Tuesday 26 October 2010

"Not Responding" - What does it mean, and what do I do about it?

Summary: “Not Responding” is Windows' way of telling you that a program might have a problem. Sometimes “Not Responding” is benign, but sometimes it's a sign of a deeper issue.

I am using windows XP PRO, and I am having difficulty when I am browsing or using a program. After a few minutes the computer freezes and I get a message in parenthesis saying (not responding). Sometimes I have to log off and log-on again to fix this problem. But after a few minutes it happens again. How can I fix this?
"Not Responding" appears in the title bar of a running program when Windows detects that the program isn't behaving properly. Exactly why depends on the specific program and what you were doing at the time.
Let's look at some of the possibilities which range from actual software or hardware problems, to user impatience.
Windows expects a running program to "interact" with Windows, and respond to Windows' requests in a timely fashion. If you type a key and the application doesn't take it because it's too busy doing something else, that could be a problem. Similarly, if you click on the Close Program "X" on a programs's window, and the program doesn't acknowledge that, then that too is a potential problem.
When Windows asks a program to do something, like take a keystroke or close itself, and the program fails to acknowledge that request within a certain amount of time, the program is "Not Responding". If the program never comes out of that state, we might also call it "hung", as in "hung up" on something.
There are "legitimate" reasons this can happen. For example, if the program you're using is doing some very long, CPU-intensive calculation, it might not respond in a timely fashion. An example might be a graphics program performing a reduction or other operation on a large image. If, during that operation, you attempt to close the window and nothing happens, after a few seconds Windows might add "(Not Responding)" to the title bar to indicate that it has tried to pass your request to the application, but the app's not listening.
"Anything that causes the application to stop responding can cause Windows to add the '(Not Responding)' moniker to the title bar."
While it might be considered bad form or bad design to not respond to user input or to Windows while performing lengthy calculations, it's quite legal and legitimate. Once the calculation is complete, the program starts listening and responding again.
A recent real-life example of my own: earlier this evening I was working on a Visual Basic program that performs various database operations. I modified it to access a database remotely across the internet which turned out to be a mistake, because the operation became extremely slow on my DSL connection. While VB was accessing the database, it was unresponsive to everything else. Windows tagged it as "(Not Responding)". Since I hadn't saved my program to disk (bad form on my part), I was loath to just kill it and lose my most recent edits. So I just let it continue while I did other things. An hour later the operation completed, and VB became responsive again.
Anything that causes the application to stop responding can cause Windows to add the "(Not Responding)" moniker to the title bar.
So while lengthy calculations are one semi-legitimate way it could happen for a while, what are some of the other things that can cause it?
  • Programming Error - the classic case of an "infinite loop" in programming is perhaps the most common example - if an algorithm is mistakenly written such that it never ends, and within that algorithm Windows is never given a chance to operate, the application may become "hung" and unresponsive. As a user of the app, there's not much you can do here except avoid whatever it is you did that brought the application to that point.
  • Software Design Error - really just a variant of the preceding point, but I think of it as a different class of problem. The example I see from time to time is a program that displays an error message in a pop-up box. Some applications transfer total control to that message box such that the application's main window will stop responding until you click "OK" on that message. If for some reason that box is displayed improperly - say off the screen, or behind the application's main window - then it will appear as if the application is hung as it waits for you to click on the message you can't see.
  • Hardware - hardware that is malfunctioning can, in some cases, cause the software that interacts with it to fail in ways that make it unresponsive. For example a USB card reader might experience a failure, and the next program to attempt to read from the device might end up "(Not Responding)" because of the problem.
  • Hardware Drivers - This is really just a combination of the previous points. All the hardware on your system is in some way controlled by software. If that software has a bug, even if the hardware is working properly, the result could be a hung application. If hangs appear to be related to interacting with a specific device it might make sense to make sure that you have the latest drivers for that device - not to mention the latest updates for Windows as well.
  • Viruses and Spyware - whether intentional or simply because they're poorly written, viruses and spyware can in fact cause other programs or Windows as a whole to misbehave in various ways including causing applications to become unresponsive. Make sure your anti-virus and anti-spyware software is running and up to date.
All that is pretty vague, I know. It almost boils down to "it could be anything", which is unfortunately fairly accurate. The actual cause, and the solution, will depend on the specifics of what you're seeing. Does it happen all the time, or only when you do certain things? One specific application, or several? All of these things and possibly more are clues necessary to ferret out the cause and come to a solution.
Without more specifics, my general recommendation is to make sure Windows is up to date, make sure your hardware drivers are up to date, make sure that the anti-virus and anti-spyware packages on your system are working and have up to date databases. If the problems persist, try to narrow down the common causes, if any.
Posted by at No comments:
Labels: , ,

9 ways your account can be Hacked, even with a super-strong password.

Summary: Strong passwords are important, but they don't protect you from everything. I'll look at other ways that your account can be compromised.

I sometimes play a game online to pass the time. It's a simulation type of game but I like it. One day I logged into my account and realized that someone had changed the password and taken all my stuff. How is it possible that they've hacked my account? My password has plenty of characters, is almost impossible to guess because it sounds like random gibberish to everyone else except myself, and there are plenty of numbers and secret characters in it. Is it true that they used a hacking device or program of some sort to hack my account?
I can't say what could have happened in your case, specifically.
However...
I can think of a number of ways your account could have been compromised.
OK, you've got a great password - something like 0jrkdiGv5Q@n - something that is not going to be guessed, and certainly no current computer is going to get to in the next century by trying all possible combinations.
What else could go wrong?
"It's great that you have a strong password - that already puts you ahead of the majority of computer users ..."
  • You have a key-logger. Key loggers, short for keystroke loggers, are malicious programs that are installed and transmitted as viruses or spyware. Once your computer is infected with a key logger it could be recording every keystroke you press, and then sending that off to some central "hacker headquarters" where the results are analyzed and account login IDs and passwords are extracted. By the way, "keystroke logger" is a misnomer these days. Just about anything you do can be recorded, including mouse clicks, screen shots, and even network traffic, rendering most of the ways to supposedly "bypass" keystroke loggers completely ineffectual.
  • You logged in on a public computer. Not only can public computers be completely infested with malware including the aforementioned keyloggers, but they can also have hardware logging devices installed. Even if you scanned, you'd never tell from the software installed that your keystrokes and all that other activity might be captured by a device attached to or inside the computer itself.
  • You've been phished. This is happening a lot, particularly in online games. You receive a message supposedly from the game administrator that you need to visit a web site to gain access to some in-game bonus, or validate your account or risk being banned. When you go to that site you have to login and ... you just gave your login information to a hacker. Phishing is, of course, not limited to these in-game messages - they can be just about anything to get you to divulge your username and password.
  • Your password is great, but your security questions? Not so much. Security questions are often used to validate that you are who you say you are when you click the "I forgot my password" link when attempting to access your account. If those security questions are the all too typical simple kind like your birthplace or favorite color, my guess is that someone who either knows you or has read your profiles on social media sites can probably answer them. If they can answer them many times that means that they can gain access to your account. This varies depending on exactly how the security questions are used, but it's very common.
  • You logged in over an open WiFi connection. This could be while at Starbucks or some public location that has open WiFi. It could even be your own home if you've not enabled WPA encryption on your wireless access point. I'd be shocked if the game you're playing encrypted its login transactions, or for that matter any part of the game experience. That means that anyone within range (meaning perhaps within a few hundred feet) could "listen in" to your network conversation and see your login ID and password as they passed by from your computer to the gaming or other server.
  • You walked away while logged in and someone walked up to your computer and changed your password. Or changed your security questions. Or changed your email address associated with the account so that they could later say "I forgot my password" and "recover" access to your account.
  • You left your computer accessible. There's no substitute for physical security if someone can just walk up to your computer and start searching for things that might help them. If your game allows you to remember login IDs or passwords, those are probably accessible somewhere and anyone with physical access to your machine could conceivably find them. Even a Windows password is not enough, since those are easily bypassed or reset by someone with the proper knowledge and tools.
  • You told a friend. Sadly this happens more often than we think. Sometimes the easiest way to share something is to just let your friend (or spouse, or child, or parent, or ...) login "as" you - so you give them the password. Later when they're angry or hurt or no longer your friend they can login and change your password thereby locking you out.
  • Someone watched you login. "Shoulder Surfing", as it's known, is as simple as it sounds - letting someone watch you type in your password could be enough for them to memorize the keys you typed. It's not necessarily easy, but depending on how you type and how well that person watches and remembers, it's not an uncommon way to get a password - even a complex one.
It's great that you have a strong password - that already puts you ahead of the majority of computer users, sad to say. But it's not something that protects you from all threats. Be aware of the scenarios I've listed, and for those that you think might apply take appropriate steps to minimize the risk.

Posted by at No comments:
Labels: , , ,

Wednesday 20 October 2010

What's a BIOS?

Summary: BIOS, for Basic Input Output System, is the software already built in to you computer. It's primary job? Load other software.

I keep hearing people talk about something called a BIOS in my computer. What is it?
Your computer's BIOS is perhaps one of the oldest legacies of PC computers. It's special software that's on your computer before you take it out of the box, and before you even turn it on.
Even before the computer has a hard disk installed, the BIOS is there.
It's software that has a critical role in getting your computer started.
It's a little like my morning coffee that way.

The BIOS, for "Basic Input Output System" is software (or more properly, "firmware") that resides in a special memory chip on your computer's motherboard. The BIOS begins running the instant that your computer is turned on, before any other software is loaded. It runs before your hard disk is even touched, or for that matter before your computer even knows that there is a hard disk.
"Your computer's BIOS is completely separate from (and unrelated to) Windows ..."
Your computer's BIOS is completely separate from (and unrelated to) Windows or whatever other software you might have installed on your hard drive.
The BIOS has three primary purposes:
  • When you first turn on your machine the BIOS performs various tests - called the "Power On Self Test" or POST - to ensure that your hardware is operating properly at some basic level. It'll perform tests such as ensuring that memory is working, a keyboard is present, and that a hard drive can be found. The tests are not exhaustive (so as not to delay the next step), but often detect basic problems that would impact your ability to use the computer.
  • After completing the POST it's the BIOS that boots your machine. It figures out what device (Floppy? CD/DVD? Which of several hard disks perhaps?) to boot from, and then loads and runs the software that it finds on the boot device. It's likely that on your computer this is where Windows starts to load.
  • After the operating system is loaded, the BIOS is still available and can provide a common software interface to some of your computer's hardware. It's not uncommon for Windows (or other operating systems) to continue to use the software in the BIOS to access your hard disk or other common hardware.
The BIOS originally was truly software in hardware - it was placed in unalterable read-only memory (ROM) and could be replaced or updated only by physically opening the computer and replacing the chip that contained it.
In later years, ROM's were replaced with "Flash ROM's", which are similar in some ways to the Flash memory used in USB memory sticks and memory cards. The contents of the Flash ROM could be replaced by a upgrade process that required only special software. Typically this involved booting from a floppy disk and running a utility specific to that particular motherboard and ROM that would perform the magic sequence to replace the Flash ROM contents.
Unfortunately, if that failed, and the BIOS was incompletely updated, the result was often a dead motherboard. While all the hardware might be in fine working order, without a working BIOS there is no way to boot - not from floppy (to update the BIOS) or from a hard disk or from anything else for that matter. Initially, that meant physically replacing the chip once again.
Fortunately, memory got cheaper and many machines now include a backup copy of the "factory original" BIOS on the motherboard which can be reset - typically by opening the computer and setting a special jumper on the motherboard or some other special sequence. (The specific technique varies based on your motherboard.)
Normally your BIOS is not something you really need to think about. In fact, unlike other software on your machine I actually recommend updating it only when there's an identified need. Since it is possible for a BIOS update to fail, and recovering from that failure can often be quite painful, it's often just not worth it. When I've checked, most BIOS updates available for my equipment actually have nothing relevant to my machines or usage.
On occasion, however, updating a BIOS can be just the thing to do for specific problems. If that's the case, research on that specific problem will lead you to a BIOS update.
Posted by at No comments:
Labels: , , , ,

Tuesday 19 October 2010

What is bandwidth?

Summary: Bandwidth is a term you hear frequently but it can be confusing and it's easy to gloss over exactly what it means.


Can you explain bandwidth to me in layman's terms? I have looked it up on the internet, but I get the standard mathematical explanation. My brain doesn't really work mathematically so I need something a little more tangible, or some examples of what is FAST and what is SLOW. For example, according to bandwidth.com, my download speed is 17237 kbps and my upload speed is 1615 kbps. I understand that means 17.237 mbps and 1.615 mbps respectively. But what does that mean? Is that fast? Slow? What do I compare it to?
That's fast. Compared to me, anyway, that's fast. Given your ISP (from your email address) and the speeds you're seeing I'd guess you probably have cable internet.
I'm going to bring out the oldest metaphor I have to try and put a handle on how fast is fast. No math, but first just a teeny, tiny bit of computerese.
That part's inevitable.

First, let's define the term: bandwidth simply is the speed at which data is transferred. Sometimes bandwidth is also used to refer to the maximum capacity, or the fastest, that a connection could move data.
Now let's define what you were told: 17237 kbps is 17237 "kilo-bits per second". "Kilo" is 1000, so what you're seeing is 17,237,000 bits per second.
Your math is correct: mbps is "mega-bits per second" so that's17.237 million bits per second.
For that to have some meaning, we need to understand what bits are, and how they're used to carry information.
You probably know that a bit is a single "thing" that can be either 0 or 1. Nothing more, nothing less. Everything in your computer, everything digital, everything you communicate on the network and on the internet is built on the fundamental concept of a bit. Everything. The bit is the very definition of digital.
"The bit is the very definition of digital."
Bits are commonly handled in groups of 8 called bytes. If you look at 8 bits whose possible values are either 0 or 1 each, the collection can have up to 256 possible unique combinations:
00000000
00000001
00000010
.
.
11111110
11111111
Now, when we represent text - such as the text you're reading here - on a computer, the most common way to do so is to use one byte for each character. So if I type, "The quick brown fox jumped over the lazy dog," that took 44 bytes to store all the characters, including the spaces between the words.
Now we break out the metaphor: The Bible.
Let's be clear; it doesn't matter if you believe or not. This has nothing to do with the contents of the Bible, only its size. You've probably seen one, perhaps even own one, and have a good sense for how big it feels, how hefty it might be, and how long it might take to read it cover to cover.
The Bible is a fairly sizeable common frame of reference.
You can download the text of The Bible from project Gutenberg as plain text meaning that it has only the text of The Bible, in its simplest form.
A representative copy in this digital form is about 5,000,000 bytes, or more commonly 5 megabytes.
And here comes just a little math.
Five megabytes at 8 bits per byte is, roughly, 40,000,000 bits.
On your 17,237,000 bits-per- second connection, that means you can download the entire Bible in about two and a half seconds. In the other direction you're running 1,615 kbps, so it would take you about 25 seconds to upload it.
Now let's compare that to some other common bandwidth figures and see how long it would take to transfer The Bible at those rates:
Connection TypeCommon BandwidthOne Bible Time
Common Dial-up28kbps23 minutes
Max Dial-up56kbps12 minutes
Basic DSL768kbps52 seconds
T-1 / DS11.5mbps27 seconds
You (Cable)17.237mbps2.3 seconds
Max FIOS50mbps0.8 seconds
These are approximations meant to be examples of orders of magnitude. Your mileage will almost certainly vary and will likely be not quite as fast as the numbers above should you actually download a 5 -megabyte file. These numbers assume you have 100% of your connection available to you (which is not always true on shared resources like cable), and that the download is the only thing happening. I'm also completely ignoring any overhead caused by the way the internet and networking work in general. Typically, if you're getting within around 80-90% of these numbers, life is pretty good.
Naturally, we don't all go around downloading Bibles all day. But using that as a common physical object that translates into an easy- to -remember number of bits (40 million), perhaps that'll help give a sense of what bandwidth might mean and how fast your connection might compare to others.
As one final exercise for those so inclined, I'll point out that a data CD holds around 700,000,000 bytes, or 5.6 billion bits. A DVD? 4.7 gigabytes, or 37.6 billion bits. I'll let you do the math for your own connections, but for my T-1, that means with ideal conditions it would take me a little over an hour to download a CD and around 7 hours to download a complete DVD.
Posted by at No comments:
Labels: ,

Sunday 25 April 2010

What is "ping", and what does its output tell me?


Summary: One of the oldest diagnostic tools, ping simply validates connectivity from point A to point B and doing so provides additional useful information.

Sometimes when I search for solutions for my home networking problem, I frequently see some people suggesting that I ping my PC by IP and/or by computer name. What does PING command actually do? What's the point of using this command? How do we read and understand the results (sent, received, and lost) of the packets?
Ping is perhaps one of the oldest and most basic network diagnostic tools. In concept the tool is very, very simple: it sends out an "are you there?" kind of request, and expects to hear back a "yes, here I am!" kind of response.
Very basic, very simple, and yet very powerful as a first line of network diagnosis.

The ping command runs in a Windows Command Shell (or a Linux/Mac/BSD/Solaris/etc. terminal window - it's a very ubiquitous command), and has a very basic syntax at it's core:
ping domain_name
For example, if you open up a command window and type in "ping google.co.in", you'll see something like this:
[C:\]ping google.co.in

Pinging google.co.in [209.85.231.104] with 32 bytes of data:

Reply from 209.85.231.104: bytes=32 time=111ms TTL=50
Reply from 209.85.231.104: bytes=32 time=101ms TTL=50
Reply from 209.85.231.104: bytes=32 time=96ms TTL=50
Reply from 209.85.231.104: bytes=32 time=99ms TTL=50

Ping statistics for 209.85.231.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 111ms, Average = 101ms
"the tool is very, very simple: it sends out an 'are you there?' ... and expects to hear back a 'yes, here I am!'"
There's a lot of information here, and I'm not going to get into all the geeky details, but here are some of the basic, and important things that ping does:
  • "Pinging google.co.in [209.85.231.104]" - Ping only pings IP addresses so the first thing it did when I asked it to ping "google.co.in" is it looked up the corresponding IP address. This is perhaps one of the quickest ways I know of to determine the IP address associated with a domain. Also, if this look-up fails, you'll know that there's a typo in the domain name, or the domain name look-up (DNS) is failing for some reason.
  • "Reply from 209.85.231.104:" - this tells you that the remote server at that IP address replied, obviously. What that means, though, is that the entire route across the internet, from your machine through routers and switches and networking equipment and whatever else, worked. As did the return path carrying the server's reply. If this fails, ("timed out") then something along the connection between you and the server might be broken, the server might be off line, or the server might not even exist. It's also possible that the server is explicitly configured not to respond to ping requests.
  • "time=101ms" - this is the round trip time; the time between sending the "are you there?" and receiving the "yes I am!". In this case, 101 milliseconds. Since the ping is repeated several times you can see that this time is fairly consistent, which is good. The time will vary depending on many factors including how close you are to the remote server, how many routers and other networking equipment are in between you and that server, and more. In the example above, the ping was from me in the Seattle area to the google! server housed in India. A quick test of a ping to a server in Japan resulted in times twice as long.
  • "Sent = 4, Received = 4" - one of the things that TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it's going, but for various reasons that doesn't always happen. As long as the packets can get there after a retry or two, in normal usage you'd never notice. Ping sends multiple packets and reports specifically on the success rate, so that you can see if a particular connection is prone to packet loss.
  • "Approximate round trip times" - while on average the same kind of packet sent to the same destination should take roughly the same amount of time, that's also not always the case. Sometimes for reasons as diverse as the equipment and paths that the packets take, some take longer than others. Ping reports these statistics so that you can see if a particular connection is prone to this type of problem.
Ping also includes several options (type "ping -?" for a list), but the simplest use as above is probably the most common.
There's one usage that is not intuitive, and yet something I use all the time. As you've seen above, ping can be used to quickly translate an domain name into its corresponding IP address (i.e. "google.co.in" into "72.3.133.152"), but it can also do the reverse:
[C:\]ping -a 72.3.133.152

Pinging pugetsoundsoftware.com [72.3.133.152] with 32 bytes of data:

Reply from 72.3.133.152: bytes=32 time=67ms TTL=47
...
Using the "-a" switch to ping, and giving it an IP address, ping does what's called a reverse lookup and displays a domain name that is assigned to that IP address. This is very handy at times since many IP addresses are also assigned fairly descriptive domain names.
Note: in the example above you'll see I used the IP address for "advcomp.co.cc", and yet ping reported that IP as being "google.com". This is simply because any single IP address can be assigned any number of domain names, so ping just reports the first one it finds. For a more complete list of domain names associated with an IP address you'll need to use a service like MyIPNeighbors, which given an IP address will list the domains that share that IP address, and likely all reside on the same server.
Aside from a quick tool for DNS and reverse-DNS look-ups, ping is most commonly used simply to verify basic connectivity between two machines. The ping service is typically one of the first, and simplest services to be loaded onto a server, and runs independently of any other. It's not uncommon at all for a server who's websites are inaccessible because of a software problem to still respond to a ping. That typically helps determine that there's not a connectivity problem, but rather a problem on the server itself.
It's also worth noting that some servers actively disable responding to ping requests for assorted security related reasons. For example, even though the server is most definitely up and running, you typically cannot ping "microsoft.com", but on the other hand you can ping "google.com". In fact, pinging a site like "google.com" or "yahoo.com" is often a quick way to ensure that your own internet connection is, in fact, working.
Posted by at No comments:
Labels: , ,

How can I tell if my computer's been accessed by someone else, and how do I prevent it?


Summary: Internet security is normally about keeping us safe from the internet - but what if the risks and threats are in our home and on our own local network?

How can I tell if my flatmates have accessed or are accessing my computer? We have a BT homehub and we share the connection wirelessly, but I have the Norton firewall on. I don't know if the firewall only protects my computer from the intruders outside our network. I've heard it's easy for other people sharing the same wireless network to sneak into each others' computers. How is it done and how can I prevent it?
Let's see, you're worried about outside intruders accessing your system, you're worried about your privacy, and you're worried about your wireless connection.
What you've just described is the internet itself but just on a smaller scale.
It should be no surprise then that many of the concepts that used to protect ourselves from the people we don't know out on the internet would be used to protect ourselves from the people we do know sharing our internet connection.
In most cases I don't recommend a software firewall in addition to a hardware firewall such as a router. Normally you can draw the line of trust at the shared connection to the internet that the router provides. Everything inside of that line can be trusted. Everything outside of that line? Not so much.
In this case, however, you don't trust the people that share your internet connection. That's a very valid assumption and often a good one to make.
In a case like this you pretty much have to treat your connection as if your machine were connected directly to and sitting naked on the internet.
In other words, turn on that firewall on your machine. It places the line of trust at your machine's network connection; everything outside of your machine is not trusted. That means it should protect you from everything that might come in from the internet, of course, but also anything attempted by any of the other machines on your local network.
With the firewall on, you're not done. You still need to take all the normal precautions for internet safety and keeping your machine safe.
"Remember: if your machine isn't physically secure then it's not secure."
But there's still more.
Remember: if your machine isn't physically secure then it's not secure. Can your roommates walk up to your machine and access it when you're not around? It's not secure. Can they insert a boot disk and reboot the machine? Then it's not secure. Can they unplug your keyboard and insert an inconspicuous device that might log your keystrokes? Then your machine is not secure.
In terms of security if any of those are true you're at risk. How much of a risk is a determination only you can make, but at least be aware of it.
And then there's the wireless connection. If the access point is "open", meaning that no WEP or WPA password is required to establish a wireless connection, then even with all the security we've talked about so far your wireless communications can be sniffed. That means everything you're doing on the internet could be monitored. With an open Wifi access point it's exactly like being in a coffee house open Wifi hotspot: anyone could be listening in.
And finally, if all that weren't enough, who controls the router? Whoever has access to the router could be using it to monitor your traffic as well. Or worse, depending on the capabilities of the router.
It's all pretty scary, isn't it?
I certainly don't want to make things seem worse than they are. Much of your real risk depends on your roommates technical expertise (or access to others with that expertise), as well as just how much you trust him or her.
And to finally answer your first question: sadly there really isn't a practical way to determine if your computer has been accessed. Prevention is the only pragmatic way to address the risk. Certainly if your computer is modified in some way by malware that can usually be detected by the appropriate scanners, but if someone simply copies or views a document there's no reliable way to tell.
So figure out how much you trust the other people on your network and/or living situation and take action accordingly.
But I'd certainly leave the firewall turned on.
Posted by at No comments:
Labels:

How do I make sure that Windows is up-to-date?


Summary: You can make sure that Windows is up-to-date by either enabling Automatic Updates or by visiting the Windows Update web site.

How do I make sure that Windows is up-to-date?
It seems like every week there's news about some newly discovered vulnerability or bug fix in Windows. And of course the stories tell us that we should all rush out and install the fixes immediately or the world will come to and end.
Or something like that.
In fact, Microsoft does announce updates weekly. With that rapid a rate, how should you stay on top of things and make sure that your system is up to date?
There are several options.
Microsoft provides a service that runs on your machine and - on terms you control - automatically checks for Windows updates. Once found, it can then download and install them for you.
The specific labels vary slight across Windows versions, but to configure automatic update click on Windows Update in the Windows Control Panel.
In Windows 7, this is the Windows Update options dialog:


You have four basic options controlling how Automatic Update works:
  • Never check for updates - as you might expect this basically turns the Automatic Update feature off.
  • Check for updates but let me choose whether to download and install them - with this setting, Windows Update will only check the Microsoft site for updates, and if there are any that apply to your machine, it will alert you, and nothing more. You can then choose to download and install, or not.
  • Download updates but let me choose whether to install them - with this approach, Windows Update will check the Microsoft site for updates and actually download any that apply. Once downloaded, you're notified that they're available and can initiate the install at your convenience.
  • Install updates automatically - finally, you can just have Windows Update do it all, on a schedule you can define. Check, download, and install as soon as updates are available. (Note that depending on the updates you receive, your machine may be rebooted as part of this process.)
In Windows 7 you can also control whether or not the process should include both important and recommended updates, or just important. (You can still receive important and other updates by visiting the Windows Update web site, which I'll discuss below.)
Windows 7 also allows you to specify that all users can install system updates via Windows Update, and wether or not Windows Update should also update other Microsoft software on your machine (aka "Microsoft Update" as opposed to just "Windows Update").
For what it's worth, I like to know what's happening to my machine(s) before it happens so I typically select the "Download, but let me choose" option.
Many people find the concept of Automatic Updates a little too spooky or intrusive. Others just want to have even more control over exactly what happens when. And of course there are folks who are using older versions of Windows.
For all these people there's the Windows Update web site.
The first time you visit Windows Update, it'll download a component onto your machine that handles the inspection of your current Windows versions. That list is then compared against the latest releases and you'll informed of the differences. You can then select which components to install.
Posted by at No comments:
Labels:

So do I need the Windows Firewall or not?


Summary: You do need a firewall and particularly if you aren't behind a router the Windows Firewall is one option.

I'm really confused. With the new Windows XP SP2 Security Alert System, do we still need a firewall to stop outbound traffic? If we get a router, (LINKSYS), does that take care of everything, which means we need to disable Windows Firewall to avoid false alarms?
There's a lot of misunderstanding about firewalls, routers, and other security software. When Windows XP service pack two was released it definitely put security and particularly the firewall, "in your face". Subsequent releases of Windows now also include the firewall and turn it on by default.
It's a great opportunity to find out what you need ... and what you don't need.
A firewall filters network traffic. A previous article "What's a firewall, and how do I set one up?" covers this in more detail, but the bottom line is that a firewall primarily protects you from certain classes of incoming network-based problems.
"If you're not behind a router or other firewall, you'll want to turn on the Windows firewall."
Every computer should be behind a firewall of some sort.
In general, hardware firewalls, typically provided by NAT routers, keep malicious network traffic from ever reaching your computer, whereas software firewalls, such as the Windows Firewall, discard malicious traffic after it has actually arrived at your computer.
But you don't need both.
If you have a router with network address translation, or NAT, enabled (most consumer grade routers do, by default) then there's no need to enable the Windows firewall. In fact, you can tell the new Windows Security Center that you'll manage your firewall yourself.
If you're not behind a router or other firewall, you'll at least want to turn on the Windows firewall. This is what I do when I take my laptop with me on the road - not being sure of exactly what I'm connecting to, the firewall protects me from network based threats.
Now, one word in the original question is worth a comment: "outbound".
Consumer grade routers will keep you safe from threats that are incoming from the network, but will not filter or warn you of any malware already on your machine attempting to connect out. The Windows firewall has a limited amount of outbound traffic alerts, and other software firewalls that you can install separately to use instead of the Windows Firewall can be configured with a wide array of outgoing protection.
There's a wide variety of opinion on this, but personally, I'm quite happy simply behind a router and with no outgoing threat monitoring.
But regardless, you do need a firewall; be it an external router, a software package that you install, or at a minimum simply enabling the Windows Firewall already present on your machine.
Posted by at No comments:
Labels:

What's a firewall, and how do I set one up?


Summary: A firewall is critical to keeping your internet connected computer safe. We'll review what a firewall is and the two different types of firewalls.

I keep hearing the term "firewall" and how I need one when I connect my computer to the internet. What's a firewall, why do I need one and how do I set one up?
The bottom line is that a large class of viruses and other types of malware can be prevented simply by using a good firewall.
What's a firewall? Well, in your car it's the "wall" of metal behind the dashboard that sits between you and the engine. Its purpose is to prevent engine fires from roasting you and your passengers.
A firewall for your computer is much the same - its purpose is to keep you from getting burned.

A firewall is at its core very simple: it blocks or filters certain types of network traffic from reaching your computer.
"A firewall is at its core very simple: it blocks or filters certain types of network traffic ..."
What do I mean by "certain types"? There's network traffic you do want to reach your computer: like the pages of web sites you visit or the software you might download. And then there's other traffic you might not want like malicious people or computers trying to access your computer remotely or viruses and worms trying to infect your machine.
A firewall knows the difference. It lets the good stuff in and keeps the bad stuff out.
Firewalls can also usually be configured; they can allow you to say "this kind of connection from the outside is OK". A good example is remote desktop. A firewall may by default block any attempt to connect via remote desktop. But you can also configure the firewall to allow that type of connection to come through. Doing so you would be able to access your computer from another computer, be it across the room or across the internet. But even though you've allowed one type of traffic - remote desktop - other types of traffic like certain types of viruses are still blocked.
Some firewalls will also monitor outgoing traffic for suspicious behavior.
One characteristic of many viruses is that once you're infected they attempt to establish connections to other computers in order to spread. Many software firewalls will detect and either warn you or simply prevent those attempts.
And that leads to a very important distinction. There are two types of firewalls: hardware and software.

  • hardware firewall is just that - a separate box that sits between you and the internet that performs the filtering function. Traffic that is filtered out never even reaches your computer. Even the least expensive broadband router can perform the function of a firewall quite nicely. The downside for a hardware device is that most will not filter outgoing traffic.

  • software firewall is a program that runs on your computer. It operates at the very lowest level, as close to the network interface as possible, and monitors all your network traffic. While all network traffic still reaches your machine, the firewall prevents malicious traffic from getting past it and on to the operating system. The firewall prevents your system from actually noticing or doing anything with malicious traffic.
The good news is that all versions of Windows after XP have a software firewall built in, and all versions after Windows XP SP2 have it turned on by default. In fact, the security center will take steps - perhaps even annoying you in the process - to ensure that the firewall is either turned on or that you're aware of the risks in not having it turned on.
The bad news is that a firewall can't protect you from everything. A firewall is focused on protecting you from threats that arrive via malicious connection attempts over the internet. A firewall will not protect you from things you invite onto your machine yourself such as email, attachments, software downloads and removable hard drives.
But even so, protecting from those network threats is important.
In general, I recommend a hardware firewall such as a broadband router and leaving the Windows firewall turned off. However, regardless of your approach, be it a router, be it the Windows firewall, or be it some other software or hardware solution, some kind of firewall is always a necessary part of keeping your computer safe when connected to the internet.
Posted by at No comments:
Labels:

Does my router have a firewall or not?


Summary: Most routers both do, and do not, have a firewall. The good news is that the protection offered by a router's firewall is often exactly what you need.

I purchased and installed a broadband router. Specifically, a wireless Linksys WRT54G. I thought this provided a firewall and I had planned to uninstall Norton Systemworks which is giving me problems. However, the router does not appear to include a firewall. It does not need any sort of configuration like Norton, such as sites to let through or to block. I have looked all through the documentation and no mention of a firewall.
Did I buy a model without a firewall or was I mistaken about a router including a firewall?
Your router does, and does not have a firewall.
And I totally understand that this is confusing.
I'll try to clear it up...
One of the things that your router does is allow you to share your internet connection. By that I mean you can take a single internet connection that's designed to connect to only one computer, add a router, and then through the router connect several computers who can then use that single internet connection.
The way this happens is that your internet IP address, which is used to route data to you when you surf the internet, is assigned to the router instead of a computer. The router then assigns local IP addresses to each of the computers you have connected to it. The router then also takes care of making sure that the data sent to and from the internet is routed to and from the correct computer on the local network.
"... computers on the internet are completely blocked from connecting to computers behind a router."
One side effect of this approach, called Network Address Translation, or NAT for short, is simply this: no computer from outside your local network can initiate a connection to a computer on the inside of your local network.
Put another way: computers on the internet are completely blocked from connecting to computers behind a router. (You can create exceptions, of course, using something called "port forwarding" and/or "DMZ" settings in the router configuration.)
In this regard, the router is acting like an inbound firewall. In fact, it's acting so much like one that we simply refer to it as being a firewall.
Now, in the strictest sense, your router is not truly a firewall. Two key components are missing:
  • Your router does not attempt to block any outgoing connections or data. A true firewall will typically examine outbound connections as well as incoming. In fact, a great deal of the configuration you referred to in your question is typically defining to a firewall exactly who on your computer is allowed to make an outboundconnection.
  • Your router does not inspect the data that's routing, other than to make sure it's headed to the correct computer. Firewalls are often configurable to the extent that you can allow not just certain types of connections, but also allow, or block, certain types of data over those connections. In the extreme a firewall could actually incorporate anti-virus checking and block anything that was found to be carrying a virus.
So in that regard your router is not a true firewall.
So what do you need?
In my opinion: if you can trust all the computers on your local network, a NAT router provides 99.9999% of what you actually need in a firewall. Blocking external threats is by far the single most important role of a firewall these days; so much so that every one should have some kind of firewall, no matter what.
In my opinion a software firewall is simply not needed in this case. Blocking outgoing traffic sounds important, but in reality, if you have outgoing traffic that needs to be blocked, then either you need to change your system's configuration not to try to do whatever it's doing, or you are already infected with malware. In the later case, it's too late. The firewall did not prevent you from getting infected. At best it might have prevented you from infecting someone else, but even that is suspect.
Now, you'll notice I emphasized the phrase if you can trust all the computers on your local network. That's the one exception to the "software firewalls not needed" guideline. For example let's say you share your computer connection with your children who don't understand internet safety and are constantly getting their computer infected. In a case such as this, where you cannot trust some other machine that shares your local network with you, then you probably do need a firewall to protect you. And let's be clear; that firewall is not to protect you from the internet -- your router does that -- but from that other machine. And once again, what really matters here is blocking unwarranted incoming connections. As far as I'm concerned if the firewall lets you disable monitoring of outgoing connections, you can.
So if you're in that "safe" situation, then yes, in your shoes I would uninstall that software firewall and rely on the protection of my NAT router.
In fact, that's exactly what I do here at home.
Posted by at No comments:
Labels:

Do I need a firewall, and if so, what kind?


Summary: Firewalls are a critical component of keeping your machine safe on the internet. There are two basic types, but which is right for you?

I keep hearing about "firewalls" for my computer and that there are different types. Do I need one? If I do, what kind of firewall do I need?
The very short, very easy answer is: hell yes! Absolutely, positively you need a firewall.
With all that happens on the internet these days it's simply too risky to let your computer sit "naked" on the internet unless youreally know what you're doing.
The real question is then: what do you need?
Heck, it's even possible you already are behind a firewall and don't need anything more.
Realize that a firewall is about protecting you and your computer from them where "them" means "the malicious folk on the internet".
A correctly configured incoming firewall does not block your access out to the internet. You should be able to browse the web, for example, without interruption. The firewall prevents access from somewhere on the internet toyour computer. That's not to say people can't send you email; they can because you access your mail through the internet by going out to get it when you download it. It does mean that people can't copy files directly to your PCor cause programs to be run on your machine remotely.
"... it's simply too risky to let your computer sit 'naked' on the internet unless you really know what you're doing."
Step one is to check with your ISP. Some actually do provide a certain amount of firewalling. AOL, if I'm not mistaken, is a fairly good example: they've set up their own private network and internet access is tightly controlled. The good news is that you may be well-protected. The bad news is that you have no control over it.
Most ISPs, however, do not provide any kind of firewall. What you get from them is a direct connection to the internet. That gives you the most flexibility and control but it also places the burden of protection in your lap.
The next question is do you need a hardware firewall - an additional device you place between your computer and your internet connection - or a software-based firewall - a program that you install on your PC?
In my opinion, if you connect via broadband such as cable or DSL then there's no question at all: broadband routers are inexpensive and act as firewalls providing an exceptionally high level of protection quite literally right out of the box. They're typically easy to set up and also have the flexibility to be carefully configured for more advanced uses such as running a web server from behind your firewall. I like the hardware approach because the routers are devices dedicated to their task and do not interfere with - nor can they be compromised by - your computer. You can read more about routers and how I'd set up a home network. Remember, a router will work just fine even if you have only one computer.
If you are on dialup or have some other reason for not wanting to go the hardware route there are software firewalls as well. In fact, Windows XP, Vista and 7 all include one by default. Even if you do nothing else and you're not sure what you really want to do, you should simply make sure that the Windows Firewall is turned on. Check in the "Security Center" in Control Panel.
There are many other popular firewall packages, though I typically recommend against all-in-one "Internet Security Suites" as provided by many manufacturers. Instead, a dedicated firewall such as Comodo or others might be well worth investigating.
One of the biggest differences with software firewalls, particularly third party offerings is the ability to provideoutbound protection. As I said above, a firewall's primary job is to protect your computer from internet based threats. However, if you've been compromised an outbound firewall will often prevent the attack from spreading from your computer to others, and will alert you when something suspicious has happened. While I don't typically view an outbound firewall as absolutely necessary, it's another part of the puzzle that's at least worth considering.
Finally, when you believe you're protected or even if you know you're not visit Gibson Research and run "Shields Up", a vulnerability analysis. It will try to access and analyze your computer from the internet and will list for you exactly how you are vulnerable. It tends to be a tad alarmist in its wording, and getting a perfect score is almost impossible, but it's valuable information to help you decide if you need to take additional steps.
Posted by at No comments:
Labels: ,

Is an outbound firewall needed?


Summary: Many software firewalls will alert you on suspicious outbound connections. The biggest problem is that if correct, by then it's too late.

Isn't an outbound firewall really important in many situations? I deliberately installed a free version of a key logger on my system and ran thorough scans through my anti virus and anti spyware programs. But the running key logger wasn't detected even though the key logger icon was right there in the system tray.
You have said that when an outbound firewall stops something it is already too late. But don't you think outbound firewall might stop a key logger from at least sending logs to an email or remote computer? Or would it not?
A firewall with outbound detection can have a place, I suppose, but you've captured my thoughts already: if it finds something to detect, then it's too late.
Let's review what it means to be an outbound firewall, why I don't value them all that much, and perhaps why your key logger wasn't detected.
Firewalls protect you from the certain classes of bad things out on the internet.
Note that's "protect you from them". That implies that the primary function of a firewall is to prevent bad stuff "out there" from reaching or affecting your computer.
My preference is to use a hardware device such as a router with NAT (Network Address Translation) enabled. This does an incredibly effective job of hiding your computer from outside access. You can connect out, but outside computers cannot initiate a connection without your having explicitly configured your router to allow it.
Using a router also takes the burden of that work off of your computer. In fact, a single router can act as a single effective inbound firewall for all the computers that are connected behind it.
An "outbound" firewall looks for threats originating on your computer attempting to connect out to the internet. In a sense, it's "protecting them from you". While that may be very generous of you to protect everyone else from your computer, the real difference is that it will presumably block and more importantly tell you when something suspicious is happening so that you can take corrective action.
"My preference is to use a hardware device such as a router with NAT ..."
Outbound firewalls have several shortcomings, both technical and conceptual:
  • It's too late. As you pointed out, if an outbound firewall detects something that is, in fact, malicious in nature it's because your machine is already infected. Something in your inbound defense failed and your machine has acquired some form of malware. Yes, I suppose it'd be nice to know, but in fact those very inbound defenses - firewall and anti-malware scanners - should have already either prevented or detected the problem. With adequate inbound protection, an outbound firewall is redundant.
  • It's intrusive. Outbound firewalls are only practically available as components of software firewalls that you install on your machine. As such, these firewalls take up additional resources to do their job. Rather than do that, a router will give you the inbound protection you need without taking up additional resources on your machine.
  • It's frequently wrong. One of the very common complaints about outbound firewalls are warning messages that are either incomprehensible, overly frequent, or don't give the average user enough information to make an informed decision. Frequently, they'll simply report a connection attempt to or from an IP address with little or no additional information. I also commonly see people asking about warnings that arise from totally legitimate processes on their machine accessing the internet for things like software updates or the current time and date. With too many errors, indecipherable messages or false positives, people tend to ignore the warnings after a while, rendering the outbound firewall ineffective.
Now, don't get me wrong: software firewalls do have their place. In particular, when traveling and using open WiFi hotspots I'll absolutely turn on the built-in Windows firewall. Software firewalls are also a good choice if you have no router, or if you cannot trust the other computers that share your router. But in either case that's for the firewall's incoming protection against external threats, not the outgoing.
Is there a case for an outgoing firewall at all? Many experts will disagree with me and say absolutely, that they add a lot of value and that the issues I've raised are simply off target or over-stated. But I remain of the opinion that if an outgoing firewall is, in fact, adding value it's because your incoming protection is inadequate. If you're going to focus additional energy and resources at becoming more secure, I'd much rather have you focus on preventative solutions rather than solutions which will only kick in after it's too late.
Now, about your key logger.
My first reaction is that if it's showing up in the system tray I'm not sure I'd classify it as malware. It's open about what it's doing, and easily visible. A key logger isn't in and of itself necessarily malware - there are many legitimate uses for the technology. So part of my reaction is that I'm not really surprised that it wasn't detected as malware, because it's not behaving like malware.
But lets assume that you did get infected by a truly malicious key logger - one that was attempting to hide, and send all your keystrokes to some overseas hacker. Well, at the risk of repeating myself too many times: it's too late. Your machine has been compromised, and you can no longer trust it; and that includes trusting your firewall. Yes, your outbound firewall might block the transmission - or it might not. The malware could, in fact, include additional code to actually reconfigure your firewall to let the malware's communication through. It's been done.
This is almost worse than having no outbound protection at all. With the outbound firewall you might think you're protected, but in fact you're not. Without an outbound firewall, you know, and you know to focus your efforts on inbound protection to avoid the problem in the first place.
Like I said, I know that others will disagree with me, and I'm sure there'll be some compelling cases made in the comments.
But I'm not convinced, and outbound firewalls are not something I use or advise.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)