Thursday, March 6, 2008

What's Your Internet Safety Score?


Before I get to the tests, there are four more downloads I got since my last post.

On my stolen laptop, I had WinPatrol by BillP Studios because it uses a heuristics approach for checking system changes instead of comparing against a list that must be updated and downloaded periodically as do the other security software I mentioned in "The Bad, the Great, and the Tedious." After I downloaded it for this laptop, I decided to add SiteAdvisor by McAfee, available for IE and Firefox, because it isn't expedient to read the Privacy Policy for every website I visit and the nefarious websites don't come right out and say, "This site distributes adware and/or spyware." I also downloaded Opera because it's now free, is the first of only two browsers to pass the Acid2 test, and because the bad guys are paying more attention to how they might exploit Firefox. The other browser that passes the Acid2 test is the new Safari for Windows by Apple which I also downloaded to try out.

Now for the tests.

SiteAdvisor's website has two tests of eight questions each to gauge yourself in regards to spam and spyware.

"Are you spam savvy? Can you tell which sites will respect your personal information? Can you tell which ones might sell or rent your e-mail address to spammy third parties? Take our Spam Quiz and find out. Can you spot the spammy Web sites?"

How did you do?

My score: "YOU GOT 8 OF 8 QUESTIONS CORRECT Rating: Safety Guru."

Whoo-hoo! Thank God for the teachers who taught me how to read, although I hate plowing through those Privacy Policy statements!

"They say it's hard to judge a book by its cover. We'd argue that it's even harder to judge the safety of a Web site by its looks. Think you can sniff out which sites are adware & spyware free? Take our spyware quiz and see."

Did you score higher than, lower than, or the same as on the spam quiz?

My score: "YOU GOT 6 OF 8 QUESTIONS CORRECT Rating: Tightrope Walker."

I'm not concerned about one of my wrong answers because I don't use file-sharing sites, but the other wrong answer was for lyrics sites and I have used a few of them on occasion. Now, with SiteAdvisor, I'll know which sites to avoid when I google to verify song lyrics.

How safe is your PC? Here are some tests for you to run on your computer to see if the nasties can get in and if they can send your data out or enslave your PC without your knowledge:

On the Gibson Research Corp. websute:

ShieldsUP!

LeakTest.

On the PC Flank website:

A quick test for now until you have time to do the rest.

A leak test

A stealth test

A browser test

A Trojans test

An advanced port scanner test and,

An exploits test.

There are also tests from other sites.

Some observations:

My ZoneAlarm Free passes GRC's LeakTest, but fails PC Flank's Leaktest which exposes a particular vulnerability. I used Firefox and didn't even have to open Internet Explorer as instructed by the PC Flank leak test. My laptop failed repeatedly until I figured out how to make it pass.

One important thing to note is that the little PC Flank window ALWAYS reports that the test failed, even when it doesn't, so be sure to check your results on the webpage. The last little window has a link to it, also. When your PC passes the test, you won't see your IP address, the date and time you did the test, or the text you typed. (I can't help wondering: If they're so good at making tests, why didn't they make their little window display the right test results? Harumph!)

How to disable this vulnerability and pass PC Flank's Leaktest if all else fails:

1. Set your firewall to request permission each time IEXPLORE.EXE is used.

In ZoneAlarm Free under Program Control, this is listed as Internet Explorer. Under Access and Server, click and select Ask so that question marks appear in all four columns. When you use IE (or OE or Outlook), ZA will pop up a window for you to select Allow or Deny. Do NOT check the box for "Remember this setting" or your PC will be able to leak your data EVEN WHEN YOU'RE NOT USING IE (or OE or Outlook)!

To pass the leak test, do not allow IE to access the Internet. (In ZA, click Deny when the pop-up first asks for permission. Whatever you answer the second time, doesn't matter. Your data's already leaked out if you failed the test.)

2. Do NOT use IE unless you absolutely have to for those websites that don't display decently with other browsers such as Firefox or Opera or Safari because your computer WILL be vulnerable during those times.

Comments on the other tests:

I haven't done all of the other tests listed because Atelier Web, Breakout #1 and 2, Copycat, DNS Tester, Firehole, and Thermite set off the Avast! alarm while I was downloading them, which was neat to hear, and I want to verify that Avast! was giving false positives, that the programs are virus- and trojan-free, before I run them. While a couple of websites recommend them for testing, upon hearing the alarm, I decided to check them out further because I've known of safe files in the past that were perverted by the bad guys after they became popular to take advantage of their safe reputation in order to slip malicious code onto people's systems. Other tests simply wouldn't work.

The cpil.exe has left some PCs with something that keeps trying to start IE. Some people clear it up by simply rebooting. Some have had to download and install a HIPS program to stop it. Since I'm waiting to see if my system is affected and what I'll have to do to clean it up if it is, please don't run it. I figured it's okay for me to run because, if I should have to rebuild my system if it leaves trash behind that can't be cleaned up otherwise - the worst case scenario, it won't bother me so much since I don't have any personal files on it, yet. But if someone else has to do it, who has personal files, that may not be backed-up, and who wasn't expecting to spend time cleaning up after the test much less doing a system rebuild, well, let's just say that I don't want to get put on anybody's bad list. Of course, since you now are warned about it, go ahead and run the test if you want. Just don't blame me if it keeps trying to start IE and you have to clean up after it to make it stop.

Ghost, when I allowed IE to access the Internet, proved once again, that we shouldn't be using IE. In all fairness, though, bad people have always looked for ways to break into anything containing value and there's no reason to expect them not to continue. Remember, people didn't use to have to lock their house doors and could leave their cars unlocked with keys in the ignition and now there are security systems for both homes and autos in addition to our having to use the regular locks. Computer crimes are just another venue for the bad guys.

Jumper acted like it wasn't working, giving an error because my laptop wouldn't let it create a file on my C drive named jumperleaktest_dll.dll, but it then proceeded to hijack my IE home page to change it to http://www.google.fr, a harmless change that demonstrates that a bad guy could make something worse happen, even though IE was never open during the test. Scotty, my faithful little watchdog from WinPatrol, caught it and warned me so I could stop it.

The TooLeaky test was passed because I told ZoneAlarm to Deny it the first time. After that, when I had ZA Allow it, it was passed because it couldn't run scripts, ActiveX controls, or plug-ins due to my setting them to Prompt which I denied when action was requested. I never did let them run during repeat tests, either.

(In IE version 6, see Tools -> Internet Options -> Security tab -> Internet -> Custom level. Under "ActiveX controls and plug-ins," set "Download signed ActiveX controls," "Run ActiveX controls and plug-ins," and "Script ActiveX controls marked safe for scripting" to Prompt. Set the others in that section to Disable.

Next, directly below, is a Download section. Set the three listed there to Disable. Be sure to remember doing this so you can change it back when you want to download files or fonts you want, except you won't be using IE as much after reading this post and conducting the tests, right?

Anyway, after that, there's another heading for "Scripting." Set the three there to Prompt. You may be tempted to set "Active scripting" to Enable because you're likely to be prompted a lot as I am; it's your PC, your choice, and your risk if you want to Enable it. Click OK to save changes.

While you're at it, you may as well go over to the Advanced tab and ensure that the box for Java is clear. Click OK to save changes. You can always go back to check the Java box if you need it.)

WallBreaker consists of four tests. The first and third tests are especially sneaky in that they got around ZA which didn't ask for permission for IE.

Remember, it's not just what gets into your computer from the outside that can mangle your hard drive, it's also what goes out that can hurt you and others.


1 Peter 5:9. Be sober, be vigilant; because your adversary the devil, as a roaring lion, walketh about, seeking whom he may devour.