Q: I got an email from Microsoft about a security update. Should I run the attachment?
A: No. Microsoft NEVER sends emails with security update attachments. You can subscribe to mailing lists to receive Microsoft security bulletins or read Microsoft security bulletins on the web. These bulletins NEVER contain executable attachments, only references to web pages where you can access Windows Update, download patches, or request to receive patches from Microsoft Product Support Services. You should never use any tool other than Automatic Updates, the Microsoft Download Center, the Windows Update web site, or a response to your request to Microsoft Product Support Services to install Windows security updates or hotfixes.
See http://www.microsoft.../patch_hoax.asp for an explanation from Microsoft about these hoax email messages.
Q: I got an email telling me I should remove the Teddy Bear virus that is contained in a file named jdbgmgr.exe. Should I follow these instructions?
A: No. This file is a Microsoft java debugger file. Do not remove it. For more technical information, see: http://support.micro...kb;en-us;322993. If you do remove jdbgmgr.exe you needn't bother to restore it, since it is likely you won't ever need it.
In general, DO NOT follow instructions in unsolicited emails from sources you do not know and should not trust. See http://www.microsoft...news/hoaxes.asp for more information.
Q: I read a newspaper article some time ago and followed a link from the article and found myself here. How do I get help here? What is this place?
A: You are in what is known as a Microsoft community or a "Usenet" newsgroup, or simply "netnews".
Go to http://communities.m...ome/newscat.asp to see all the Microsoft newsgroups available on the Microsoft news servers at msnews.microsoft.com.
Also read about which newsreaders you can use at http://www.microsoft...newsgroups.mspx. I recommend using Outlook Express because you can be notified of new newsgroups when they are added by Microsoft, you can watch your posts and see your responses highlighted, and you can more easily create posts.
You should read about proper posting etiquette at http://dts-l.org/goodpost.htm. Before you post a question to a Microsoft.public.*.security newsgroup, you should read the following collection of answers to common questions: http://securityadmin.info/faq.asp
Q: What is the best way to stay up-to-date with Microsoft security updates?
A: In Windows XP, open your System control panel to the Automatic Updates tab. You can enable download and install separately, according to your preferences.
You may also subscribe to Microsoft Security bulletins which will arrive in your email at about the same time as AU notifies you of available updates. Sign up to receive the security bulletins in email at http://www.microsoft...tins/alerts.asp.
Before installing any Windows patch/hotfix/update, you should read the bulletin, either in your email or on the web at http://www.microsoft...ins/archive.asp. If you have any doubts about the necessity or safety of the update after reading the bulletin, delay the install and read the security newsgroups over the next couple of days to see if there are any problems with the recent update. There is always a thread, usually with the KB article number (a six digit number, sometimes preceded by a Q) in the subject line, discussing any problems with the most recent updates.
You should also visit Windows Update regularly. There is a Windows Update item in Internet Explorer under Tools and you can often find a shortcut at the top of the Start Menu or go to http://v4.windowsupd.../en/default.asp. Windows Update provides the same security updates and provides additional recommended updates that are not offered by Automatic Update.
If you are an enterprise, you may also use the new Microsoft Software Update Services server software to provide updates within your organization. You can find additional information regarding Microsoft Software Update Services (SUS) at http://www.microsoft...sus/default.asp.
Q: How can I know if my system is secure? How do I know if I have all the right patches from Microsoft installed? Can I test my system security?
A: You can watch for reports of vulnerabilities in the news or in Microsoft bulletins and keep up-to-date on your critical updates to Windows. The tool you can use to test whether your system is up-to-date with Microsoft security updates is the Microsoft Baseline Security Analyzer.
Learn about the MBSA tool at http://www.microsoft...ls/mbsahome.asp
Automated Windows Updates can be obtained at http://v4.windowsupd.../en/default.asp, and a similar service is available for Microsoft Office at: http://office.micros...es/default.aspx.
Another aspect of system security is how well your Windows is configured for on-line security. Your system may be vulnerable to attacks via services that you don't actually need to run that leave unnecessary ports open. You may scan your system for online vulnerabilities using a non-Microsoft service from a third-party web site. Go to http://grc.com/intro.htm and find the free tool called Shields Up at
https://grc.com/x/ne.dll?bh0bkyd2. Also see http://security2.nor...id=ie&venid=sym for another port scanner that will help test your Internet security.
Q: I keep getting windows popping up on my system, even when I am not using Internet Explorer, which tell me my system is vulnerable and I need to buy some software. Some of the windows are other sorts of advertisements. How can I stop these pop-ups?
A: These windows are sent to your system using the Messenger service. You should either use a firewall to block your file/printer sharing ports (TCP/UDP ports 135, 137, 138, 139, and 445) from the Internet or disable the Messenger service (not Windows or MSN instant Messenger) using services.msc on Windows 2000 or XP.
Q: Windows Update has a problem. How do I fix it?
A: Go to http://v4.windowsupd...m/troubleshoot/ to find solutions to common Windows Update problems.
Q: How can I read an attachment which I know is safe, but Outlook Express 6 has denied access to me?
A: Go to Tool, Options, Security tab and uncheck the box labeled "Do not allow attachments to be saved or opened that could potentially be a virus". Attachments that you could not save or open will now be available. This is a new feature of OE6SP1. Be careful. Some attachments really are dangerous and they may come from someone you know, if that friend has a virus that sends dangerous email attachments. You should save the attachment and then manually scan it with an anti-virus tool before opening it. See the Microsoft article at http://support.micro...om/?kbid=329570 for more information on this subject.
Q: How can I tell if I have spyware or other malicious software on my system and how can I get rid of it if I have it?
A: Spyware, Trojans, viruses, snoopers, and other types of malicious software are often hard to detect when present. Your computer may slow down, Windows Explorer may crash frequently, your Internet access may be slow or unavailable, and you may get unexpected error messages when trying to open programs. Viruses, Trojans, and worms are software that install themselves secretly and without your permission and replicate themselves from your system to other systems. Spyware are software that install themselves with your often unknowing but explicit permission. They do not usually replicate themselves.
There are two types of tools to remove viruses and spyware:
An anti-virus tool protects your system from viruses, worms, and Trojans that infect your system without your permission and replicate themselves to your unfortunate friends and associates and embarrass you in the process. These malicious uninvited programs are sometimes quite dangerous, if not to you, then to others you may infect or unknowingly attack. Some viruses will install attack software on your system, making your computer an unwitting accomplice in a malicious and damaging attack against someone else, as directed by the virus distributor. You have a responsibility to protect your system against these threats in order to protect your friends, other Internet users, and valuable web sites on the Internet against coordinated, massive denial-of-service attacks from virus-infected machines. You are particularly vulnerable to these infections if you have a broadband Internet connection. Norton/Symantec, McAfee, and Trend Micro make good anti-virus products for sale. Find more information on Virus Protection Strategies at: http://www.microsoft...rus/default.asp and specificlly find additional information about anti-virus vendors at: http://www.microsoft...ecurity&scope=1.
An anti-virus scanner cannot protect your system from spyware that you deliberately, but unknowingly, install on your computer when you or someone who uses your computer downloads and installs free software from the Internet. Therefore, you need a spyware scanner to remove these mildly malicious programs that spy on your Internet behavior, pop-up unwanted and intrusive ads when you browse the Internet, hijack your home page, hijack web sites, and slow down and crash your system. Note that removal of spyware will sometimes disable the free software from which the spyware originated. The license agreement you failed to read usually explains what software is being installed and whether it is necessary to use the free program that you really want. There are sometimes versions of free software available without the spyware.
Some available spyware removal tools are Adaware available from:
http://www.lavasoftu...ftware/adaware/ and Spybot available from
Q: Does Windows have a firewall or an anti-virus scanner? If so, how do I turn them on? If not, do I need these tools and where can I find some free ones?
A: Windows XP is the first version of Windows to provide a firewall, called the Internet Connection Firewall or ICF. Windows Server 2003 also ships with ICF. You can enable ICF from the connection properties on the Advanced tab. You cannot configure or tweak the built-in firewall, it is either on or off. ICF blocks many incoming port scans as well as Microsoft file and printer sharing, so you shouldn't use it on a network behind a NAT router or other firewall, as you will be unable to share files and printers in a workgroup if ICF is enabled.
ICF does not monitor outbound originating traffic. If you want to monitor outbound traffic for spyware activity, you need a product like ISA Server, or a third-party product like ZoneAlarm available from http://www.zonelabs....ontent/home.jsp, SyGate Personal Firewall from http://smb.sygate.co.../spf/spf_ov.htm, or Kerio WinRoute Firewall at http://www.kerio.com/kwf_home.html. See additional information about Firewalls at: http://www.microsoft...ork/default.asp
You can do a simple one-time web anti-virus scan at http://housecall.trendmicro.com/. But remember that whatever tool you get, to be able to use it effectively, you must keep the virus definitions database up-to-date.
Windows does not provide any anti-virus tool, but your system may have an anti-virus scanner installed by your computer maker. There are many anti-virus tools available. One free anti-virus scanner is AVG available from http://www.grisoft.com/us/us_index.php. Anti-virus tools are useless without frequent updates, so be sure to check the date on your anti-virus data file and update at least once a month or whenever you run a full scan. See additional information about Virus Protection Strategies at: http://www.microsoft...rus/default.asp
Note that there are problems with some versions of Windows and Outlook Express and some anti-virus background and email scanners, so be advised that if you enable automatic anti-virus protection and experience problems, you will need to seek help here to resolve those issues. This is not a recommendation to avoid automatic anti-virus protection, simply a warning that there are problems with several anti-virus tools in this respect.
Q: I have a question that you haven't covered in this list. How do I find an answer? Must I create a post in the newsgroup?
A: No, you shouldn't post until you have searched a few well-known sites for answers to your question. Go to http://www.google.co...ed_group_search and http://support.microsoft.com/ or http://search.micros...View=en-us&st=a to input your questions.
Microsoft Security Top Ten Most Frequently Asked Qphp tools firewall worm patch port scan infection
No replies to this topic
Also tagged with one or more of these keywords: php, tools, firewall, worm, patch, port scan, infection
Exploiting & Hacking →
Exploit Research & Discussion →
Exploiting & Hacking →
Security Video Demonstrations →
General GSO →
Open Topic →
Download Archive →
Requests Archive →
Exploiting & Hacking →
Exploit Research & Discussion →