In the interest of personal computer security, I have added this page to inform my site
visitors about some extra measures needed to avoid some of the "commercial" spying
done to most of us while surfing the net. This does not include viruses and trojans which we
may receive during opening infected e-mail attachments, but rather the corporate ad-tracking
programs which seek to gain information about us and try to follow our moves on the web. These
companies also embed their software into our computers unbeknownst to us and have it report
details of our web habits back to them.
First of all, if you are trying to avoid the computer viruses going around, never open an
e-mail attachment other than a text or picture-type file (.txt .eml .doc .gif .jpg) etc.
These are generally ok, but strictly avoid those such as .exe , .zip , .vbe and so on, even
if sent from a friend, as they could have had thier e-mail programs compromised by the virus
which sent itself to you from their machine without their knowledge. Try to be sure that any
new software you install on your system is reputable and virus-free. Also, if using newgroups,
beware of clicking on any type of .exe program or a .zip file which contains an .exe file.
Use a virus scanning program such as McAfee on occasion to check your system. Free temporary
versions of McAfee and other virus software may be downloaded at C-NET
In addition to the normal viruses, you can receive "back-door trojans" which make your computer
vulnerable to being used for denial-of-service attacks on other websites and government agencies without your knowledge, and your web address can be traced back to you. When infected with
such a virus, there are people out there continuously scanning web addresses for open ports,
and if you are one of them, you could be unknowingly recruited.
Basically, this page focuses on the commercial trojans and ad-tracking software, but it is
worth the time to get a free firewall to block your open ports against the above as well.
The following is a list of sites which have free software and tests for Windows, which I
assume most of you are using at this point. Write me if you have any questions or need info
for other operating systems.
These are some the sites for getting the free security software and tests:
Gibson Research
Scroll down to the "Shields Up" link and this site will test your shields & probe your ports for vulnerabilites. This site also has many articles & links of interest.
Port re-binding
This is for the more experienced user. Shows how to close your vulnerable Port 139 thru the "My Computer" networking configuration, without a firewall. Be aware though, some programs you install later, or connections you may add will reopen this. So keep testing your shields. If you get a prompt "your network is not complete" say "no". If you log on to Windows when starting the computer (choose password logon), it should say "log on to Windows" not "log on to Microsoft networking", this will give away that your setup has been altered. Also, when downloading some new programs, installing them may alter your network configuration to open up vulnerable ports.
Zone Alarm
Free firewall for windows users, easy to install & runs
automatically. It will ask you to authorize each of your programs to access the Net, and has a pop-up window that shows each time your ports are being scanned (this can be disabled if it gets too annoying). Highly recommended for all. Scroll down to the "free download" link.
Ad-Aware
Free ad spyware removal and disk/registry scan program,
works very well in deleting the ad trojan programs, and once you are confident that you have taken
steps to reduce the incidences of these, you need only run it occasionally. One note though,
I have found that downloading some programs from reputable companies will also install spyware.
For example, to use KaZaA, the music sharing program, you may decline some of the ad-ware upon
installation, but it still requires "Cydoor" to even operate the main program at all. So if
you value this, you will have to set Ad-aware to ignore Cydoor. Also, I found that sometimes
just by logging on to a website, such as the Angelfire login page, it will introduce a commercial trojan such as "Aureate" to your system. And just to be able to log on there, you
will need to briefly accept cookies, so this is hard to bypass. If you don't want this, it's better to use FTP rather than the "user-friendly" web-transfer pages. However, Ad-aware will catch these instances upon re-running it.
Spychecker's "Silencer"
This is a great little program which actually creates a small file on your computer, C:\WINDOWS\HOSTS which has just about all known spyware servers listed, and when these "Ad trojans" try to get info from your computer or put up their banner ads, they cannot do so, as they are redirected to a dead-end wall, rather than back to them.
This is real simple and effective. When you surf the web after installing this, you will see
many sites where the banner ads have become blank (unable to load), and other banners won't
appear at all. Remember you must delete the above file to disable this effect if you choose to
do so. Also check out their home page and "download" page for great info. The Cydoor removal
program is highly recommended too. If you want to check for Cydoor manually, look for:
C:\WINDOWS\SYSTEM\ADCACHE and delete the files there, this will disable it until the next instance it's installed without your knowledge, but not all the components.
Extra info regarding cookie removal:
Also look in the:
C:\WINDOWS\TEMPORARY INTERNET FILES\ top directory, as well as the "Content IE..." and all
the folders below it, to delete the cookies you do not want or need. These will generally NOT
be deleted from this cache by clearing the cache through your browser, and must be done
manually. You can also look under C:\WINDOWS\COOKIES and C:\WINDOWS\PROFILES and look for any
cookie files under the various users ("all users", "default", or others). Keep the ones you
may need, such as if you use "expedia", "amazon", or a particular service you recognize as
among the cookies. Also, turn off cookies in your browser and only allow them on a "prompt-me"
basis when you have trouble logging on to a site you need to visit. In Internet Explorer, this
can be done by choosing "TOOLS" "INTERNET OPTIONS" "SECURITY" "CUSTOM LEVEL", and scrolling
down to cookies, and either "disable" or "prompt". If you do this for Internet Explorer in
the standalone version, these choices will apply to AOL surfing as well. To search for
locations of other cookies try "START" "FIND" and "FILES or FOLDERS" and then type in
" cook* " (without parentheses) in the box, and "FIND NOW". (Use the "START" button on the
lower left of your screen). Copy down the results and then use "Windows Explorer" go to
these locations and delete the ones you do not need. If you delete too many, the only result
will be that some websites will not recognize you at first and you may have to log in again,
without your info having been saved.
Pop-Up Killer
This program closes pop-up windows in their tracks, which are those annoying ad windows which
pop up when you try to visit or leave a page. This program has a sensitivity control, and you can also synchronize your folder with their lists, as well as ignore some pop-ups you do want
to see, and can be temporarily disabled in cases where the site you visit may have a pop-up
form or some feature you may need to use. You can also "blacklist" sites with this, so they
cannot be accessed at all.
Some of you may also become plagued by programs which start automatically when you start your
computer, and usually appear as icons in your system tray (the icons in the bottom right of
your taskbar at the bottom of the screen). While some of these may be desirable, often you
do not need to have them run at startup and automatically log onto their servers and so forth.
Most of these programs can be started manually when and if you need them via their desktop
icon, or in the start menu, and need not consistently be imposing themselves on your system.
To edit and/or stop these, click "START" "RUN" and then type "msconfig" in the box which
appears, via the buttons on the lower left of your screen. Then select "OK" and click on the
"startup" tab. Uncheck all the ones you do not need, and then click "OK". This will take
effect the next time you reboot. If you change your mind about any of them, just go back
and recheck the ones you want to add back. By keying "CTRL"+"ALT"+"DEL" all at the same time
you can see the processes running after startup. All you really need there is "Explorer"
(the basic desktop system),"Rnaapp" (the modem lights if you are online), and "Systray" (the
system tray). The others you do not want can be terminated here as well, on a one-time current basis. Close all your open programs to see the ones which remain as a help key to your "msconfig" choices. In "msconfig", the right side of each entry gives a hint of what type of program is calling these up. If you have a scanner or webcam, for example, you would not want to deselect these, which sense if your unit is plugged in. You may want to disable some of these others though, if you do not want to be connected to these services at boot-up or dial-up: "Scheduling Agent" (a Windows task-scheduler), "MSMSGS" (Microsoft Networking) "Yahoo!Pager", "MirabilisICQ", "Buddyizer", "LoadQM", etc., most of which are all programs which give away your presence online, unless you are an avid user of these networks. You should keep, though, these system functions: "Scan Registry", "LoadPowerProfile", "Task Monitor", & "System Tray", as well as the functions relating to
your virus software, firewall, etc., if you desire these functions at startup.
Good luck with all of this, and happy surfing...
I hope this has been helpful, and thanks for stopping by. Please send feedback or other info
you would like to see added here...