Some sort of virus/trojan/whatever keeps changing my browser home page - help! (1 Viewer)

[Joseph Bolus]

If you're running Windows XP, then don't forget about the "System Restore" utility (located in the "System Tools" folder, which, in turn, can be found in the "Accessories" folder.) I got rid of a "hijacker"-type program a couple of weeks ago by first running Ad-Aware, and then running System Restore and selecting a date just prior to the day the "hijacker" first manifested itself. This totally fixed the problem.

Good Luck!

 

[John Watson]

Nick T, I agree that many downloaders have "agreed" to a massive amount of fine print (that of course they haven't read or understood), but I think that that kind of burying of the terms of an agreement has been illegal for decades.

Thanks for your great post on Active X.

I still want Bill Gates properly blamed for selling this complex unreliable Trojan Horse to a gullible world.

 

[Rob Gillespie]

Your're better off stopping use of Internet Explorer. This thing has so many bugs and holes it's just bloody ridiculous.

A major, MAJOR security vulnerability was spotted over two months ago whereby a displayed URL name can be truncated by inserting a special character. This combined with 'phising' scams currently going around make the hacker's jobs very easy.

Have Microsoft released a patch? No. Instead, they've put up a page recommending people TYPE IN URLS INSTEAD OF CLICKING THEM (yes, they've actually said this) and have also announced they'll be dropping support for the [email protected] URL syntax to prevent this kind of issue. The problem is that there are legitimate uses for that syntax and to 'drop support' they'll need to be either a new sub-versions of IE or a patch, so until people apply it they're still gagging to be hacked!

I do anti-virus and patch support stuff at work and I see first hand the problems caused by Microsoft's piss-poor security.

I was always a bit of a naysayer with the anti-IE brigade but this latest issue has tipped me to the other side.

Get Firebird. No installs, no registry changes, make the browser as simple or complicated as you like. No ActiveX downloads hijacking your machine, no barrage of popups.

 

[Brett DiMichele]

Owning a computer and having that computer on the internet
or an intranet for that matter means that you should be
educated enough to use it. It is each person(s) duty to
properly administrate thier machine.

I am one of the few who places the blame on the user and
not Microsoft (I know, how dare I do that). Why is it the
fault of Microsoft for the poor administration on a machine
owned by a person who chooses not to properly secure said
machine's hardware and software?

You may not like my opinion but if users knew what they
were doing instead of just surfing the net without a care
in the world we wouldn't have these problems!

Microsoft has open source and readily available SDK's that
make any of thier software vulnerable to attack. They sit
on the edge of a double bladed sword. On the one hand if
they do not provide open source and SDK they are labeled as
a Monopoly and the government cracks down on them. On the
other hand if they leave the source completely open then
any script kiddie or bored Masshole with time on his hands
can sit down and write a virii that can easily penetrate
the software on poorly adiministrated machines.

Know your OS
Know and Secure your Ports
DO NOT let Active X Run uncontrolled
DO NOT let Java Run uncontrolled
Run a NAT Hardware Firewall
Run a GOOD Anti Virus Software and update the VDF Daily!
DO NOT Auto Preview anything in IE!
DO NOT let anything execute!
Know what processes are running and what they do!
Disable Remote PC on XP!
Run a Software Firewall! (Zone Alarm)
Run a Software Spyware Killer (Spy Bot Seek And Destroy + AdAware)

Knowing your PC will keep you safe from most anything. But
like anything in life if someone wants in BAD enough they
WILL get in even with the best defenses.. Nothing is UNhackable
unless it's NOT plugged in!

 

[sam_canavo]

Very good points Brett.

I work in an IT Dept and the users continue to blame the
computers when something goes array. Even people I have
built computers for have no interest in learning how they
run.
They think it is like a car, get in it and drive.


I believe that with the advant of internet everyone needs
to be educated in surfing and the dangers involved.

Brett maybe you should see about posting that in the HTPC
faqs or somewhere it could be found easily.
Just a thought.

PS: No user bashing just trying to educate users.

 

[nolesrule]

I'm gonna agree with Brett on this one. I use Outlook and IE and don't have issues because I do everything in his list.

Opera and Mozilla are OK, but they don't deprecate well on older HTML, which makes viewing sites written in valid HTML from a couple of years ago hard to look at (though Opera is much better than Mozilla in this regard).

 

[Rob Gillespie]

I can't disagree, but it's looking at the problem from a utopic sys-admin point of view, not from the real world.

 

[Brett DiMichele]

Rob,

I certainly won't argue that Microsoft does ship OS builds
that install with some dangerous options activated that
need to be turned off after the fact. But at the same time
said vulnerabilities would be blocked by a NAT Hardware
Firewall in the first place (Like RemotePC).

I work in the I.T. Field so I have heard everything just
like a few of you here who also work in the field. I don't
specialize in PC's (Mainframer, here) but none the less I
do make it my job to know my PC's be they at work or at
home inside and out. And the problem is just as you stated
some people have no care to learn (Laziness IMHO). Even in
my job I am on a quest to learn things that don't even
apply to what I do. If more people had that same desire we
most likely wouldn't have the problems we do.

I always hear anti-Microsoft guys boast the merrits of
Slackware or RedHat because "You" know what the OS is
doing and it's doing nothing behind your back. But the
truth is that if you know MS OS's you know what they too
are doing just by looking at the Ports, Processes and the
Registry!

"it's the same as saying the driver who crashed his car should have learned advanced driving techniques rather than trust the brakes to work fairly well."


See that's the problem.. I also think that every
citizen in the United States with a valid drivers license
should be required to take an advanced drivers course.

Our licensing standards make it so easy that a chimp could
pass the test and get a valid license if he is a legal
resident of the U.S. I feel the same can be said for OS's
like XP and OSX. It makes it Uber easy for any person to
get right out on the information superhighway and cause a
30 car pileup in the process.

Knowing the brakes will stop you is a good thing. Knowing
how to properly apply them is even better!

 

[Rob Gillespie]

I've no doubts that Linux or BSD variants are massively less prone to security problems, and it's not just because of the out-of-box settings. That said, any average user thinking they can just jump into Linux and expect it to work as well as Windows is in for a shock. The bigger distros are starting to get 'good' now, but in terms of a desktop end-user OS it's still years behind what Microsoft produces.

 

[John Watson]

I have to disagree with Brett - if Bill Gates is gonna push this crap down the world's throat, he's gotta simplify and fortify it a lot; unless his sole object is to make money, and coincidentally, provide a living for a lot of techies.

 

[Brett DiMichele]

But John,

Bill isn't pushing anything down anyone's throat.. If you
want to run a different OS you can always run Linux or just
buy a Mac!

There are so many options!

 

[Chris_Morris]

I think that analogy is not close enough to the view you are taking. To agree with your view I would say:
"it's the same as saying the driver who crashed his car should...be an ASE certified mechanic, an engineer to understand every movement of the [engine-transmission-etc.], a lubrication technician, etc."

It's really an elitist type view and not very applicable to the real world.

Also, blaming the user, rather than the company for a faulty product would be like blaming the drivers for not being tire experts rather than blaming Ford/Firestone for the tire problems they had a while back.

While in some things I can agree that the user has a little more responsibility (not opening attachments, etc.), you cannot reasonably take away all responsibility of a company to put a product on the market that is safe.


Chris

 

[Kimmo Jaskari]

The problem with the argument "the user should be savvy enough" is that there obviously are users who aren't savvy enough. That pretty much ends the argument, IMHO; we have to face reality, not philosophize about an ideal world.

More to the point, there are tons of people who don't WANT to know this stuff and actively resist learning. They want to surf and use Word, they don't want to understand the underlying mechanics any more than they want to understand how their cars work beyond "put it in gear and go". You can't make people learn if they refuse to.

There are people, reasonably intelligent people, at my office who are baffled by the whole notion of visiting Windows Update. We're not talking rocket science here, but these people just go "well duh, I don't get it".

Besides, demonstrably even guys who know pretty much what they are doing get bitten sometimes if the software is susceptible. This entire thread is about a problem with the software that occurred unnoticeably to what I'd consider an above-average-computer-savvy guy...

We really need to get to the point where there are several variants of computers. The average joe gets a closed system that you cannot alter anything in by yourself, you need to take it in to get serviced by a pro to so much as update your software... something like adding a "Juzt Reboot" card to a PC. As long as malware can foul up computers, they will.

 

[Brett DiMichele]

All I can say is for those who resist learning.. They make
WebPC.... And that's all they should ever be allowed to
touch.

Is that an elitist attitude on my part? Perhaps it is
because I have to deal with ignorance daily when it comes
to computers, intranet and internet. And I feel the same
way about automobiles and licensing requirements. If we
could get the idiots off the road who "resist" using thier
turn signal or "resist" driving in the fast lane even
though they are going slower than slow lane traffic then
the world would be a better place

 

[John Watson]

Kimmo, I too like the idea of a simple computer that has far fewer settings, options, and I do not need the ability and power to program Mars landings. (Tho guys like Brett, Rob, John Berger and you can handle much more than the average guy, and more power to you!)

The problem is that the vendors want to sell all of us as much as possible, and a gullible public thinks that "loaded is good", so that's basically what's offered to us. Windows is the defacto world standard for home pc, I just lament that it is a poor standard.

And I would like to be able to reload my computer myself, or at least be able to backup and offload my files, and take the 'puter to a service station and have a completely up-to-date Windows re-installed in 5 minutes.

I was also noting that many people on a somewhat tech forum have problems - loved that recent thread called "1 million problems burning DVD".

I have previously mentioned my wish for a Security Pack that would coherently address Virus, Spam, Malware, etc. It seems like we have to deal with about 6 or so products and companies and sites to have good coverage of one 'lil ol' PC.

Bill Gates' "Trustworthy computing" initiative should cover a pretty wide spectrum of problems. In the meantime the registered owners of Coolwebsearch should be summarily sentenced to cleaning the sewers of whatever city they live in.

BTW Brett, what is Auto Preview in IE? Going over the list of wise precautions, I couldn't find that one even in IE's Help files. I also don't know what is involved in "controlling Java". I was relieved however to find my "Active X" was set for the higher security zones.

 

[Kimmo Jaskari]

Maybe so, but the analogy doesn't really fly. Patching security flaws and maintaining the operating system is more akin to maintaining the car. We have businesses that focus on that so that the average hamfisted user doesn't have to.

 

[Rob Gillespie]

Not only for home PC, but for corporate desktop also. I don't have any major issues with Windows except for the 'lets intergrate everything and make it all accessible' attitude they have. Windows can be reasonably secure (at least for a home user) but only by turning off this and that and enabling this or that. Out of the box, it's a swiss cheese, though they are starting to make some efforts at improving the situation; XP SP2 will enable the built-in firewall by default. That's the kind of thing that needs to happen. Most people running at least the small firewall in XP would not have succumbed to the Blaster virus before they had chance to download the patch.