Wednesday, December 10, 2008

Winrot, Ubuntu and Peripherals

Chalk it up to proprietary software, or call it a case of Winrot: I've been running my XP system for two years now, and with the constant updates it is rapidly filling up my hard drive. I was able to attach a Canon LIDE-certified scanner, by downloading the driver, however installing my other peripherals has been more difficult.

XP registers my Epson 870 printer, and I have been able to download and install the driver. The paper cycles through, the print heads move, but nothing is printed on the paper. I also used the installer CD with worse luck. The driver on the CD fails with a "communication error." I would love to spend hours troubleshooting this printer, but I do not have the time.

The solution: I plugged it into by Ubuntu Linux machine which instantly recognized the printer, and installed the Gutenprint adapter for the 870. I immediately began printing in vivid color!

XP registers my digital camera, and I installed the accompanying software from the CD. Does it transfer photos? No. It fails every time, with no explanation. USB again, however my USB thumb drive and Zip drive work just fine!

The solution: I plugged the camera into Ubuntu, which pulled up a download interface and began copying my photos on command. No need to download or install software.

So why I am I still using XP? It's got support for Adobe Shockwave, but that may be about all it's got going for it. The user interface is good in XP, but I'm tired of the Genuine Advantage program updates. After hearing the horror stories, I shudder every time it installs and runs the Genuine Advantage tester. I know my product key is legit, and I have the original CD, but I feel like I am at the mercy of Microsoft. Of course Genuine Advantage needs to talk to Microsoft Corporation, open a port in the firewall immediately!

Sunday, August 10, 2008

XP Update breaks ZoneLabs

A recent Windows XP update (KB951748) caused an internet lockout for Zone Alarm users. I often install ZoneAlarm for my clients with ongoing security issues because it allows them to see incoming and outgoing traffic messages. This can be very informative for users, helping them to understand how many times their computer is connecting to the internet, and where it is reporting. Although the Windows XP firewall is equally robust, it tends to remain invisible to the user, and they may not even be aware if it is on or off.

Of course, the simplest solution to this problem was to activate the XP firewall, and deactivate ZoneAlarm. Thanks Microsoft! ZoneLabs counseled users to turn their Zone security settings from high to medium. ZoneLabs has released an update for Zone Alarm which will fix the problem.

Wednesday, January 16, 2008

Diagnosing Spyware

Are you wondering whether your computer is infected with spyware? I am a spyware detective, and I deal with many infected machines. I have seen everything from malware to rootkits. I have grave concerns about future developments in software for criminal use.

Over the last two weeks I have serviced two computers that were riddled with viruses and spyware. Guess what? Both were running up-to-date antivirus software, one ran Norton 360, and one ran McAfee. The clients claimed not to have run e-mail attachments, or any unknown executables, although I have my doubts.

Neither McAfee nor Norton could detect the problems on their own systems, however the users reported problems connecting to the internet and browsing websites, and one could not access his control panels (they disappeared from the XP start menu!).

I run a triad of detection tools that I have found to be most effective: Lavasoft's AdAware, Spybot Search and Destroy, and AVG antivirus. AVG antivirus is very effective at rooting out problem viruses and even spyware that Norton and McAfee do not seem to detect. I had to run the tools repeatedly, because on both machines the active spyware was able to hide itself during initial scans, until I had disabled components of it, and restarted - of course it's best to go through the startup items, and disable any obvious spyware first!). After three cycles of all three detection tools, I had uncovered dozens of problems on the machines and corrected them.

The XP system running Norton was badly damaged. Norton's program structure had been disabled, and could not be uninstalled. Symantec does provide a Norton removal tool, but even that did not remove Norton completely. I chose not to reinstall it, because of its ongoing issues, and selected AVG antivirus (free for home users) instead. Although the Control Panels reappeared, there were damaged functions that required a full system restore. The user opted to purchase a new computer instead! Thanks a lot malware...

The McAfee machine is functioning normally, after the removal of one virus and several malware and spyware components.

The Norton machine had another symptom: The LMHOSTS file had been altered to prevent Norton from updating, and to prevent access to various spyware removal websites. That's a sure sign that a system is compromised.

I typically notice high CPU usage on seriously compromised machines, and high transmit rates when I am not browsing the internet. These would be other giveaways. If you are familiar with the XP system registry, check what is starting up. Some startup items only manifest in the registry! A malware process often has a unique registry entry.

Good luck with the malware investigation! If folks have to buy a new computer because of malware, that's a benefit for computer and OS manufacturers, but a huge burden on society. Of course, I always hint that users could switch to Linux!

Try installing Zone Alarm's free firewall as well, and deactivate the Windows firewall to test with Zone Alarm. You may see the names of program components as they try to register to communicate over the internet.

Good luck...spyware begone!