(continued from Part 1) 4) ANTI-VIRUS (AV) PROGRAMS: AV programs are the only programs that give you FULL protection against infected email and infected email attachments. Other security programs such as Firewalls, AdBlockers, and CookieBlockers help, but can't do all that AV programs can do. There are some things you must know about AV programs that are essential if you really want protection against viruses, worms, trojans, etc. a) First, you must have an AV program installed; b) The program itself must be kept updated with the latest engines; c) It must be kept updated with the latest Virus Definition files. d) It should be configured to automatically check every email and file you download; e) It need NOT be configured to automatically check every file the computer uses, since that eats up computer resources and really slows down the system; but, if you don't let it do this automatically, you MUST run scans on your system regularly, whether automated or manual; f) It need NOT be configured to automatically scan your system at selected intervals; but, you MUST run manual scans at regular intervals, preferably 2 or 3 times a week; g) Even if you have your AV program configured to check all incoming email and file downloads, you STILL need to run scans on your system regularly; infections DO slip through; further, you might download a virus/worm/trojan that was just released, and one for which the AV programers haven't released updated virus definition files; running regular scans ensures that your AV program will catch any infections that were missed. Even if you have an AV program installed, if you omit b) or c) above, you might as well use chicken bones and garlic and voodoo to ward off infections of your computer system. Most all good AV programs allow automatic updating. I suggest you USE automatic updating, especially now that these new infections are coming out almost daily, and some times more than one a day. And, even if using automatic updating, you should manually check a couple times a day until this latest epidemic slows down. Finally, on this subject, if you don't let the AV program automatically scan at selected intervals, you MUST run manual scans. I use AVG Pro as my AV program. I had it set to automatically updates every day at noon. From 1:30 AM Tuesday morning, until 12:00 Noon today (Wednesday) AVG released 5 virus updates !!!!! Only two of the updates were downloaded and installed automatically since I had AVG set to look only once a day. The other three were acquired by my manual checking. I have since added five more daily automatic checks! After adding the additional upgrade checks, I had one set for 12:00 Midnight; I didn't finish this post soon after I started it and came back to it at 2:00 AM; AVG Pro had checked at Midnight; I just did a manual check and another virus definition upgrade was released sometime between Midnight and 2:00 AM. Folks, there is a reason the AV companies are putting out virus definition updates so fast and furiously! New viruses/worms/trojans, or new variants of them, are being released every few hours now !!!!! I would suggest you configure your AV program to check for updates every 4 hours. I hope it doesn't get so bad we have to check every hour, or every half-hour. There is a free AVG program and an AVG Pro that costs $33.30. Both can be found at: <http://www.grisoft.com>. 5) CHECKING THE SECURITY OF YOUR SYSTEM: In addition to all the above, there is one more thing you can do to check the security of your system. Steve Gibson, of Gibson Research Corporation (GRC), has a website where you can check your system security. And, it's FREE. Go to: <http://www.grc.com/default.html> to read about the latest vulnerabilities of computer systems and to download some small (free) utilities to check your system. But, while you're at Steve's website, be sure to run the online tests he has available. At the main page, scroll down and click on "Shields Up", then follow the directions. At each page be sure to continue to the bottom and read all Steve has to say. There are some valuable tips there. a) First click on "File Sharing"; many (most?) of you will find that your system is NOT protected; Steve's "file-sharing) test attempts to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! If you fail this test, Steve will recommend actions you can take to fix this security problem. b) Next, click on "Common Ports". This Internet Common Ports Probe attempts to establish standard TCP Internet connections with a collection of standard, well-known, and often vulnerable or troublesome Internet ports on YOUR computer. Since this is being done from our server, successful connections demonstrate which of your ports are "open" or visible and soliciting connections from passing Internet port scanners. If your system is properly protected, the probe should find NO ports vulnerable to Internet hackers or scanners. c) Next, click on "All Service Ports". This probe does the same thing as b) above, but checks an additional 1056 ports. It should find NO vulnerable ports. d) Next, click on "Messenger Spam". This will test whether your system is protected from unsolicited messages when you are using Microsoft Messenger. You have to have Messenger running when you do this test. If you are NOT protected, you will see the unsolicited messages pop up on your screen. e) Next, click "Browser Headers". Read all the instructions and then run the test. f) There are a number of free utilities you can download and run to finish checking out your system's security: "UnPlug n' Pray" "DCOMbobulator" "Shoot The Messenger" "ID Serve" (great for finding out the numerical value of a web server, e.g., www.rootsweb.com = 66.43.18.22.) "Wizmo" (lots of little free gadgets) "Leak Test" (Personal firewall leakage tester.) "XPdite" (Crucial Windows XP Vulnerability Fixer.) "SocketLock" (Disable WinXP and 2000 raw sockets.) "SocketToMe" (Check your Windows OS for raw sockets.) "FIX-CIH Virus Recovery" (Total recovery from CIH virus damage. Every April, the CIH virus resurfaces and wipes out thousands of hard disk drives by deliberately zeroing their partition, boot, and FAT tables. The first time this happened I wrote this complete post-CIH hard drive recovery utility.) "NoShare" (Quick and simple NetBIOS disabler. When the ShieldsUP! system was first created, I had not discovered how to safely "rebind" network transports as a means for closing the NetBIOS TCP/IP vulnerabilities. So I wrote the LetShare & NoShare utilities to do this quickly and easily (although in a non-standard fashion). Today, the manual rebinding described on the ShieldsUP! pages is the preferred method. LetShare & NoShare still work and can be useful for allowing quick NetBIOS on/off testing. "Trouble In Paradise (TIP)" (Check Iomega drive operation.) I hope all this information will help you keep your Windows system secure. If you have any questions, please do not reply back here to the Lists. Instead, email me privately at mailto:georgewdurman@comcast.net. Regards, SgtGeorge George W. Durman -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.225 / Virus Database: 262.1.4 - Release Date: 3/3/04