Article

2004-08-25 Home Front: Tech

Major internet disruption scheduled for August 26th?

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by Lux 2004-08-25 7:58:06 PM|| || Front Page|| [2 views since 2007-05-07] Top

#1 HMMMM. This afternoon a program called "distributed COM services" tried to turn my computer into a server. The firewall stopped it and it's now blocked. I hope all you folks with broadband internet service have a firewall to control access to the internet. Dot com what's the best course of action if someone suspects they have been hijacked by these scum?
Please remind us whether MS operating systems can prevent such access to the internet.

Posted by GK 2004-08-25 8:13:08 PM|| 2004-08-25 8:13:08 PM|| Front Page Top

#2 Well, if you're running Windows and using IE here's the key bit to set. The first 3 ActiveX settings under Security Tab / Internet Zone - as you can see in the image.

Beyond that - you Firefox guys will have to talk about any loopholes it may have, if any.

Everyone should be using a firewall that controls what can access the Internet. Even if you get some piece of shit app on your machine, you can shut off its access to the outside world with a configurable firewall. Getting it OFF your machine, may be a different matter - and one that's so specific that I can offer no generic answer.

Get AdAware, at the least, and use it to clean off the tracking cookies and such. Try Spybot to remove the shit that tries to report your cookies to its master - out there. Again, the firewall can stop if even if you get bitten. I've only seen ONE varmint that couldn't be removed - and it depends upon you allowing unsigned and unsafe ActiveX stuff to execute on the machine - which is prevented by the settings in the image file.

Also, versions of Server and XP Pro should shut down services that allow external control of your machine and / or ability to change machine policy settings. I will NOT get specific because I am not anyone's security consultant, nor am I fishing to be. Go to the MS KnowledgeBase and seek for yourself. Sorry. If you start playing with Services settings - make note of everything you touch BEFORE you touch it so you can undo it when it turns out to be a mistake, lol!

So make sure your settings are fixed as shown.

If there are any real MS Gurus out there who wish to correct or expand, plz do - I don't feel particularly comfortable being an MS spokesman and security expert - I only know what I know, and that's far short of everything. I use all sort of stuff, not just MS, BTW, so I'm not promoting them - I just happen to use Windows and IE at the moment.

Posted by .com 2004-08-25 9:03:36 PM|| 2004-08-25 9:03:36 PM|| Front Page Top

#3 If you think your machine has been hijacked:

First formost and immediately:

DISCONNECT YOUR INTERNET CONNECTION TO YOUR PC!

And do not hook it back up until that PC is disinfected and protected.

2) if you have to ask here what to do, you are better off taking your compromised computer to Microcenter or CompUSA (Or dell, etc) and getting them to fix it.

3a) If you dont have any data that you care about, use the recovery CD that your computer came with from Dell/Compaq/etc. Or else get our that install CD that you used to put Windows on the box BOOT FROM THE CD! and reinstall the operating system, and be sure to format the hard drive as part of this process.

3b) If you have data you want preserved, and you are nto technologically proficient, see step 2.

4) If you are on broadband, get a hardware firewall/router and have the people at the computer store set it up for you. Be sure before you get your computer back online that you have a) Antivirus installed and up to date, b) a personal firewall installed, c) have the tech folks help you turn off all the unneeded bells and whistles, and d) get them to install a NON_microsoft email packages and a NON-miscrosoft browser. Eudora is great for the former, and Mozialla's "Firefox" browser is fantastic for the latter.

At this point, the only place your machine should ever be hooked up is behind a firewall/router, and you shoudl update the spyware-scanner/remover and anti-virus software at least every 7 days. Be sure to keep up wiht microsoft patches as well - but do them AFTER you have all your security software up to date.

Or you could do what I do, and run Linux for everything except playing computer games. :-)

Posted by OldSpook 2004-08-25 9:11:22 PM|| 2004-08-25 9:11:22 PM|| Front Page Top

#4 "...a strike against political and financial sites was expected on Thursday."
Heard somebody was gonna post the URLs on Slashdot. :-)

Posted by Old Grouch 2004-08-25 10:28:56 PM|| 2004-08-25 10:28:56 PM|| Front Page Top

#5 Thanks, .com for reminding me to run AdAware and Spybot. Haven't run them in couple of weeks and Spybot caught something and cleared it. I also run Aladdin's InternetCleanup every night before I go beddy bye. That program allows me to clear selected cache, cookies, history, X controls and plug-ins plus some other stuff.

Thanks again, I wasn't trying to rope you in to consulting, but yours and OS suggestions may help someone through the next internet attack.

Posted by GK 2004-08-25 11:29:27 PM|| 2004-08-25 11:29:27 PM|| Front Page Top

04:59 Sock Puppet of Doom
03:24 trailing wife
01:51 Asedwich
00:25 Super Hose
00:22 CrazyFool
00:21 Lucky
00:12 Lucky
00:06 Lucky
23:43 GreatestJeneration
23:40 .com
23:36 True German Ally
23:34 Halfass Pete
23:32 .com
23:29 GK
23:26 Anonymoose
23:25 Fred
23:08 GreatestJeneration
23:06 Steve White
23:06 ed
23:00 Darth VAda
22:55 Yank
22:54 .Abu Billy
22:51 True German Ally
22:47 .Abu Billy