Hawk's Perch
The Bastille Gazette Serving FW since Oct 1998 Archived Article

August 2006

Firefox users beware!
Posted Tuesday, August 29, 2006 by RL Hawk
This is from C-net's forums.... Firefox users make sure you read this. Lol, is also one of the reasons why I do manual updates ;-)

am your usual Web surfer who takes extreme measures to prevent spyware and viruses from getting into my computer, so I rarely get infected. However, only a week ago I was outsmarted. I was browsing with Mozilla Firefox when I saw an update pop up. These being regular and harmless occurrences with Firefox, I clicked Install. The new software installed perfectly, and I went about my surfing.

Two days later I began seeing continual and random pop-ups while I browsed, one of which displayed the title NSIS Media. I then Googled the company and learned this was a worm disguised as a Firefox update! I began searching safety forums and antispyware sites, but with no luck. The pop-ups got worse and worse, and more malware was being installed on my computer without my approval.

Finally, one day I discovered a site dedicated to removing the problem. The Webmaster had located a Trojan-horse scanner that had the worm in its definitions list. I immediately downloaded it, and scanned for and removed the worm. It has been a week since the surgery, and it looks as if the worm is gone for good. I hope other Firefox users don't make the same mistake.


Note: Beware of worm removal sites that aren't on a well known site. Sometimes they can rid you of bad malware, and install something a bit more insidious.
Lol, or sites that sound like name brand products like.... There once was popups for the free "Spybot" Sound good? Naw... actually was malware and I believe a key logger. The real site/ program is "Spybot Search and Destroy". Caution on downloading from sites you are unsure of and NEVER download from pop-ups ;-D
Quick link page added
Posted Saturday, August 26, 2006 by RL Hawk
Attention:
There has been a “Quick link” page added to my main web site.
https://home.comcast.net/~hawksnest2/
I’m really sorry I forgot who suggested this (actually there were two) but
It’s up and running for those that need quick links to some web sites.
Thanks to those for the idea, it is a good one.
MS patch scanner
Posted Monday, August 14, 2006 by RL Hawk
A free download to check all the critical MS patches, which came after the Dept of home land security released the bulletin below. Go over to this web page and click on the bottom to download the checking utility and see if your all up to date, have all the patches, etc.
Patch checker from eEye security

http://www.eeye.com/html/resources/downloads/audits/NetApi.html

On August 8, 2006 Microsoft released Security Bulletin MS06-040 which addressed a critical issue in the Server Service that allows for remote code execution on vulnerable systems. The vulnerable service listens on TCP ports 139 and 445, and is enabled by default on all Windows systems. eEye Digital Security has created a standalone vulnerability scanner to help identify systems vulnerable to this flaw. This scanner will identify the vulnerability on all systems with the exception of Windows NT.

This vulnerability was being exploited in the wild as a "zero day" attack previous to Microsoft's patch release. Due to this existing threat, and also because of the potential for remote compromise of most Windows operating systems, eEye has created a free tool to scan machines for this critical vulnerability. The sooner that vulnerable machines are identified and patched, the smaller the possibility will be of a successful Internet worm attack.

The Retina MS06-040 NetApi32 Scanner is being made available free of charge by eEye. The tool will scan multiple addresses at once to determine if any are vulnerable to the Server Service flaw reported in the Microsoft Bulletin MS06-040. If an IP address is found to be vulnerable, the Retina MS06-040 NetApi32 Scanner will flag that IP address.

This tool does not require administrative privileges on the scanned machines in order to determine if the systems are vulnerable.
Links to free AV tests and Windows WGA removal.
Posted Friday, August 11, 2006 by RL Hawk
Big article on MS and their Windows verification problems. Seems there have been some that have been told their version of Windows is counterfeit when in truth it was not.
MS has a fix:
http://www.microsoft.com/genuine/purchase/UpdateInstructions.aspx

Or if you’d prefer just to remove it (read the whole article)
Go here:
http://www.firewallleaktester.com/removewga.htm

Much of the problems were caused by early versions of the MS WGA.
You may also just disable it using these instructions:
http://support.microsoft.com/kb/921914

Guess I should mention for all of you that don’t know…. MS has stopped all updates, etc for Windows 98 and ME as of July 11, 06.

I know some of you due to various reasons can’t afford to buy Firewall or Antivirus software, so here’s a few places to go for a “free on line” AV & malware check:
http://housecall.trendmicro.com/

http://www.kaspersky.com/virusscanner
Nifty little web page utility.
Posted Wednesday, August 9, 2006 by RL Hawk
PC Magazine had a nifty little utility and story about “Actual” surfing speeds (Aug 23,06)
One of the editors created a program that isn’t a speed meter, but actually measures time it takes you to download real life web pages that are safe and secure.
The article begins at http://www.pcmag.com/article2/0,1895,1960251,00.asp
As you read the article down towards the bottom just click on the tiny little “next” for the next page.
Even if you choose not to download the utility and run it, read the article. If you do DL the utility and run it you can compare your numbers to those that have been running it and the data it sent into PC Mag.

The utility its self is at the top of the 1st page (in green) This does require you to sign up for another web site (sigh!...think that made about 50 when I signed up last year) But in the long run this is one of those sites that is worth it as sometimes they offer freebies that are safe to run.

Now on to the program….
There’s a quick little section to fill out with data like your PC maker, zip code, type of ISP, just a bunch of compiling info to help the program to determine where to check for load times and other info to help with the main data base and to allow you to compare.
Next there is the “start text” page (button is to the bottom right) This lists the pages it will go to and run the Download texts.

No bad, I hit 36.09 KB/s on an average of all the pages listed. There is also an area where you can load your own favorite web pages I added Forgotten World along with my own web page (which loaded slow due probably due to the html coding program I used to make my site)
I should also caution that make sure the web address you enter does not begin with ‘https’, if it does change it to ‘http’ (drop the ‘s’) The reason is this program does not recognize https addresses.
There is a nifty area that lets you compare your results to your neighbors (well sort of) Neighbors being those in your zip code or state.

All in all, this is a nice little piece of info utility. Important, no, but it is one of these “that’s nice to know” things and it lets you play around with it so you can get some insight for your self and pages you visit. Even has times to check so you can compare your page loads at various times.

Try it you’ll like it….. or at least it will give you something to kill time with.