What the ‘Internet doomsday’ virus is and how to fix it

By Hayley Tsukayama

Thousands could lose access to the Internet on July 9 due to a virus, DNSChanger, that once infected approximately 4 million computers across the world.

The Federal Bureau of Investigation first gave details about the virus last November, when it announced the arrest of the malware’s authors. The virus, as its name indicates, affected computers’ abilities to correctly access the Internet’s DNS system — essentially, the Internet’s phone book. The virus would redirect Internet users to fake DNS servers, often sending them to fake sites or places that promoted fake products. Once the FBI shut down the operation, it built a safety net of new servers to redirect traffic from those infected with the virus.

But that safety net is going offline next Monday meaning that anyone who is still infected with the virus will lose access to the Internet unless they remove it from their machine.

To see if you have the virus, you can head to any number of checker Web sites such as the DNS Changer Working Group or the FBI itself to either enter your IP address or simply click a button to run a check against addresses known to have problems. With any luck, you’ll be free and clear and won’t have to worry about the problem any further.

If you are infected with the virus, then you’ve got a longer — but not impossible — process ahead of you. According to the DCWG, those infected with the virus should first back up any important files. You can do that fairly easily with an external hard drive or even a thumb drive.

From there, you can run one of several trusted tools to get rid of the virus. Again, the DCWG has a list of them on its site, which includes programs such as Microsoft Windows Defender Off line, Norton Power Eraser and MacScan, all of which have updated their definitions to include this particular virus.

The group recommends that you use multiple tools to make sure you have a wider net of virus definitions to choose from.

Scanning your computer regularly for viruses is a good idea anyway, to make sure that your virus definitions are up-to-date. So even if you’ve scanned in the past few months, take this opportunity to run a check and avoid your own personal doomsday.

Share/Bookmark

Internet Tips: Ultimate Network Security--How to Install a Firewall

By Scott Spanbauer, PCW Print


Connecting your naked PC to the Internet is like leaving your house unlocked--eventually, someone will wander in, rifle your underwear drawer, and empty the jewelry case. To make your system's points of entry more Net secure, install one of the many free software firewalls now available, and set up a hardware-based firewall for backup.

Firewalls are difficult to understand and configure, even for experienced computer users. If you've been putting off installing a firewall, or if you aren't sure how to determine whether your firewall is protecting you fully, I'm here to explain it all.

According to Merriam-Webster, the original meaning of fire wall was "a wall constructed to prevent the spread of fire." Computer firewalls are constructed to prevent unwanted intrusions from the Internet into your PC. But unlike fire, Net threats don't leap onto your machine through mere proximity. They arise when someone exploits a combination of your PC's unique IP (Internet protocol) address and one or more of the thousands of TCP (transmission control protocol) and UDP (universal datagram protocol) ports that serve as the door to your system.

Anytime you use a browser, an e-mail program, or other software to retrieve information from a Web site, ISP, or remote server, the data flows through one or more of these ports. Whether the malefactor is a teenage hacker trying to access your PC, a bit of spyware attempting to talk to a remote server, or a Windows XP Messenger Service spam pop-up, their strategy is the same: Find an open port leading into your PC, or trick your system into opening one.

Firewalls watch these thousands of ports--present in both dial-up and broadband Internet connections--and deny access to unauthorized traffic. Hardware-based firewalls are usually integrated into router and gateway products and sit between your PC and a cable or DSL modem.

Software-based firewalls run on your PC. Hardware firewalls are great for protecting a network of PCs that share a broadband connection.

More important than the router's actual firewall, however, is the fact that it usually incorporates an NAT (network address translation) server that hides your networked computers' IP addresses (and thus, their existence) from anyone outside the local network.

For this reason alone, a hardware firewall is a wise investment for broadband users, even those who have only one computer. You can obtain a four-port cable/DSL router such as Linksys's BEFSR41 or D-Link's DI-704P for just $40 to $50, and models that include a wireless access point cost only a bit more (PC World's Product Finder page lists a number of routers that are currently available ).

A Firewall on Every PC

Hardware routers are highly configurable: You can usually set them to block all incoming and outgoing traffic except through a few key ports you designate. Programming an external device to protect your PC is a lot of work, however.

Firewall software that runs on your PC is easier to set up and maintain. Besides blocking uninvited traffic at your ports, software firewalls can prevent programs that run on your computer (including such malefactors as Trojan horses, spyware, and backdoor software) from sending data to remote servers, and from accepting incoming connections.

If you connect to the Internet exclusively through a dial-up modem, an external, hardware-based firewall won't do you much good. A software firewall is perfect for protecting a dial-up connection. Windows XP users may be tempted to rely exclusively on the operating system's integrated Internet Connection Firewall. To enable it, click Start, Control Panel, Network Connections (in XP's Category View, first click Network and Internet Connections). Then right-click the Internet connection you want to protect, choose Properties, Advanced, put a check next to the option Protect my computer and network by limiting or preventing access to this computer from the Internet, and click OK.

Withhold your sigh of relief, however. Though it's better than no firewall at all--and compatible with any others you may use--XP's firewall monitors incoming connections only. Should Back Orifice, NetBus, or any other backdoor program find its way onto your PC, XP's firewall will do nothing to stop it from granting scoundrels remote access to your system.

Pick Your Freebie

I've used four no-cost firewalls on various PCs: Kerio Personal Firewall 2; Outpost Firewall Free, from Agnitum Limited; Sygate Personal Firewall 5.1; and Zone Labs' ZoneAlarm 3.7. Though they differ in the features they offer and the help they provide, all of these programs will stoutly defend your PC . A software firewall is easy to install, but it requires a brief training period as the firewall detects your browser, e-mail, network, and other programs that attempt to connect with remote servers.

All four software firewalls pop up warning dialog boxes when a program attempts to connect for the first time. You simply click the button that permits or disallows the connection. Most also provide an optional check box so you can turn your choice into a permanent, automatic firewall rule. After you've gone about your usual online business for a day or two, creating firewall rules along the way, you may not need to interact with your firewall again until you add or upgrade an Internet utility.

The trick to responding appropriately to firewall warnings and creating effective rules is knowing which programs are safe and which are not. You'll easily recognize many of the more-common applications by name--Outlook, Internet Explorer, and Netscape, for example. Other programs, however, aren't exactly household names.

For example, many of Windows XP's networking features are handled by a program called svchost.exe, a fact that none of us should be expected to know (though you do now). Conversely, spyware and other unwanted pests may use safe-sounding or familiar names like "clever screensaver" that entice you to grant them network access. What's a firewall jockey to do? For starters, avoid the temptation to be lax. Instead, deny access to any program that you're at all unsure about--you'll have plenty of chances to change your mind later.

If your knowledge of which programs are safe is shaky, choose a firewall that provides more information about the program in question than just its file name. Kerio and Sygate don't offer many hints as to whether a detected program is safe, and they eschew nonfirewall bonus features. This arrangement may suit expert users, but novices will benefit from a more informative firewall.

ZoneAlarm offers a bit more information about detected programs, including a link in the warning dialog box to a description of the program in question on Zone Labs' Web site . ZoneAlarm also preconfigures itself by default to permit connections from Internet Explorer and Windows XP's svchost.exe component, minimizing the number of decisions you'll need to make about granting these applications Internet access.

Outpost's pop-up dialog box creates a permanent rule for you by default, but you can opt out of the rule by clicking the Allow once or Block once buttons instead. Despite being laden with nifty features such as ad and pop-up blocking and e-mail attachment protection, Outpost provides the same minimal information about the detected program as do Kerio and Sygate.

Fine-Tuning Filters

Once you've completed the basic firewall configuration, you may want to change, delete, or fine-tune the rules you created. All four of these firewalls maintain a list of rules or known programs.

Kerio: Right-click the program's system tray icon and choose Administration, Firewall, Advanced. In the list of known programs, select the program whose filter rule you want to modify, and click Edit to open the 'Filter rule' dialog box.

To switch the program's basic default status, select either Permit or Deny at the bottom of the dialog box. Other options let you restrict the remote server IP addresses and incoming and outgoing ports that the program uses. If you know what those are and why you'd want to specify them, you're probably reading this column just to see what errors it contains. The rest of us can live with the default settings. Click OK to save any changes.

Outpost: Right-click the program's system tray icon and choose Options, Application. Select a program in the list of blocked, partially allowed, and trusted applications, and click Edit. Choose Always block this app or Always trust this app to move it to the appropriate category. Your best step, however, may be to select a trusted application and move it to the partially blocked list (by clicking Edit and choosing Create rules using preset, Browser, for example); this maneuver grants the program Internet access, but under a constrained set of rules.

The browser rule set (Outpost also comes with rules for e-mail, instant messaging, and other programs) limits an app to the handful of inbound and outbound protocols (TCP or UDP) and ports needed by a Web browser, thereby minimizing the damage a malicious Web site or HTML e-mail message can do.

Sygate: To change program rules, right-click Sygate's system tray icon and choose Applications. In the list of known applications, right-click the program whose rule you want to modify, and choose either Allow or Block. Choosing Ask tells Sygate to prompt you to allow or deny Internet access every time the program seeks it.

ZoneAlarm: To modify program permissions, right-click the ZoneAlarm system tray icon and choose Restore ZoneAlarm Control Center (or just switch to it, if it's already running). Select Program Control on the left, and then select the Programs tab at the upper-right. To change one of the program's four settings (the ability to access remote servers or to act as a server itself in both the Internet and Trusted Zones), click the check mark (allowing access), the X (blocking access), or the question mark (instructing ZoneAlarm to ask you each time the program seeks access); then choose a new default action from the pop-up menu.

Working With Windows Networks

Another setting you may want to change, or at least check, is how your firewall works with networks of Windows PCs:

Kerio: By default, this firewall disables Windows networking because enabling it would allow other PCs on the local Windows network to access your shared folders and printers only after you entered their IP addresses. To allow access to a particular PC, right-click Kerio's system-tray icon and choose Administration,Microsoft Networking. To enter a single trusted address, click Add, select Single address in the 'Address type' list, enter the allowed IP address in the 'Host address' field, and click OK.

 If your Windows network is shielded from the Internet by a router-based firewall that blocks the Windows Networking UDP ports (137-139), you can safely allow any computer on the local network to access your shared files and printers, by unchecking From Trusted Addresses Only and clicking OK.

Outpost: Right-click Outpost's system-tray icon, choose Options,System, check Allow NetBios communication, and click OK. If your computer connects directly to the Internet, leave this option unchecked to avoid broadcasting your PC's existence beyond the firewall.

Sygate: By default, Sygate allows other PCs on a Windows network to browse--but not access--your files and printers. To enable sharing, right-click the firewall's system tray icon and choose Options,Network Neighborhood. From the drop-down list, select the network interface you use to connect to the Windows network, check Allow others to share my files and printer(s), and click OK. Sygate's default setting allows only PCs on the local network to browse and access your files and printers (choose the Security tab to view this and other settings).

ZoneAlarm: This firewall grants file and printer sharing access to trusted computers by default--all you have to do is fill in the IP addresses of those machines. To do so, right-click the ZoneAlarm system-tray icon and choose Restore ZoneAlarm Control Center (or just switch to it, if it's already running). Select Firewall on the left, and then choose the Zones tab at the upper-right. Click Add,IP Address, enter the IP address of the system you want to add to the Trusted Zone, and click OK.
Revision Control: Firewall Free-for-All
 
With nothing to lose and everything to gain, you should install one of these free firewalls on your PC.
Kerio Personal Firewall 2: The perfect firewall freebie for power users, Kerio Personal Firewall 2 lets you fine-tune application rules to restrict access to and from specific IP addresses and ports; 2MB.

Outpost Firewall Free: Agnitum's no-cost firewall brims with extra features, including ad and pop-up blockers, Web site content filtering, mail attachment filtering, and a surf-speeding DNS cache; 2.5MB.

Sygate Personal Firewall 5.1: Sygate's no-frills interface provides fine-grained control over how and when applications can connect to remote servers; 5.2MB.

ZoneAlarm 3.7.202: Zone Labs' novice-friendly firewall includes a mail-scanning feature that quarantines dangerous Visual Basic Script (.vbs) attachments; 3.6MB.
Send your questions and tips to nettips@spanbauer.com. We pay $50 for published items. Click here for more Internet Tips. Scott Spanbauer is a contributing editor for PC World.

Share/Bookmark