You’ll find this article on the USA Today website very interesting and educational.

http://tinyurl.com/5olver

Then take a look at the blog post I wrote back in November.
http://www.cultivatedweb.com/blog/category/online-security

It’s about rootkits and provides links to some of the preventive measures and tools you can use. Here’s what I’m using on my PC now.

Signature Based AntiVirus: BitDefender
http://www.bitdefender.com/PRODUCT-2216-en–BitDefender-Antivirus-2009.html

Behavior Based AntiVirus: Threatfire
http://www.threatfire.com/

COMODO Firewall
This is a great firewall. It monitors inbound and outbound network traffic, unlike the firewall in Windows that I’ve read only blocks inbound traffic. Think about it. If you get a virus that tries to phone home, the Windows firewall may not stop it or notify you of it. Firewalls must monitor outbound traffic too. But COMODO is almost too good. it also monitors program behavior. I get a lot of warnings about legitimate programs creating files, trying to launch another program, or accessing memory. Maybe I just have not configured it adequately yet. I suggest you may want to consider a less technically demanding firewall. Take a look at the firewalls reviewed at Top Ten Reviews and see what’s available for free at Download.com.
http://personalfirewall.comodo.com/download_firewall.html

As I mentioned, keeping ALL your software updated is an important step to thwart malicious software. I use Secunia Personal Software Inspector.
http://secunia.com/vulnerability_scanning/personal/

I’m also running a program from TrendMicro to detect bots like the Conficker virus that’s been in the news. It’s called RUBotted.  Still in beta and free but has not caused problems. Although, it does seem to be giving me a false positive on the 404 error pages (the page that you see when a page doesn’t exist) from sites hosted with IX Web Hosting. I’m working through the problem with IX and TrendMicro.
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

Read a review here:
http://blogs.zdnet.com/security/?p=802

Finally, read this series of pages on “Ten free security utilities you should already be using”.
http://content.zdnet.com/2346-12691_22-95490.html

This is a ton if info so take your time to work through it and be a responsible internet computer user. The fact that I’m still using these programs after about 6 months and don’t have any problems (as far as I know) is my testimonial and recommendation.

Mitch

If you’ve never heard of rootkits let alone what they are, now is the time to learn. I’ve heard of them before but never really knew how bad they can be. Not only can they hide from many of the most widely used antivirus programs, they can actually start running on your computer before your operating system even starts.

What’s worse is how they get into our computers. Many of the most frequently and widely used programs are the most likely targets of the criminals who spread viruses, spyware, and whatever other kind of program we don’t want, especially the programs that make use of the internet and the web. But why? Why do people make viruses? Do I really need to tell you? They do it for money. And usually their stealing it from our bank accounts and our credit cards. That’s why the bad guys find ways to take advantage of the programs we all use to inject their malware into our computers. And that’s why the responsible software companies figure out how to fix the problems and patch, or update, the software on our PCs. Some of the most common targets are:

• web browsers such as Internet Explorer, Firefox, and Opera, among others
• office software such as Word, Excel, Thunderbird, and many more
• media programs such as Flash, Acrobat, Quicktime, and yes, other.

On top of that, the software that runs on the web servers that deliver the web pages we all love is also at risk of being compromised. Hackers find ways to use parts of the server operating systems (Windows and Linux), blogging software, content management systems, forums, you name it.

What To Do About It

So let me tell you about what “inspired” this post. I recently learned about the Sinowal (also known as Mebroot) trojan rootkit in a couple of articles written by Woody Leonhard on the Windows Secrets website. The first article, “Don’t be a victim of Sinowal, the super-Trojan”, was posted November 20, 2008 and gives a good description of this bugger and how it spreads, infects, and steals your private information, like your bank or credit card account user name and password. Woody’s second article gets down to the business of detecting Sinowal/Mebroot, removing it, and what you can do to minimize your risk of infection.

There are two tools Woody recommends for us to use, F-Secure Backlight and Secunia Personal Software Scanner. Use Backlight to scan your computer to find Sinowal/Mebroot and remove it. Backlight does not need to be installed like many programs. It’s completely self-contained. To run it in XP, just double click it. But in Vista, you need to run Backlight as the Administrator. To do this, righ-click the Backlight icon, and select “Run as Administrator” from the pop-up menu.

Once Backlight is done, use Secunia PSI to inspect the software on your computer to see if it is the most current and secure version available. The advantage of using PSI is that once it finds programs that are vulnurable, you can download and install the updated and secure version with just a few clicks. Without PSI you would have to open every program installed on your computer, check the version, then go to the publisher’s website to see if there’s a more recent version to download and install it. I’ve tried both these programs on my HP Pavilion dv9000 laptop running Windows Vista and was pleased with way they worked. I also ran them on my Windows XP desktop. XP users are the most at risk. Fortunately, Vista seems to be immune for the time being. Backlight and PSI ran just fine on the XP desktop and I was relieved that Backlight did not find any rootkits.

I urge you to read Woody Leonhard’s first article about the Sinowal/Mebroot rootkit for a basic understanding and then look at the second article to better understand how the tools work and how to use them.

Have you ever encountered this kind of problem? If you have, how about leaving a comment to share your experience? Everyone be safer.