|
Please note: Older issues may contain information that is now out of date. How To Subscribe
and Unsubscribe is at the end of this note. Mailing List Trouble? See http://www.langa.com/help.txt Please recommend the LangaList to a friend! (And maybe win $10,000 !) An easier-to
read formatted HTML version of this newsletter is available on line at The LangaList 2000-05-11 A Free Email
Newsletter from Fred
Langa
--------------(
Please Visit This LangaList Sponsor!) ------------
--------------(
the above is an advertisement )--------------
...piece of software? OK, that's
not a very poetic turn of phrase, but it *is* an eminently practical one. The current "Explorer"
discussion (at Winmag.com; see http://content.techweb.com/winmag//columns/explorer/2000/10.htm
) is all about freeware, and it's generating some great reader input. For
example: Hi Fred. Thanks
for the well done news letter. Free software is getting better and I hope the
following link will be of help to you and us - the readers. There is a wonderful
program called Software-Lynx by Mark Bascin of Bascin Ventures (at: http://www.bascin.bizland.com
). Its a new product, one of a series of free link-software he produced. The
first one was Hardware lynx (once called drive lynx), which I have been using
for more than a year, with links to (almost) all driver sites of all hardware
manufacturers. It is a blessing for those who fix or upgrade computers - no
problem finding drivers for ancient hardware. Software-Lynx has links to over 80
sites with free software of all kinds. Do check the other free stuff he's
created.--- mordy cohen Thanks, Mordy! Come see other
great reader suggestions via the link above, and please tell us *your* favorite
freeware download or site, too! Click to
email this item to a friend --------------(
Please Visit This LangaList Sponsor!) ------------
--------------(
the above is an advertisement )--------------
In the wake of the "Luv
Bug" email worm/virus that went around last week, ZoneLabs has cranked out
a new version of ZoneAlarm, their free-for-personal-use Firewall. ZoneAlarm 2.1.25 builds on the
improved security of 2.1.18 and adds "MailSafe," which is ZoneLabs'
term for the ability to intercept Visual Basic Script attachments in e-mail: "ZoneAlarm MailSafe
detects Visual Basic Script attachments and alerts the user to their presence.
At that point, the user can choose to open the attachment, to delete the email
or to check further on the validity of the email and the attachment. Since most
users have no need for receiving attachments in the form of Visual Basic
scripts, users should be suspicious of such attachments. Examples of recent high
profile, and highly damaging, email-borne viruses written in Visual Basic Script
include the 'Love Bug' virus and its multiple variants" In the new version of ZoneAlarm,
MailSafe is active by default; you can toggle it on and off via a check box in
the Security Panel. You can grab a copy of the new
version at http://www.zonelabs.com IMPORTANT NOTE: MailSafe
only detects VBScript (.vbs) attachments and not other types of script
attachments. As such, it's a useful but incomplete solution to the problem of
hostile attached scripts. We'll show you how to handle other kinds of scripts in
the next few items in this issue; one or more of these items should be just
right for providing the level of security you want against hostile scripts. Please read this issue all the
way through before you decide what to use. Click to
email this item to a friend Similarly, scripts that run
locally on your PC (like the Luv Bug script) are associated with a specific
application to run them---often the "Windows Scripting Host," but
there are other script-running apps, too. The Cerberus Security Team in the
UK (see http://www.cerberus-infosec.co.uk/
) has developed a quick-and-dirty way to "un-associate" the most
common script types (VBS, VBE, WSF, WSH, JS and JSE) in the Windows registry.
This leaves the scripts unchanged, but prevents Windows from knowing which
application to use to run them so Windows can't do anything with the scripts. If
you or a malicious app tries to run a script, you'll simply get the "Open
With?" dialog. You can then can use something like NotePad to see what a
script is going to do before you delete it or manually tell Windows how to run
it (e.g. with the Windows Scripting Host). You can get Cerebus' tool for
free at http://www.cerberus-infosec.co.uk/vf.exe
. But note that it has three major
limitations: First, file associations can change, so unassociating script file
types today may not mean they'll still be unassociated the next time you try to
run a script--- it's not a permanent fix. Second, it's specific to just the file
types listed above (VBS, VBE, WSF, WSH, JS and JSE). And third, it's quite
heavy-handed, just whacking a bunch of associations, wholesale. The next items help address those
deficiencies. Click to
email this item to a friend -----------(
Please Visit This LangaList Sponsor!) ------------
--------------(
the above is an advertisement )--------------
I was going to write out this
process myself, but reader Hal Adam beat me to it: Hi Fred: If
you are concerned about viruses (actually worms) like the recent "I love
you" worm or the so called mutants of this worm then there is a way to
protect yourself against all the mutants and any other file attachments which
have file extensions of .vbs or .vbe EVEN if you accidentally "open"
the attachment. This is even more
important since this worm was sent in source form. That means many people may
have saved a copy of the actual text of the computer instructions (like yours
truly :) ). The text instructions are Visual Basic Source code and thus are
easily modifiable and thus many so called "mutants" may be easily
created. So here is my suggestion about how to protect yourself from file
attachments of this type: 1) Double click on the
"My computer" icon. 2) Click on View
followed by "Folder Options.." (NT has options only). 3) Click on the
"File Types" tab. 4) Scroll down the
"Registered file types" to 'VBScript file" and click on it (to
select it). 5) Click the
"Edit" button. 6) Click on action
"Edit" (to select it) 7) Click on "Set
Default" button. Edit should now be in bold print. 8) Click on action
"Open" (to select it) 9) Click on "Edit
.." button. 10) The field
"Application used to perform action:" should be selected (ie text
highlighted by blue). 11) Press both the
Control and C keys to copy the selected text to the clipboard. 12) Press the
"Cancel" button. 13) Press the
"New.." button. 14) Click your mouse
pointer in the "Action:" field and type in "Run" (without
quotes) 15) Click your mouse
pointer in the "Application to perform action" field and press both
the Control and V keys to paste the contents of the previously copied clipboard
item into the field. 16) Click on the
"OK" button. 17) Click on action
"Open" (to select it) 18) Click on the
"Remove" button. 19) If you are asked if
you are sure, reply yes. 20) Click on
"Close" button. [Before closing the dialog box, make sure the
"Confirm Open After Download" and "Always show extension"
boxes are checked.---FL] Steps 5 to 20 may be
repeated for Registered file type of "VBSCript Encoded File". [or
other types of script files, too---FL] Thanks, Hal! What the above does
is first set the default action for these scripts to "edit," so if you
click on (say) a VBS file, it opens in NotePad instead of running. You can thus
automatically view the script contents to see if it's something you really want
to run. If it's OK, you can then RIGHT CLICK on the script file and manually
select the RUN command you created in steps 13-16; and the script will then run
normally. But, as Hal pointed out in his
email to me, "This is NOT 100% foolproof however, since some software
installations may add an OPEN Action for .VBS files...so one needs to check the
above settings once in a while to see if they are still correct. If you have not
installed any additional software however, then you are totally protected
against file attachments which end in a file extension of .vbs or .vbe [or other
extensions you process this way---FL]." I like Hal's approach because it
gives you total control. However, it can be a lot of work to alter many file
types manually; and seeing the script's contents in NotePad is useful only if
you have some idea of script programming. (Scripts aren't hard to figure out,
but can be confusing if you've never seen one before.) The next item shows you an
easier, more automated method of accomplishing much the same thing. Click to
email this item to a friend Within a few days of the Luv Bug
outbreak, the folks at WinMag posted "WatchDog," a free app that
automatically does much of what Hal's manual method accomplishes (see item
above). "Watchdog will,
with your consent, become the default program for Visual Basic Script (VBS) and
other scripting files. When you launch one of these files, WatchDog will look it
over and warn you of any possible security risks. You can then determine whether
the program is supposed to be taking these actions and how to proceed. An
install script that copies files to a specified location and makes a few
Registry edits, for example, might raise some flags for file copying and
Registry writing, but it could still be legitimate. Alternately, if WatchDog
reports that that ‘love letter’ you just received in your e-mail inbox will
overwrite files and access Microsoft Outlook, you might want to steer
clear." It's cool, free, and effortless
to use; you can configure it (with just a couple clicks) to monitor any or all
of the following file types: VBS, VBE, WSF, WSH, JS and JSE. I have Watchdog on my system;
coupled with Hal's manual method, I can now easily monitor and control the
actions of just about any script that runs locally. Grab a copy of Watchdog at http://content.techweb.com/winmag//fixes/watchdog.htm Click
to email this item to a friend -------------(
Please Visit This LangaList Sponsor!) ------------
Low
Cost, High-Impact Advertising! Have
your product or service seen See http://www.langa.com/ratecard.htm --------------(
the above is an advertisement )--------------
All the above are geared towards
the specific case of a hostile script running on your local system--- the Luv
Bug scenario. What about scripts that run from the web, such as from within web
sites you visit? Unlike the Luv Bug, these aren't downloaded as separate,
stand-alone files; and you don't click on them because they run themselves. Registry guru John Woram (see http://www.langa.com/books.htm#woram1
) cooked up a couple of Registry patches that let you easily toggle scripting on
or off in Internet Explorer's "Internet Zone"--- or in any other zone.
Placing these tiny files on your desktop and clicking them as needed is far
simpler than the manual way to turn IE's scripting on or off by hand: Without
John's cool tools, you have to click to File then Tools then Internet Options
then Security then Custom, then scroll down to find Scripting, and then click
Enable or Disable. John's trick is much easier. There are two ways to get John's
files. You can download them from http://www.langa.com/woram.htm
, or you can create them on your system by opening NotePad and copying/pasting
(or typing) the following four lines of text (line two is blank) between
the "----". Don't copy the "----" because they're simply to
show you where the files start and end. To DISABLE scripting in the
Internet Zone: ----------------------- To ENABLE scripting in the
Internet Zone: ----------------------- In each case, save the file with
a REG file extension--- ENABLE.REG and DISABLE.REG, for example. John points out that if you also
want to toggle scripting in other Zones, simply create new files exactly as
above, except that you change the reference to "...\Zones\3]" as
follows For your Local Intranet, use
"...\Zones\1]" For your Trusted Sites, use
"...\Zones\2]" For the Internet Zone, use
"...\Zones\3]" For your Restricted Sites, use
"...\Zones\4]" Thanks, John! (Ed. Note: For additional comments on this item, see THIS.) Click to
email this item to a friend Steve Gibson has finally finished
work on his "OptOut" anti-spyware site. (I've written tons about Steve
and his work: See http://search.atomz.com/search/?sp-q=gibson&sp-a=0008002a-sp00000000
). The new OptOut site is quite
complete and tells you everything you need to know about software that either is
used or could be used to "phone home" surreptitiously to tell some
external site or person about your surfing habits---and maybe more. "Adware"
is a common vehicle for spyware apps, and while not all adware is automatically
spyware, the risk is there. Steve's site names names and lays
it all out. And, of course, you also can download his free OptOut spyware/adware
removal tool there, too. Check it out! Click to
email this item to a friend If you think the
LangaList is a worthwhile read, maybe a friend would find it useful too! Just
use the following link to recommend the LangaList---your friend may find a new
source of useful information and you just may win $10,000 for your trouble (full
details also available via this link): http://www.langa.com/recommend.htm#1 Or, win a copy of
"Poor Richard's E-Mail Publishing: Creating Newsletters, Bulletins,
Discussion Groups and Other Powerful Communications Tools." This book has
been described as "An excellent, straightforward manual on email
publishing, banner ads, driving traffic and especially ethics." (Full
details also available via this link): http://www.langa.com/recommend.htm#2 Either way, thank
you, and good luck. Click to
email this item to a friend Yikes! This issue is
already getting long, and there's still lots more security info to bring
you. Likewise, last week I promised to bring you "ways to speed up
your Start menus" in this issue, and that's long, too--- way more than can
fit in this issue. And then there's the standard "Reader Sites"
feature, and "Just for Grins," and... Something had to go:
I hope you agree with me that the security items above were time-critical, and
worth bringing to you as soon as possible, even if it meant breaking the
standard format of this newsletter and postponing non-time-critical features. So stay tuned---
I'll include additional security items *and* tell you cool ways to speed your
start menus, *and* bring you more Reader Sites *and* Just for Grins items in the
next issue, just days away. <g> Click to
email this item to a friend -------------(
Please Visit This LangaList Sponsor!) ------------
Baker's
Dozen Great Books Check
out computer-related books personally recommended http://www.langa.com/books.htm --------------(
the above is an advertisement )--------------
See you next issue! Best, (Please recommend
the LangaList to a friend! (And maybe win $10,000!I) An easier-to read formatted
HTML version is available in the "what's new" section of http://www.langa.com.
(The HTML version of each issue normally is available by 9AM EST [GMT-5] of the
issue date.) All past LangaList issues are also available via the same link. Why are you getting this
newsletter? There are only two ways to get on the list (direct email request or
via the WinMag mail list signup page) so if you're getting this newsletter; your
name came to me through one of those channels. SUBSCRIBE (it's free!):
Create and send a new email address it to subscribe-langalist@lyris.dundee.net UNSUBSCRIBE: From the same
address you used to sign up with, create and send a new email address it
to unsubscribe-langalist@lyris.dundee.net
. CHANGE ADDRESS? LIST
TROUBLE? HAVE QUESTIONS? NEED HELP? See http://www.langa.com/help.txt About
the advertisers: Langa Consulting LLC will never knowingly accept
advertising for a fraudulent product, company or service. However, Langa Consulting LLC makes no implied or explicit warranty, recommendation or endorsement
of or for the products, companies or services mentioned in the ads. Disclaimer:
(Please see full disclaimer here: http://www.langa.com/legal.htm.)
Abbreviated version: The tips and other information given in the newsletter are
researched and are believed to be accurate, but we cannot and do not guarantee
that all the information here will work on all systems, for all users, all the
time. All information herein is offered as-is and without warranty of any kind.
Neither Langa Consulting LLC, nor its employees nor contributors are responsible for
any loss, injury, or damage, direct or consequential, resulting from application
of any information presented here. This newsletter is a free
service of Langa Consulting LLC and is Copyright © 2000 Langa Consulting LLC. All
rights reserved. |
|