for download, so check it out.

Feel free to pass it along to friends, colleagues, and whoever else you want, and as always, feed back is always welcome, just use the contact me link.

Bookmark this post:

New Ways To Get Your ThinkSmarter Fix...

Over the last few months, I have been putting together great ways for readers to keep tabs on ThinkSmarter.

You can now:

Subscribe and get emails via email:

Enter your email address:

Delivered by FeedBurner

Subscribe using your favorite RSS tool

Subscribe in a reader

And most recently, you can follow ThinkSmarter on Twitter!

I will also being trying to update twitter through out the day if i have any small interesting things to say, so check it out!

Bookmark this post:

Jamming Cell Phones

In the United States it is illegal for anyone other than the federal government to interfere with licenses radio communications, this includes cell phones. But with cell phones being more popular than they ever have been, many businesses are trying to change this rule.

Many people think that cell phones should be jammed in places like schools, hospitals, libraries, movie theaters, and restaurants because of the potential to disturb others. The biggest argument against this type of action is that in the event of an emergency, a call cannot be made out, and no calls can come in. I believe this is a reasonable argument.

Personally, I think that individuals should be responsible and have some common decency. If you are in a place like a theater, library, or basically any other place where a sudden ring would cause an interruption, then put your phone on silent, and obviously don't talk on your phone. Unfortunately, many people don't seem to get this.

This is very different then people talking loudly in public places, while it can be incredibly annoying to hear a guy 20 feet away screaming into his cell phone, it is out in the open, I am not paying to be there, and I can move 10 more feet away without really being put out any. But in an enclosed place, where I am paying for an experience, I expect others would respect that and be courteous, after all, I'm sure they would hate me sitting next to them and talking while they are trying to watch a movie or enjoying a nice dinner.

So do I think anyone outside the federal government be allowed to use jammers? NO.

I responsibly use my phones (I carry up to 3 phones at a time because of work) daily. If I am in the movies, and feel my phone vibrate, I get up and leave so I can see what is going on. I expect everyone else to do the same. I rarely use my phones in public (its hard for me to hear my clients, and for them to hear me), and my phones are on vibrate 99% of the time. I should not be punished because others are irresponsible. The one exception to this is on an air plane. I REFUSE to give my business to any airline which allows people to use their cell phones in the air. I can leave a restaurant if someone is being really annoying, I can leave a movie theater if it gets that bad, but I cant walk off a flight halfway through, and while I am a very controlled individual, I don't think it would take more than an hour of someone talking loudly in an enclosed place before their phone met the business end of my boot.

I am however ok with the federal government  using jammers in emergencies or for security purposes. Id rather not have cell phone service then a bomb explode, and id rather emergency services have all the bandwidth they need then get an email.

 

See PC Worlds Article for more about Jamming cell Phones

Bookmark this post:

Acceptable Usage Polices

An important step in preventing inappropriate use of computer equipment and time at work is to define what types of activities are acceptable. Sure, it may seem like common sense to you and I that browsing MySpace or Facebook at work is not appropriate when you are on the clock, but unless you define the behaviors that are acceptable and unacceptable, you cannot fairly expect the staff to know for sure, nor can you fairly punish them since no rule was technically broken.

A good acceptable usage policy will cover several aspects of computer usage, not just what web sites are ok to visit and which aren't.

Some things you need to remember to cover are:

• What information can and cannot be released to the public
• What permissions must be obtained before releasing any data to media or the public
• Who is authorized to release data
• Who is authorized to speak on behalf of the company
• What type of information can be transferred or discussed via email or instant messenger.
• Policies on employees posting on web forums about the company, or in association with the company.
• Where can company information be stored
• What kind of work can be taken home
• Are USB thumb drives or other external storage devices allowed.
• Policies on changing computer settings
• Policies on personal data on work computers.
• What types of web sites are appropriate
• Acceptable usage of company equipment on personal time.

All of this needs to be discussed, and written out in a way that is easy to understand. If an employee is not told what they can and cannot do, especially when it comes to things like releasing data to the public, or speaking on behalf of the company, it can lead to mistakenly releasing information, which can lead to much bigger problems.

• In addition to noting what type of behavior is acceptable and not acceptable, try to explain why the rules are in place.
• Why is talking to the media a liability?
• Why is posting on a forum while trying to defend your company dangerous?
• How does this directly affect he employee?

If an employee has a person interest in making sure data stays secure, they are going to be much more cautious about it.

Once the rules are set, you also need to list the consequences of breaking these rules. Consequences may be applied on a case by case basis, as not all violations are equal, but there must be standards and they must apply to everyone equally, or they are useless. Once consequences are in place, they must be enforced. Having consequences in place, but only selectively applying them confuses employees, and makes it look like you are playing favorites, and this will quickly lower the respect your employees have for you.

Bookmark this post: