One of the most frustrating things to watch is the implementation of security measures as I advise clients. I don’t claim to know everything, but my 25 years of experience with computers and my focus on client needs has revealed a diversity of security problems and some unique ways to provide solutions.

Some clients want to implement complex systems and insist on strong security. Other clients want easy end-user experience as a higher priority than security, and are willing to sacrifice security for efficiency for their employees.

I always try to explain the advantages and disadvantages of each decision, but it’s often hard to convey all the “pros and cons” to a busy business owner or CEO.

Still, I insist on full disclosure, and sometimes find myself warning against changing passwords for all users to a single easy to remember code. Sure, there is a trade-off between security and usability, but there is also a suicidal strategy for an organization. What’s at risk? The business data, identities of all employees, and financial disaster for all involved!

Security is necessarily a partnership between all those involved with activities and decisions relating to a business. If the executive leaders of the business are not willing to acknowledge risks and help enforce fundamental security measures, there is little that can be done to secure a business long-term.

It’s a partnership. Each partner must listen and heed the advice of the specialists seeking to provide help to an organization. Decision makers need to listen to and consider the advice of security professionals and weigh that against the needs and demands of workers “in the trenche”. The long-term health of a business is at risk in this dance.

“This page has an unspecified security risk…”

Here is how I disabled the message. (Yes there are other ways to do it, but this is simplest I found.)

Go to Control Panel – Internet Options – Security Tab – Local Intranet – Sites, and uncheck ‘Automatically detect intranet network’. (Kept the three sub-selections checked). Click ok, close the Internet Properties window, and you are done.

Whenever a computer is slow or behaving weird, I check the System Configuration Utility (msconfig), in the Startup tab. Not all malware will be found there, but it’s a good place to start with a quick check. If you see some unknown process there, especially if it has a name that looks like gibberish, it’s likely malware (hey, what’s this ragjv32f4w5t.exe program?

Some insidious malware will intervene in just about anything you are trying to do. When you try to open a browser, you can’t. When you try to start msconfig, you can’t. All you get are FAKE errors about your computer being infected by a virus (false alerts from the malware). The malware is blocking you from even starting a program, so how can you make progress?

Of course, you can try some drastic things like reverting to a previous system save, or you can try to start in safe mode. These are not optimal strategies, however, because (for one reason) they take too much time.

I am a big fan of the Process Explorer from Microsoft (from Mark Russinovich, formerly of Sysinternals). I make sure I place the executable in the System32 folder of every machine that I have to manage. Then I can fire it up whenever needed.

When malware strikes as described above, there is a little trick you can use to launch Process Explorer. If you can manage to locate Process Explorer (procexp.exe), you can move it to the desktop (just to make it easy to work with, or leave it in System32 if you must), then rename it to explorer.exe.

Malware won’t usually interfere with running of explorer executable, and you can then launch the renamed Process Explorer. Ta-dah!

Now with Process Explorer, you can look for offending malware processes, and kill them easily. Look at the paths to instances of malware before you kill the processes, so you can delete the offending files immediately after you stop them from running.

There you go, an insider’s tip for the tough times when you think malware won’t let you do anything!

Of course, it may be hard to implement this tip if you can’t even open a browser, and you don’t already have Process Explorer installed. So be sure to equip ALL machines with this little gem of a troubleshooting tool.

There is a strategy for computer troubleshooting, and tactics to implement. Our overall strategy I call “Divide and Conquer”. Basically this means we will go through a process of evaluation of possibilities and eliminate (or confirm) them one by one. In this step by step process, we want to use two important tactics.

Our first important tactic is to collect data. Sometimes I call this the “Discovery Phase”, because we want to get details about the problem(s) that are arising with the “troubled” computer. Maybe the video output is always black. Maybe a web browser always reports an error connecting to web sites. Maybe there is a recurring error message whenever a specific application is started.

Our next tactic is the “Substitute Known-Good” method. In this method, we have already tentatively identified a likely cause of the observed problem. For the scientifically inclined, we call this an hypothesis. We can often test our hypothesis using a “known-good” piece of hardware.

For example, say a user reports a computer has a blank screen. We can ask if any lights or fans are on, when they try to start the computer. If onsite, I will examine the computer myself and try to start it. Let’s say there is no video output, no lights on the front panel of the computer, and no fans turning inside the case. One thing we can do is test that the computer is actually getting power. Here the hypothesis may be that the computer is not getting power, because there is no power being supplied at the outlet. Let’s say a quick test using a floor lamp reveals that the outlet is supplying power (the lamp lights!). Our first hypothesis is proven wrong.

Since the most common component to fail in a computer is the power supply, our next hypothesis is that the computer’s power supply has failed. This can be tested with the “Substitute Known-Good” method. Simply replace the existing power supply with a new (or at least known-good) power supply, and see if the problem is fixed. If it is, we have proven the truth of our second hypothesis, and the computer’s problem is solved.

In our example we used the “Divide and Conquer” strategy because we collected data, looked at likely causes, and tested them in turn.

You can use the tactics of collecting data and substituting “known-good” components to solve computer problems.

Good luck and have fun!

Dr. David

Outside the United States, several companies are building market share in the international security software business. These include F-Secure in Finland, GriSoft in the Czech Republic, Kaspersky in Russia, Panda Software in Spain, and Sophos in the United Kingdom.

The antivirus software market is a rapidly changing one. A huge amount of effort is required to find and provide fixes for viruses. Malicious programs are getting more complex and the number of them is constantly increasing. Many companies may find themselves without the resources to effectively combat this threat. Moreover, the new viruses are getting “smarter” in that they propagate themselves quickly, often moving across the local network to infect numerous computers. They often hide themselves by moving around in a system and by renaming themselves. Viruses that rename themselves to names close or identical to legitimate system files can be difficult to detect. The capabilities of malicious software has multiplied, and now there are software threats that send emails, act as servers, and provide remote control of system functions. Malicious software often combines multiple features of viruses, trojans, emailers, etc., and these are called “hybrid” threats.

Although my recommendations for a good antivirus program has changed over the years, at the time of writing, I like AVG by GriSoft.com. It comes in a free and a paid version; see the site for specifics about their licenses. AVG antivirus actually does a good job at detecting lots of different kinds of malware, including viruses, trojans, rootkits, and various adware.

For companies with about ten or more computers, it makes sense to consider a provider of endpoint security services that can roll out protection to every computer and manage it for you. Endpoint security solutions from Fortress Data Protection provide effective and totally automated antivirus and anti-spyware protection.

Hackers infect computers, usually via email or websites, and group them together under their control to send illegal spam, carry out attacks on web sites, or propagate viruses.

It’s usually quite difficulty to track down the owners or operators of the botnets, who are sometimes called Botmasters. A disturbing trend is an increasing use of botnets in extortion schemes. How? Imagine someone sending you messages to either pay up or see your web site crash.

Botnets can consist of hundreds of thousands of compromised machines. Such large networks can be used in Distributed Denial-of-Service (DDoS) attacks. These attacks seek to make websites unusable, as servers are inundated with targeted bogus traffic. The affected web sites are made to appear offline.

Some security researchers are using Honeypots to combat botnets. Honeypots help discover how attackers infiltrate systems. A Honeypot is essentially a set of resources that one intends to be compromised in order to study how the hackers break into or use the system.

Hobbyists can run a Honeypot. But they must be exposed to the Internet, not usually behind an effective firewall. Routers for small offices often have a “DMZ” setting that allows a Honeypot to be deployed even in a small network.

A great site for more information on this topic is The Honeynet Project (http://project.honeynet.org) which describes its objective as “To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.”