CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats

What's up?

Real life scenario

Internet & PC scenario

What is the threat or vulnerability?

About 25% of what we get out of our membership in a health club or from a new exercise bike - the value or benefit - has to do with making the best decision we can (i.e. which health club and so on)

90% of the benefits from a health club membership or exercise bike comes from their regular and frequent (e.g., 3 x a week) use of either option of about 25 minutes every time one exercises.

However, citizens or consumers devote a lot of their time & attention to choosing the 'right' bicycle or health club for joining. This is done instead of planning and 'agreeging' to submitting to a regular and frequent 20 min minimum exercise regiment beforehand.

The key is using exercise options regular, frequently and wisely (i.e. not overdoing it at the beginning and complimenting it with a wise diet).

Purchasing a car is a big investment. Retaining its value and assuring reliable operations requires regular service and tune-ups.

About 25% of the benefits we get out of hardware or software purchase has to do making a 'wise' purchase decision (e.g., value for money - choosing the notebook and software that fits our needs the best).

75% of the business value of IT and information is linked to so-called “soft factors” having to do with the usage of information and IT by employees in the company and externally by customers, partners and suppliers.

However, most managers or home-users devote 90% of their time and attention to IT investments (which notebook to purchase). So we understand that:

A) To stay healthy & benefit the most from your health club membership, use it regularly.

B) A smooth ride down the road requires regular maintenance of the car.

C) Smooth computer operations require regular use of certain utilities for maintenance & tune-up - as outlined below.

Please check out our subsequent tip on how to better work with windows here calledWindows XP 101 - PART 2 - Paris Hilton Knows CyTRAP's THREE Rules for Better Securing her PC

Problem & Solution

What does it mean to me? Am I vulnerable?

Most of us have experienced that our computer slows down apparently unnecessarily or else the system may shut down for reasons that are unclear to most users.

However, there are some small utilities available that can help better manage the working experience with Windows.

All tools offered below are

1) free,

2) small (i.e. use little memory and can usually be launched in case of use instead of having them to run constantly), and

3) have been used and tested by CyTRAP staff for a few weeks on their own systems

So why should one care about tuning up windows? Because:

A) The Threat is that your Windows Operating system may no longer run properly on your computer, resulting in:

system crashes,

program crashes, and

other unesirable results

similar to an engine going bad because you forgot to check the oil in your car and voila.... Regular oil changes and tune-ups extend the life of your car and make it run smoothly without expensive repairs longer. The same is true for your computer running on Windows.

B) Vulnerability is that your hard disk may be corrupted or files could be damaged as well. Left over files as well as so-called orphans may further clutter your system and make it harder for Windows and other software to run on your system.

C) Impact could be that your PC is being slowed down, i.e. your Internet experience and working on other tasks takes longer or the system might not respond in the way you expected.

How can one describe the solution?

Enabling Administrative Tools on Windows XP

By Default Administrative Tools is not shown. You will have to enable it by:

clicking on XP Start Menu,

get into the Control Panel and then

click on Taskbar and Start Menu applet,

put a checkmark beside, "Display Administrative Tools" (if this is not shown, just continue, you might have put a checkmark on it before),

Click OK and then, and

click on your Start, Programs, Administrative Tools and Services.

you will see a few things are now shown that might not have been before. Before tweaking your services, you may consider clearing the Event Log to quickly see what, if anything, has resulted in your adjustments. Do this by clicking on Start, Programs, Administrative Tools, Event Viewer. Click on the Action tab and Clear all events. Another precaution to take is to use a pen and paper to record your changes. Modify a couple at a time and test your system

Does Microsoft offer me a solution?

Malicious Software - Free Check and Removal Tool from Microsoft

The Microsoft Windows Malicious Software Removal Tool checks:

Windows XP,

Windows 2000, and

Windows Server 2003

computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom.

You can download the tool from here:

http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356 (Deutsch)

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356 (English)

When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

The tool creates a log file named mrt.log in the %WINDIR%\debug folder. Finally, the tool is updated every month after the 2nd Tuesday each month, when Microsoft has its so-called Patch Tuesday. If you get CASEScontact.org alerts, you will be kept posted.

Incidentally, the tool is as of August in Version 1.7.1 and 650 KB large, making dowloading via a phone line easy and fast.

TIDBIT

The first Version was able to search for and remove eight viruses namely:

Berbew,

Doomjuice,

Gaobot,

MSBlast,

Mydoom,

Nachi,

Sasser, and

Zindos

The Version 1.7.1 manages to fight more than 30 different types of viruses, spyware and worms.

PS. Naturally many more languages are available, use one of the above links and just choose your language in the option field given by Microsoft verry much at the top of the page.

PS2. This tool is not an anti-virus tool... for FREE anti-virus tools please go to:

CyTRAP ID CT210006 ==> http://casescontact.org/tips/210006

Where can I get more help?

You should really make sure that you have your hard drive configured properly, whereby:

Windows runs on C drive,

all other programs run on another drive, while

documents are stored on another drive again

If you need help on how to best use your hard-drive to make your Windows XP tweaking efforts even more effective than go to:

CyTRAP ID CT210005 ==> http://casescontact.org/tips/210005

What is the solution to this problem ?

Tip 1		Reclaim Unused Modules of Physical Ram When one boots a system and then right clicks on: My Computer/Properties/Performance the system my show 60% or more as free under System Resources. However, this tends to decrease to less then 50% during a session even though one might close a few progrems using their exit buttons. In such a case performance goes down. WinXP has a very state-of-the-art memory management, and with most programs one will not notice any performance improvement when using memory optimizers. However, there are programs that do manage to free up ram that Windows XP might still be hugging after you closed down programs or even when the computer is idling. This utility does wonders to reclaim ram, it is very easy to use and barely uses any memory. YES it does boot your system's performance and can be shut down right after its use: http://security.weburb.dk/frame/show/news/3087

Tip 2		Tweaking Windows - Speeding Up This program includes a plethora of performance tweaks, which will make any Windows installation run faster. Most importantly is that it has an easy interface and offers a good help file in case one has a few questions. You can use CyTRAP's choice for tweaking your system including boot folder defragmentation and prefetch folder cleaning visiting here: http://security.weburb.dk/frame/show/news/3710

Tip 3		Get Rid of Garbage on Your PC - Temp Files Etc. There is nothing like a little bit of house cleaning to get your place looking good! The same goes with your computer too. Removing the clutter and garbage out of your system and sending it to the nearest bin for disposal is good way to: safe disk space, speed up your computer, making working easier for you! You can use CyTRAP's choice for cleaning up the clutter on your system regarding temporary files, while speeding up the system at the same time by visiting here: http://security.weburb.dk/frame/show/news/3706

Take another 2 minutes - More tricks to safeguard your information better

Tidbit 1		Get Rid of Unnecessary Registry Files in Windows The Windows XP registry is the database in which the operating system stores most of its settings, including configuration and installation information such as where programs store their settings. It contains information about what hardware is installed on the system. Importantly, the registry defines relationships between different parts of the operating system's user interface. For example, the registry defines: what one sees on the desktop; how the Start menu and taskbar work; and how the operating system starts. One section is called the Windows Registry Key, which stores information regarding the system's settings and configuration. The registry can be found on C drive, the easiest is to click on start, then run and type in C:\WINDOWS\REGEDIT So why does the registry require cleaning? Whenever programs run on one's PC, the system is becoming a host to literally hundreds of files that are completely unnecessary. Many programs create these files as their normal process of running. Fortunately, most programs remove these files when they shutdown, however, a few do not. The program presented here will weed out those zombie files and get rid of them, saving space and in many incidences, making the system run faster. It is safer to do this job using a program instead of doing it yourself. So use CyTRAP's choice for cleaning up your registry files by visiting here: http://security.weburb.dk/frame/show/news/3708 The program will allow you to back up the files before starting to clean up, just in case something goes wrong you can recover them easily, hence making this work a pretty safe bet.
Tidbit 2		Shutting Down Windows - The Easy Way Windows requires several steps to shut down. This little program allows one to do it with one simple click while making sure that all running programs are also shut off properly. CyTRAP staff uses this little tool also on home machines ... its just nice and easy to use while doing its job perfectly. http://security.weburb.dk/frame/show/news/3711
Tidbit 3		Tweaking Windows - Hints and Tips If you want to know more including tips and tricks regarding programs running with Windows XP as well as hardware and so on, this is the Tweak Guide that will answer most of your questions in easy to understand language and to-the-point, check it out: http://security.weburb.dk/frame/show/news/3709
Watch out		Clearing Event Log - Keeping Tab of Changes = Better Safe than Sorry Before tweaking your services, you may consider clearing the Event Log to quickly see what, if anything, has resulted in your adjustments. Do this by: clicking on Start, All Programs (or Condtrol Panel if the list of all programs does give you admin tools - see below), click on Administrative Tools, Event Viewer, then click on the Action tab (or else click on Application,Security and System and every time right click mouse and click clear all events) and, finally, click on Clear all events. Another precaution to take is to use a pen and paper to record changes. Modify a couple at a time and test the system to see if all works properly. Running SP2 on Your PC - Are You Sure? Quick Check Offered by Microsoft SP2 was a big patch that was much about security for Windows SP and not much more but because of this its a real gem and Grandma recommends that you make sure that your system is patched accordingly. Get it here: http://www.microsoft.com/athome/security/protect/windowsxp/Default.mspx The screen will tell you at the top if your Windows XP is running SP2 - otherwise it will help you get it installed. UPDATE LOG The following additions were provided: 2005-08-10 - Minor technical updates 2005-08-20 - Added Microsoft Malicious Software Removal Tool (Tool zum Entfernen bösartiger Software (KB890830)) - see section entitled Does Microsoft offer me a solution? 2005-08-24-30 - Adding various tool links, for instance, for checking if system runs XP or other Operating System - downloading SP2 Get Updates for CASESContact Tips and Latest Advisories via E-Mail or RSS subscribe for e-mail updates visiting http://casescontact.org/subscribe.php, get RSS feed from http://casescontact.org/rss.php or else from any major RSS news aggregator such as http://www.readafeed.de (Reed a Feed) Watch Out For Next Tip When: 2005-09-27 - Tuesday What: Windows Update 101 - Yes Virginia - Follow these THREE Rules and Secure Sailing is all Yours Get More Tips and Tricks - Latest Security Tips (ISSN: 1603-9866) http://casescontact.org/tips_list.php

CYTRAP resources - check it out - because it will help you better protect yourself

Administrative

Author		Urs E. Gattiker - CyTRAP Labs

Revisions		1.0 - 2005-07-15 - First Version 1.1 - 2005-08-30 - Update
Contact details		Web: http://CASEScontact.org E-mail: support01@CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax

--END of ADVISORY - Important Info Below--

We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail 2) RSS feeds, or else, just get a 3) free skills tune-up

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

UNSUBSCRIBE If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - --currently hosted by Flashcable

-- END of TIP & Tricks ADVISORY-- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.

Just the facts

Title		UPDATE 1 - Windows XP 101 - PART 1 - Grandma's Tricks - Regular Service & Tune Up ==> Turbo Charge XP
Description
CyTRAP LABs ID		CT210007
Date		2005-08-30
Systems affected
Version number		1.1
ISSN		1603-9866
Verify tip		http://casescontact.org/tips/210007
Risk assessment		Moderate
Impact/Severity		High

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: Your email: or press here.

Malicious Software - Free Check and Removal Tool from Microsoft

Running SP2 on Your PC - Are You Sure? Quick Check Offered by Microsoft

UPDATE LOG

Get Updates for CASESContact Tips and Latest Advisories via E-Mail or RSS

Watch Out For Next Tip

Get More Tips and Tricks - Latest Security Tips (ISSN: 1603-9866)