WeekEnd Feature:Not long now!

by Ian Thompson, CCSP Staff Editor
Aug 14, 2004

Just like last week, this week is going to be a bit like the security equivalent of a lo-fat, hi-whip decaffe latte – looks like the real thing, but is a bit light-weight. There really isn’t too much to be going on with right now, so I’ll harangue y’all with a few things I’ve noticed in the past week that have blighted (or otherwise) my home PC.

XP or not XP

Well, some of you will no doubt be fully engrossed with your new XP SP2 update. Those of you who were too impatient to wait for the Windows Update site to deliver will have no doubt found one or other of the direct download links to the full i386 installation folder knocking about, though there are limits on the number of those types of download permitted each day. Mind you, with 220MB to go at (compared to 76-92MB as an update), you can see why.

This update has also kicked off a bunch of patches and updates from the third-party software (TPS) providers. Among the larger ones with the biggest impact on Joe Public must be Symantec – Norton Internet Security et al have all been updated to work with SP2, but they’re not alone. Question is; when do you apply these kinds of things?

Some TPS providers will employ a version-specific update, so when they see you’ve got the latest service pack they can react accordingly. However, this may be a little bit back-to-front for security software. I mean, it just wouldn’t do if vital firewall, AV and the rest stopped working for the (admittedly quite short) time that the update takes to patch the system – especially if it conflicts with the new XP firewall and needs a trick sequence of actions to be followed to skirt any issues.

Don’t be alarmed!!

Things are seldom as grim as they seem. However, I’ve just been trying ZoneLab’s ZoneAlarm Security Suite (ah, the joys of beta-hood), and try as I might I could not get the AV section to auto-update. It ran a scan fine, but time after time the update ‘failed to connect’, which isn’t good.

The ZASS firewall is based on a commercial product from Computer Associates, so together with the ZA forum and the CA one, I have been variously trying to run odd little files, strip out any security settings, shut down and restart services in the hope that some sort of permission pop-up will appear, and finally fully uninstall and reinstall after eradicating all remnants of ZA from the PC (registry and all). Not the easiest of times. However, despite not detecting my now-reinstalled copy of AVG, it works fine and I’m happy enough.

This is one example of the ‘added-value’ approach that many companies adopted in order to fund a more limited free version. It’s a model that many TPS companies use, especially in the field of security – AdAware, AVG, Sygate, ZoneAlarm, and so on. It’s also a similar tactic to that followed by ‘productivity’ software providers, although they tend to be tied to another purchased item (such as bundling PC-Cillin with certain motherboards). On the whole, the arrangement leaves the companies involved in a good light – the duality of altruism with profitability; kindly nodding, showing genuine concern as the money flows – and no-one minds one bit. However, this experience is not universal, although by no means would I include ZoneLabs here – ZA-Free must be one of the main factors controlling the spread of nasties on the Internet, so is to be applauded. Hurrah!

On reflection…

Within the past 8-10 days, one of my previously spam-free email boxes has been hit by a rush of junk. This box used to get one, maybe two per month (nearly always flagged as spam in error, and then nearly always from the SwishZone guys). However, I’ve been seeing around 10 per day arrive now.

Aside form the usual thought that someone who has me on their contacts list has had their PC compromised, a couple of them look to be rebound mail, in a low-level version of a Distributed Reflection Denial of Service attack. They all seem to come from a system administrator and reckon to be reporting a failed delivery or whatever of a message that (apparently) comes from me.

Never heard of that one? Fair enough. Have a look at the report by Steve Gibson on one that occurred a couple of years back…

These odd emails contained a viral attachment of one sort or another, but had been bounced off a legitimate ISP email server, using the malformed header trick I mentioned some time back. These ‘returns’ are definitely fake – as bourn out by the single oddball IP address deep within the headers of each mail that matches neither end, nor the domain it alleges to represent. However, it’s yet another example of the deviousness of people trying to mess around.

Now, if I was the type of person who flew into an indignant rage there’d have been a rather terse reply back to the legitimate ISP, and I’d have been unwittingly roped into the DrDOS game, only with the ignominious realisation that I’d been brought to the level of lap dog.

Oh, hold on – I’ve just thought of another reason... maybe my PC is suffering from some sort of digital sickness? ;¬)

Aaaww! Look at de ickle fingy-wingers and teensy toes!!!

Yes, the old family tree will soon have a new twig – any time within the next 3 weeks. So, this lack of sleep I’ve been suffering must be just a trial run for the real thing. As if I’ve not got enough to worry over, what with self-assembly cots that arrive from Mamas and Papas without instructions, and a family that must have bought every newborn clothing item in the county, the bathroom’s being refitted. Hence the shorter than usual article this week.

Unlike the jokers who are flummoxed by a soft toy from IKEA if it doesn’t have the old ‘put socket A into slot B’ assembly sheet, the cot wasn’t too taxing. Neither was the crib, or any of the three car seats we’ve acquired (one for each and one spare) – this whole parenthood thing is going to be a breeze!

And then a six-year old yesterday went on about how good Home Alone 4 was. I hadn’t even seen three yet, so ummed and ahhed my way through, turning to the vast piles of Lego nearby for that junior-gadget diversion.

It seems, as in life, things will continue to be a surprise. Our best laid plans and ideas are often scuppered by the simplest thing.