2 PC Geeks Internet Security

Mepis 6.0 Final Released

2006-07-28T11:17:00.000-04:00

Now that Windows 98 and Me have reached the end of their support cycle, many folks are wary about no longer receiving security updates, and for good reason. Windows XP SP1 loses support by Microsoft in October. Are these systems going to be easy prey for for virus and malware writers? Are the antivirus and anti-malware software solutions going to continue to support these older operating systems? Can your older hardware support an upgrade to Windows XP SP2? Older systems are definitely not a candidate for the upcoming Windows Vista, so what is one to do? Maybe you are just plain tired of Microsoft's latest scare tactics and invasion of your privacy with their "spyware" called WGA. It may be time for you to consider an alternative to Windows and switch to the latest release of Mepis 6.

Mepis used to be based on the original "live" distribution Knoppix, but is now based on my other favorite distribution Ubuntu/Kubuntu. I used to be torn between Mepis and Ubuntu, but no longer. I can have my cake and eat it too! So what's so great about Mepis? Let's see if we can determine if this is the right system for you.

First, download the latest ISO image from www.mepis.org and burn it to CD. This image is a Live version of Mepis, that will allow you to run it from CD, and if you like what you see, install it to your hard drive. Restart your computer from the CD you just burned and boot into the Live distribution. On the initial launch screen, select F3 on your keyboard and set your preferred graphics resolution. This is the only Linux distribution that supports my laptop's 1280 X 800 resolution "out of the box." Now boot into the live environment and play around. If you have an encrypted wireless connection, make sure to go into Mepis Utilities (Settings | System Admin | Mepis Utilities) and add your SSID and WEP/WPA encryption key. If you like what you see, click on the Install icon on your desktop to install it to your hard drive. Running from the CD is slow because all programs need to load from the CD into RAM to run.

So what's so great about Mepis? Well, first of all, this is the first distribution I have ever used that natively supports a multitude of graphic configurations right out of the box on boot up. It also supports all four of my wireless cards WITHOUT having to configure a Windows driver with NDISWRAPPER. Mepis is now built on the outstanding Ubuntu distro, so you get cutting edge Linux apps and the latest kernel. But the feature that sets it apart from other Linux distributions, especially for newbies, is the excellent Mepis Utilities, formerly known as the Mepis Control Center in previous versions.

This utility can know be found under Settings | System Admin | Mepis Utilities. Mepis Utilities allows the user to reset their X-configuration or repair their GRUB boot loader by starting from the live CD. How many times have you made a graphics change that resulted in X Windows not starting? I know I have done this many time. With Mepis Utilities, all you have to do is restart the conputer with the live CD, go into Mepis Utilities and request that your X-configuration be rewritten using the settings you just used to start in the live environment. You can also restore your GRUB boot loader the same way if something happens. Problems solved.

Although the base install contains a significant amount of software packages, you probably want to enable all repositories in /etc/apt/sources.list so that you can install additional applications thru Synaptic, or for those of you who prefer the CLI, apt-get.

Is Linux ready for the desktop? Mepis 6 proves it is, or is real close.

Internet Worm Poses as WGA

2006-07-07T11:28:00.000-04:00

As if there isn't enough controversy about Microsoft's Windows Genuine Advantage. According to Panda Software, a new Internet worm, Oscarbot.IV, is spread via AOL's Instant Messenger, and installs itself as the Windows Genuine Advantage Notification service, so it get to start every time Windows does.

Thankfully, I run Linux, for the most part.

Internet Connectivity and Windows Slowdowns?

2006-07-01T07:58:00.000-04:00

What an interesting week this has been. I have 4 Windows computers in my home and all of them have experienced Internet connectivity and issues and sporadic slowdowns. Two of these machines are hard-wired and two are wireless G. I suspect it has something to do with ANOTHER WGA (Windows Genuine Advantage) update that all received this week, but I haven't had time to pursue it too much. One of my Windows machines has a fresh load in it, with just the bare security software installed and all Windows updates. No productivity software, no games, nada. I even opted out of installing the resource hog Symantec Norton Antivirus 2006 on this machine; instead I installed the lean and free Antivir software package.

Last evening, I was attempting to connect to one of my web-based email accounts and received multiple connectivity issues. The darn page would just not load! Tried it on another Windows machine with the same result. Reached over to my dependable Linux box and the page loaded instantly! Tried refreshing the Windows boxes, and still no dice. What gives? I don't know yet, but you can be assured I will get to the bottom of this. In the meantime ...

In my "freetime" this week, the 3 out 4 machines that dual-boot to Linux just got a fresh load of Mepis 6 - Release Candidate 2, and all I can say is WOW! I have always favored the Ubuntu/Kubuntu and Mepis distributions, being torn between the two of them. Stay tuned for my review later on.

Vulnerability in Excel Could Allow Remote Code Execution

2006-06-20T18:10:00.000-04:00

Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution

Windows Genuine Advantage is Microsoft Spyware

2006-06-17T22:13:00.000-04:00

From Brian Livingston @ Windowsecrets.com

Genuine Advantage is Microsoft spyware

Windows Genuine Advantage — the controversial program Microsoft auto-installed as a "critical security update" on many PCs starting on Apr. 25 — not only causes problems for many users but has now been proven to send personally identifiable information back to Redmond every 24 hours. June 15, 2006

Microsoft to change WGA software after allegation that it is spyware

2006-06-14T10:48:00.000-04:00

WGA is spyware? You think?

Microsoft has changed a major "feature" found in its Windows Genuine Advantage (WGA) software, after receiving an onslaught of complaints from end users. The criticism is in regard to the program's daily check-ins with the company's servers; now, the tool will dial home in 14-day intervals instead of after every system boot. (Source: techtree.com)

Microsoft opted to change the frequency of the WGA check-ins after receiving allegations that the behavior of their software reached the level of Spyware status.

Lauren Weinstein, cofounder of People for Internet Responsibility, recently made the following comments with respect to the Windows Genuine Advantage program:

"I fail to see where Microsoft has a 'need to know' for this data after a system's validity has already been established ... I'll leave it to the [antiSpyware developers] to make a formal determination as to whether this behavior actually qualifies the [WGA] tool as Spyware [itself]." (Source: news.yahoo.com)

Get free notification of sexual predators living within your neighborhood

2006-06-11T11:04:00.000-04:00

Subscribe Today and keep your family safe:

Free notification of when a sex offender moves within 1 mile of your home: http://familywatchdog.us/freeemail.asp

Windows Genuine Advantage Notification: The Saga Continues

2006-06-03T09:56:00.000-04:00

Outpost Firewall is popping up with messages that the "Windows Genuine Advantage Notification software is attempting to access the Internet." What does this mean? WGA is attempting to "call home" to Redmond! I have a legal copy of Windows XP SP2, have already activated and registered, and authenticated to Microsoft that it is genuine, yet WGA is constantly attempting to report back. This is unacceptable! How dare they!

To eliminate this behavior, open Notepad and copy the lines of text below. Name the file wga.bat and save it to your desktop. Double-click on the batch file icon and this issue is resolved. This batch file will shutdown the WGA service and delete the hidden tray applet that is calling home.

taskkill /F /IM wgatray.exe
del C:\Windows\system32\wgatray.exe
del C:\Windows\system32\wgalogon.dll

Windows Genuine Advantage Notification - KB905474

2006-06-01T08:40:00.000-04:00

On May 31, 2006, Microsoft Update delivered an update to the Microsoft Genuine Advantage detection utility. When you log on to an illegal copy of Windows XP, you will receive the following logon notification error message: "This copy of Windows is not genuine." In addition, after login, you may receive a balloon tip that states "You may be a victim of software counterfeiting."

In addition to these NAG screens, you will be prohibitted from receiving any further Automatic Updates to Windows until a legitimate legal version of Windows is installed. This update cannot be uninstalled.

This is a GOOD thing. If you cannot afford a legal copy of Windows, maybe it is time to consider a much safer and dependable operating system such as one of the free Linux distributions. I personally recommend either Mepis or Ubuntu/Kubuntu for beginners. Though you will not be able to use most Windows programs, including games, the wealth of free software developed for Linux will satisfy most of your computing needs. http://www.2pcgeeks.com can assist you in the transition to Linux. Please contact us for more information

Microsoft One Care Live Released on June 1, 2006

2006-06-01T08:30:00.000-04:00

MS One Care Live

OneCare provides users with Spyware and antivirus protection through firewall software that also offers comprehensive backup and maintenance tools for Windows PCs.

OK folks, is it me or is the fox guarding the hen house? Does Microsoft really think I am going to trust them to protect me against vulnerabilities in their operating system. I think not. For me, I will stick with NOD32 for virus protection, WinPatrol and PrevX for intrusion detection, and Ewido for spyware protection. These security solutions, as well as many free and pay security products are available from http://www.2pcgeeks .com

Sorry Microsoft, I will pass this time.

Microsoft Word Vulnerability Exploited

2006-05-26T10:25:00.000-04:00

Microsoft Word Vulnerability Exploited
Courtesy of Panda Software:

1Table.A is a Trojan that takes advantage of a critical vulnerability found in the latest Microsoft Word versions, for which there is no security patch yet. The Trojan reaches computers as a legitimate Word document, or any other Microsoft Office document with an embedded Word document. When the document is opened, the Trojan triggers a buffer overflow in the application, allowing an attacker to run arbitrary code with the same privileges as the logged in user; if the user has administrators' rights, the attacker could gain total control over the target computer. Also, the Trojan exploits the vulnerability to drop a Gusi backdoor Trojan variant (Gusi.A or Gusi.B) on the affected system.

1Table.A does not spread automatically, it needs some action from the user to reach a vulnerable system and take advantage of the vulnerability. These actions include opening email attachments, downloading files from the Internet or P2P networks, etc.

Gusi.A is a backdoor Trojan that cannot reach computer by its own means, but needs to be dropped by another malware, such as 1Table.A for example. Once on the system, it injects itself in Internet Explorer, and hooks certain API functions in order to go unnoticed by users. Once installed, it sends out information about the compromised computer, awaiting commands including opening the Windows console (cmd.exe) from a remote attacker. The worm creates file Winguis.dll in the Windows System subfolder, files Etport.sys, Ispubdrv.sys and Rvdport.sys in the Drivers subfolder and file 20060424.bak, which has the following icon:

Also, it copies itself to the AppInit_DLLs entry in the Windows Registry to ensure it is run every time the operating system starts up.

Gusi.B is a variant of Gusi.A which is dropped onto the system by another Trojan, like 1Table.A, by taking advantage of a critical, undocumented Microsoft Word vulnerability. A clear symptom is an Internet Explorer run error if it cannot find an open Internet connection. Once in the affected computer, it opens a series of consecutive ports, starting from 1032, in order to send out information about the infected computer and receive commands to carry out actions on the system. Then, it injects code in Internet Explorer and connects to the IP address 222.9.X.X. It uses rootkit techniques to hide its files. This backdoor Trojan creates files Zsydll.Dll and Zsyhide.Dll in the target computer's Windows system subfolder. It also creates a file called 20060426.bak

2 PC Geeks Internet Security Updated

2006-05-21T16:30:00.000-04:00

2 PC Geeks Internet Security
The 2 PC Geeks web site has been significantly updated with important information for parents, and all computer users. Please check out the Product and Freeware pages for top-rated security products to keep your family's Internet experience a safe one. Happy surfing!

Microsoft Patch Tuesday - May 2006

2006-05-09T17:32:00.000-04:00

The three patches below were released by Microsoft today, May 9, 2006:

Critical:

Microsoft Security Bulletin MS06-019
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
Vulnerabilities exist in Microsoft Exchange that could allow remote code execution.
Microsoft Security Bulletin MS06-020
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
Vulnerabilities exist in Macromedia Flash Player from Adobe that could allow remote code execution.

Moderate:

Microsoft Security Bulletin MS06-018
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding.

Welcome to 2 PC Geeks Internet Security

2006-05-09T17:31:00.000-04:00

Our goal is to make your family's computing experience a safe, secure and rewarding one by providing the services and products that are needed for safe computing. The Personal Computer and Internet have opened a whole new fascinating world for all of us, but along with the rewards of this technology, comes danger. Viruses, spyware, operating system configuration and other vulnerabilities open the door to an unsafe computing environment. Proper computer configuration and software solutions, many of them free, can minimize these risks. If you have children, the risk of the Internet are compounded by the stalkers and predators you cannot see. Protecting your children from these dangers requires a multi-facetted approach, starting with educating your children to the dangers they may encounter. Proper computer and router configuration, as well as appropriate software solutions can minimize these risks, but this is not a substitute for proper parental supervision and open communication. 2 PC Geeks Internet Security is dedicated to providing you with the services and software solutions to make your family's computing and Internet experience, safe, secure, enjoyable and rewarding.