Internet Security Zone Blog

By Liam T, Security Advisor, SecureTec Australasia

We all know that a Wi-Fi hotspot is great for accessing the Internet in public places such as the airport or a coffee shop. But we should all be aware that Wi-Fi hotspots can also be a security concern since a hacker can exploit the wireless access and steal personal information or files from a computer by using a remote attack.

Here are a few simple rules to follow:

Use a good Firewall to protect yourself

A good firewall will protect your PC against inbound and outbound attacks while making your computer invisible. For example, ZoneAlarm Firewall protects you by watching all the traffic that exists or enters your computer and blocks any malicious attacks from the outside.

Disable file sharing in a public area

It is recommended to disable file sharing to protect your personal information while using a public Wi-Fi hotspot.  If you are using a ZoneAlarm, you will get a “New Network Detected” window.  Just click “Internet” (rather than “Trusted”) and that will automatically disable file sharing. Otherwise, …

If you are running Windows XP follow these steps to turn off file sharing:

1. Go to the start menu
2. Access the control panel and go to “Network Connections”
3. Right click on “Local Area Connection” and click “Properties”
4. Uncheck File and Printer sharing and click “Ok”

In Windows Vista file sharing is turned off by default when you select your network location type as Public. If you need to change your network location type:

1. Go to the control panel and access “Network and Sharing Center” on Classic View
2. Click on the “Customize” link
3. Set your location to the desired option

Use an encrypted public wireless network

You can check the provider's Web site in the privacy statement to see if they use network encryption and, if they do, what kind of network encryption it is. For the best protection of your personal information it is recommended that you don't send or receive sensitive information from the hotspot. If you do need to enter your personal information on a legit website make sure the website is SSL encrypted. You can tell if a website is SSL encrypted if you can see a padlock on the bottom right corner of the screen and the URL has https instead of http.

Disable your wireless network if you are not using it

If you are not doing any Internet related activities such as surfing the web or using your email it is recommended that you turn it off to reduce the amount of time that it is susceptible to attacks. You can turn off your wireless connection in the “Control Panel.”

By Jordy Berson, group product manager, ZoneAlarm products

Gumblar!! 

Is it an outrageously fun new board game that combines Jenga and Cranium to test your right brain, left brain and "Parkinson's-proneness" all at once? No. But this fun-sounding little guy could test your computer security, your identity theft protection and your ability to reformat your computer. And it could definitely bring outrage!

Gumblar is another multi-faceted, everywhere-you-want-to-be online, ninja-quiet Web site attack that can wreak havoc on your life. It begins in what seems to be one or a combination of Russian, Latvian and Chinese kitchens where it is then embedded into vulnerable Web sites.  Which Web sites? So far, ones you've probably never heard of.  But if we know anything about such attacks, we know any Web site can fall victim. Google, Yahoo, and the Miami Dolphins are just a sampling of sites that have been compromised by other attacks. (So yes, it can happen to you.)

So...what's the big deal? 

Well, news says (CNET by Elinor Mills, CBR by Kevin White, plenty more) Gumblar sneaks onto your PC when you visit a Web site, injects itself into your browser and intercepts traffic between you and the Web sites you visit.  That means anything you type is seen (unless it's encrypted, which most reputable bank and shop sites are).  But it can also redirect you to malicious Web sites that look like real Web sites, which can download more malicious code to your PC. The net net?  Play with Gumblar and you can lose your identity, unwittingly attack other computers, definitely lose money and maybe lose your mind! (“Mom, Gumblar won't stop hitting me!”)  

Seemingly contrary to its spunky, extroverted name,

Gumblar won't announce itself when it hits your computer. So you've got to go digging.  The CNET friends give this advice (as reported by Elinor Mills):

To find out if a computer is infected:

1) Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:\Windows\System32\);

2) Obtain the Sha1 of the installed sqlsodbc.chm. FileAlyzer is a free tool that can be used to obtain the SHA1 of a file;

3) Compare the obtained Sha1 to the list located on the ScanSafe STAT Blog;

4) If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.

You can also just, you know, "do a full reformat and reinstallation" of your operation system 

That would definitely test your right brain in a way that Cranium can't.  If all this sounds like less fun than a long game of Monopoly, may I and my Check Point ZoneAlarm friends (and your grandmother) use an old adage?  "An ounce of prevention is worth hundreds of megabytes of cure."  In this case, that ounce ranges from 6 MB to about 70 MB depending on the Check Point product (ZoneAlarm ForceField and ZoneAlarm Extreme Security, respectively) but is smaller than the ounces you get from most other security companies.  And in the context of, "not all protection is created equally," this happens to be an area where ZoneAlarm shines. Because we've got ForceField, baby! 

If Gumblar, Conficker, Hungry Hippo or the red-nosed "Operation" guy try to sneak onto your computer, ForceField browser security - with less than a proverbial lift of a finger - is designed to redirect those jokers straight to a sandbox. But in this sandbox, nobody is allowed to play. Sorry, Gumblar! Meanwhile, we'll be gathering more data and will update you on the protection ForceField provides against Gumblar and its variants.  

By Frank Bailinson, Head of Strategic Products

Pardon this commercial posting, but you may want to pass this on to friends/family who need full PC security but thought they couldn’t afford it.

In response to the economic hard times, we wanted to create a give-away promotion because some people may consider PC security a luxury they can’t afford. We believe it’s a basic need.

For 24 hours starting 6am PDT on Tuesday April 14 (Microsoft patch Tuesday), we will reduce the price for ZoneAlarm Internet Security Suite (a full 3-user, 1 year copy) to $9.95.  The offer ends the next day at 6am. We are limiting this offer to new customers only.

We will donate 50% of the proceeds to TechSoup, the technology place for nonprofits.  We hope these funds will allow them to spread security to many other charities. 

Here is the link for the offer: www.zonealarm.com/only24hours

by Laura Yecies

Today, I’m very excited to announce the launch of ZoneAlarm ForceField. We first released ZAFF into beta last fall, and now it’s now ready for primetime. On behalf of the entire ZoneAlarm team, I’d like to extend a very sincere thank you to everyone in the ZA community for your valuable insight and testing help…this is a major milestone not only for our company but in the fight against cybercrime. We look forward to your feedback.

As tempting as it is to delve into all the product details of this new virtualized browser/Web security solution, I think I’d rather talk to you today about a few of the reasons why we built ForceField.

In the past year or so, we’ve seen the consumer threat environment shift rather dramatically. Like the evolution of viruses and spyware, attack vectors have also evolved. The prime target used to be your operating system. So a good firewall, combined with antivirus and anti-spyware, was pretty sufficient protection against hackers looking for vulnerable PCs.

Now, armed with a new arsenal of Web-based attack strategies, hackers no longer need to seek you out. You’ll find them all on your own.

It’s rather easy to accidentally compromise your PC while innocently surfing the Web. Here’s how:

Search Portals: When you search for something on your favorite search engine, like Google or Yahoo, do you automatically assume that all the results are legitimate, safe Web sites? Hackers have found ways to seed search engines with malicious Web sites, or dummy pages that automatically redirect you to a Web site that can automatically download hundreds of pieces of malware without your knowledge. One of the strategies behind ZoneAlarm ForceField was to create an environment where you can make mistakes. You can accidentally click one of these links, and the malware will be contained in your virtualized, ForceField protected browser (and unable to harm your PC).

Random Web sites: Your favorite Web site, yes, the one you visit every day, could send malware your way next time you drop in. And they may not even know it. You see, these perfectly legitimate and responsible sites can become hacked themselves. A vulnerability in an ad server or database can allow a hacker to use the Web site as an otherwise trusted conduit to deliver a malicious payload onto your PC. As I write this, one such SQL Injection attack, using the worm “winzipices.cn,” is believed to have compromised over 4,000 Web sites around the world.

We’re also receiving reports of demographic attacks: hackers compromising specific Web sites that cater to a desirable audience…for example wealthy or older surfers. Like with the search engine attacks, by using ForceField you can confidently surf as usual. Even if your favorite Web site has been hijacked, you stay safe.

Social networking/Web 2.0: Social networking sites, by their very viral nature, are an irresistible attack vectors for hackers. Alicia Keys’ fans learned that the hard way last year when her MySpace page was infected. Facebook, with all its fun apps, proved compelling to adware distributor Zango. Not only can these communities be exploited to spread malware, but they can also fall prey to what we call “man in the middle” attacks. This is where a hacker basically inserts himself in the middle of your upload or other file sharing to steal your password or other sensitive personal information.

Social networking is a great way to stay connected with friends and family and build online communities, but always take precautions and be careful what you share. It’s a lot harder to delete personal information off the ‘Net than to post it.

Gaming/Virtual Worlds: Virtual worlds and games like Second Life and World of Warcraft are a blast. My kids love them. But one security researcher recently claimed that he could compromise your PC if your avatar wandered into his “realm.” If he could see you, he could take over your PC remotely. While we haven’t seen real world reports of this type of breach, we believe it can be done.

So what’s a security-minded Netizen to do? Besides using a comprehensive Web security solution like ForceField (in tandem with your PC security), make sure *all* your applications are patched regularly. Don’t forget your Java, IE, Flash, Quicktime etc. They’re easy to overlook but crucial to an overall Web security strategy. We’ll be posting more tips in the coming days, but in the meantime, we’re interesting in hearing your experiences on Web-based attacks. Have you fallen victim? What steps do you take to avoid falling in a hacker trap on the Web?

We don't normally put promotional stuff here, but since this is a 24 hour opportunity, we thought you might want to know.  You can download and use ZoneAlarm Anti-Spyware for free.  And it's not just anti-spyware freeware, but our full product that won top billing at CNET which has the full anti-spyware deep scan and removal as well as the professional grade Firewall and OSFirewall.  Here are the details:

Offer Page:  http://www.zonealarm.com/patchtuesday/
Media Alert:  http://download.zonelabs.com/bin/free/pressReleases/2007/pr_7.html

UPDATE: OFFER EXTENDED (from Allison, our Director of PR)

As you've probably already seen, today you can download ZoneAlarm Anti-spyware, free. No strings attached. You get the full product, complete with the legendary ZoneAlarm firewall, the rootkit-blocking OSFirewall, Spy Site Blocking, and a year of A/S updates.

We've had some server challenges because of traffic, and so we're extending the offer to 5 p.m. PST tomorrow to accommodate everyone. We sincerely apologize for the inconvenience.

All of us here on the ZoneAlarm team believe more people need to take proactive security precautions by installing essential PC protection AND pay attention to updating their operating systems and browsers when critical security patches are made available. We know it's a pain to download a patch, install it and sometimes even have to restart your PC. But it's important. You can't be complacent because it's an inconvenience. Because...as vulnerabilities are announced and patches released, hackers go straight to work developing exploits and start hunting around the Net in search of unprotected PCs.

Here in the San Francisco Bay Area, when the air gets particularly dirty a "Spare the Air" day is declared. Many public transportation companies such as the commuter trains will offer a free ride to get people off the road. That's the idea behind this ZoneAlarm Anti-Spyware Patch Tuesday offer...the more people who have tough security and an updated PC, the fewer targets for attackers and the Internet becomes a safer place as a whole.

So you get ZoneAlarm Anti-Spyware for free until tomorrow only at www.zonealarm.com/patchtuesday.

And don't forget to also download the free ZoneAlarm ForceField beta to add a "bubble of security" around your browser. It's a cool virtualization-based product that traps drive-by malware and phishing attacks, and prevents keyloggers from tracking your typing. Once you install it on your PC, you'll never want to shop or bank online again without it.