Tuesday, August 26, 2008

Security Tip - XP Antivirus 2008 - BAD!!

XP Antivirus 2008 is NOT the latest antivirus tool we should all be using. It is malware. It’s starting to get a fair bit of traction too. If you get infected, you will find extremely annoying fear-mongering popups urging you to purchase the product. Here is a description from an infected user:
"Last week a pop-up appeared that landed on my icon line.... xpantivirus2008. Thinking that it was another security alert from windows, I clicked on it. It proceeded to "scan" my hard drive and inform me that I had 90+ security "issues" that needed to be addressed..... while the scan was underway, a windows msg appeared saying that it did not recognize the program source. I found that odd... but, as a result, did not buy the xpantivirus2008 program. Now, one week later, I am constamtly being asssaulted by never-ending pop-ups, regisdtry scans, bubbles, etc. I followed a suggested uninstall (though I never installed the program) plus all of the usual ateps in detecting and removal of unwanted programs... but, although I removed everything that I was able to find via search commands, and using the process recommended by TomT (using regedit, hkey current user, msconfig, and unchecking "xpa" at the startup file, the program continues to reappear, pop-up every 2 minutes and at every start up.... Although I finally succeeded, attempting to delete xpantivirus.exe would not allow me to delete saying that it was being used by another user or runniong in another program which, obviously, it was not.... Even with all of it apparently gone, it still reappears and performs its maddening process. Even a file search at this point does not detect xpantivirus.... HELP!!!!!"

One of my library clients recently found this on one of their staff PCs. The popup window cannot be moved, minimized, or closed, and you can't see anything behind it of course. Luckily, Spybot 1.52 (http://www.safer-networking.org/en/download/) found and removed it. More recent versions of Spybot would probably also remove it. Trend Micro antivirus did not find it. This PC had a couple other infections on it as well. That PC was setup a few years ago and we have had no trouble with it until this. What had changed? Not the antivirus on it. Not the applications on it. Not the firewall for the library. The only thing that changed is one user’s lack of restraint. User restraint is one of your best protections.

My spam filter blocked a message that is probably the infecting source. The message is shown below. I have removed all the hyperlinks from the text. The first line is linked to an IP address in Moldova (That’s a country in eastern Europe) with an executable called Install.exe. It looks like this: http://555.555.555.555/install.exe. I have changed the actual numbers in the IP address. That line then is asking you to install software from a site that it will not even identify in English (or any other human language). There are also three links at the bottom: Unsubscribe, More Newsletters, and Privacy. They all link to msn.com which would seem to lend an air of authenticity. This email is a good example of what you should never ever do, should you run across something like this.
Free Update Windows XP,Vista
About this mailing: You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.©2008 Microsoft Unsubscribe More Newsletters PrivacyMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052

Moral: Use spam filters. Use Spybot. Keep it updated. Exercise restraint. Be paranoid about links presented to you in email. Have a nice day.

Wednesday, August 20, 2008

OpenDNS filtering

Jim mentioned OpenDNS as a possible fix for the DNS vulnerability.

I've been using OpenDNS for the past several months on my laptop, but not just as an alternate domain name server but to test its filtering capabilities. Yes, OpenDNS also offers free internet filtering. Once you set up an account, you can go into Dashboard - Settings and either go with one of their pre-selected filtering levels or customize your own.I was running a fairly restrictive version for quite a while and only had it block two sites - South Park and blip.tv - both as adult themed sites. The description provided by OpenDNS warns you to only choose Adult Themes if you want to be very restrictive on your network.

One nice feature is that you get a customizable block page that tells you why the site was blocked. You can give patrons information about how to get the site unblocked. This is an important feature for 1st amendment considerations.Yesterday, I thought that as long as I was changing DNS settings for my new ISP, I might as well set my router to OpenDNS and see how the filtering works on a network. I discovered that it filters every device on my wireless network including my iPod Touch. So, how do you turn it off? You go into your dashboard and remove whatever restrictions you choose. It's pretty easy to turn on and off but because the filtering takes place at remote servers, it takes a few minutes to deactivate and reactivate the filtering. In the meantime, your entire network is unfiltered. If you're interested only in complying with CIPA for public library E-Rate purposes, and want to avoid potential problems, I'd suggest being very selective in what you choose to filter, particularly for adult patrons.

We'll be talking about this more at the E-Rate session at Fall Workshop.

Saturday, August 16, 2008

Security Tip - Recent DNS Vulnerability

A new DNS vulnerability was recently discovered and information about it was released to the public last month. You may have heard about it in various tech-related news stories. Google "kaminsky dns vulnerability" for more info. A lot of the coverage and commentary is about how the information was released but that is not what I am interested in here.
DNS is what translates English into IP. When you type www.ups.com, some DNS server somewhere translates that to, which is what your computer needs to know to get you the UPS site so you can send a package. If you have ever configured a computer to use the Internet you know that one of the blanks you have to fill in is for the DNS server. You usually get that information from your ISP. It is usually the DNS server your ISP maintains for all of their clients.
It is pretty important that the DNS server you use has been patched to be resistant to this particular flaw. How do you know if the DNS server you use has been patched? That's what I want to tell you today.
Point your browser to www.dnsstuff.com. In the "DNS Vulnerability" box, click on "TEST NOW". Wait for it to process. If all the results come back "good" or "great" then you have an ISP that has taken care of this problem on their DNS server. If your result is less, such as "fair" or "poor", then call your ISP, tell them about your results, and request they patch their DNS server.
If they don't fix it, use a different DNS server. Have a look at opendns.com for more info.

Friday, August 15, 2008

internet speed test ranks montana 49th

The organization Speed Matters just issued its 2008 report on internet speeds in the US. You can download the entire report, a state ranking table and/or reports on individual states.

Montana's results were as follows for 2008:
Number of tests - 497
Median download speed - 1,320 kbps (1.32 Mbps)
Median upload speed - 378 kbps
Download speed ranking - 49

While this is not exactly a scientific study, individuals go to the website to test their speeds similarly to DSL Reports. It's just that these results are collected. And I think they are interesting nonetheless. But I probably wouldn't give them a whole lot of credence particularly when broken down by county. I couldn't help but notice that Custer county was awfully red - 6 Mbps +. It could have been only one person with high bandwidth testing per zip code. Why not add your library's data to the mix, especially if you're in one of the blank areas. Use this box to test your speed:

I did want to bring greater attention to this report because it supports my assertion in a posting to the E-Rate blog that we really do need to be working on increasing bandwidth for our public libraries. 1.32 Mbps just does not cut it in a video/audio downloading/streaming world!

Thursday, August 7, 2008

check your dsl/cable speed

I ran across the site DSLReports.com a couple of years back. It's handy to go in occasionally and run a free speed test to see what kind of bandwidth you're getting. I recently upgraded my home account to 7 MB and wanted to see if Qwest had made the upgrade yet - today was supposed to the day. So, I ran the Flash test and got the following results:

Apparently, the upgrade has not yet taken place...

Friday, August 1, 2008

linux for library pcs

In May, I took an old IBM laptop that was destined for surplus and loaded Ubuntu on it to test the usability of Linux OS for library use. This has become the laptop I take with me on road trips. I want to see how it works and I figure it's less desirable for thieves and hackers.

I downloaded a recent stable version of Ubuntu onto my current laptop, burned it onto a CD and loaded it onto the IBM, reformatting the hard drive. This does erase everything you've got on the computer so be sure and backup or move contents before you do this. I have to say that the initial install didn't work. I was given several options, took my best guess and apparently chose the wrong one. So when I tried to boot the new OS, I was met with an error message. Linux doesn't come with instructions. Instead you have user forums. The forum solution for my problem had command line instructions. I chose to reinstall instead, this time making a different choice for how to format the hard drive. The second install was successful. But my initial thoughts were that this may not be for the faint hearted.

Once I've had a chance to work with it, I've discovered some pros and cons.

  • Switching to Linux and open source can potentially extend the life of some old computers. The Ubuntu Operating System came with other open source programs including Open Office. The whole thing was only about 800 MB in size. It doesn't require as much hard drive space, memory or processor power as Windows, particularly Windows Vista.
  • You can do most common computer tasks easily using open source software:
    - Surf the internet with Firefox - wifi connections are easy to set up
    - Do office tasks with Open Office - word processing, spreadsheets, presentations
    - Listen to music, download podcasts
    - Upload and edit photos from your digital camera
    - Work on graphics
    - Watch YouTube videos
    - Open and read PDF files
    - Play DVDs and CDs
  • It's pretty easy to pdate current and download new open source programs. I made this much harder than it had to be until I found out where to go within the system to find more program options.
  • It's pretty secure. Most spyware and viruses are designed to go after Windows systems. Firefox vulnerabilities have been exploited so open source is certainly not invulnerable. But they seem to come up with fixes fairly quickly.
In short,my Ubuntu has performed admirably. Right off the bat, it got called into service at the May Montana Shared Catalog meeting when Sarah's Dell couldn't get onto the hotel's wi-fi connection. My Ubuntu laptop located and got onto the hotel's wi-fi easily. It also displayed web pages, word.docs and excel files (with one exception that will show up in the cons) from the internet, and ran PowerPoint presentations off a USB drive. Few knew they weren't looking at a Windows computer.

  • If there are specific programs you have to have on your computer because of patron demand, you want to make sure these programs have Linux versions. Some don't - iTunes and Windows Media Player are good examples. There are open source music players and podcatchers but if patrons use library computers to purchase and download music or video from iTunes or stores that use WMA copy protection, they probably won't be able to access these via open source programs. I haven't spent a lot of time researching this, but I don't think you could use a Linux computer as an OverDrive download station for the above reasons.
  • It doesn't work well with all Microsoft "features." During the MSC demos, the open office spreadsheet program would not open an excel spreadsheet using macros. This isn't a bad thing for security sake, but if you're doing very sophisticated spreadsheet or database work, you'll probably want to stick with the software you're currently using. Neither could Open Office cope with a PowerPoint 2007 presentation at a Parmly program I attended. A Windows computer running PowerPoint 2003 can't open a 2007 file either, but it will give you an option to download a viewer. Open Office can't do anything with them. But being open source, someone might be working on or have even come up with a fix for this problem already.
  • If there's something that's a bit buggy or you really don't like, you're pretty much stuck with it until someone in the community decides to fix it. That is, if you're a regular library user. If you have programming skills, you can get into the open source code and make changes yourself. But if coding's not your strong point, you may feel frustrated if you don't like a current version. And you don't really know when new versions are coming out unless you read the updates.
  • Most open source software does not come with tutorials or much help. If you have users who are already comfortable using browsers or office software, they can probably figure out the open source versions fairly easily. But if you're getting started with graphics design, moving right into Gimp can be a bit daunting. Not that PhotoShop isn't daunting as well, but there is a lot more help available to learn the program.
It's still a Windows world so I think that most libraries will want to have at least a few Windows PCs available. It's what people expect. But putting Linux on some of your older PCs may be a good way to help keep those computers usable and help meet demand for a bit longer. Open source is getting more user friendly all the time. I think that most library staff with a good computer comfort level could use and update it pretty easily. There are also vendors like Userful that will take care of it all for you for a fee. My advice is to give it a try. What have you got to lose? Besides your sanity and for me, that's probably pretty much gone already.

I'd love to hear what others have to say about open source in their libraries.