[PC Basics] Where You'll Get Hacked: Common Mistakes, and How to Prevent It [INFOGRAPHIC]

Where You'll Get Hacked: Common Mistakes, and How to Prevent It

[Devesh Prabhu is an avid blogger and has been blogging posts and rants on many subjects through his various blogs. He has been associated with the blogosphere for the past 8/9 years and inadvertently left the blogging scene albeit to concentrate on his personal life, but his desire to be among his readers brought him back.]

[NOTE: The article "[PC Basics] Where You'll Get Hacked: Common Mistakes, and How to Prevent It [INFOGRAPHIC]" first appeared on the Komputer Knowledge Blog.

[DISCLAIMER: All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. These terms and conditions of use are subject to change at anytime and without notice.]

No Comments

[PC Basics] Avoiding Viruses the Smart Way: Disabling Autorun Feature

Through the course of this article, I will help you avoid viruses by disabling a system feature that has its roots from the time PCs became mainstream.

An autorun.inf file is a text file that can be used by AutoRun and AutoPlay components of Microsoft Windows OS. For the file to be discovered and used by these components, it must be located in the root directory of a volume.

The AutoRun component was introduced in Windows 95 as a way of reducing support costs. AutoRun enabled application CD-ROMs to automatically launch a program which could then guide the user through the installation process.

By placing settings in an autorun.inf file, manufacturers could decide what actions were taken when their CD-ROM was inserted.

The simplest autorun.inf files have just two settings: one specifying an icon to represent the CD in Windows Explorer (or "My Computer") and one specifying which application to run.

A simple example:

[autorun]
open=setup.exe
icon=setup.exe,0
label=My install CD

- Via Wikipedia

VIRUSES & MALWARE

Autorun.inf can be exploited to allow malicious programs to run automatically without the user knowing.

If you have been infected with the autorun.inf virus, each time you insert the removable media and double-click your drive to open it, the virus file begins executing and infects your computer, which spreads itself on to the computer by making multiple copies of the autorun.inf and .exe files on every drive of your computer.

When your computer is infected, viruses might connect to malicious websites and install key loggers on your PC. Key logger steal your private information like usernames, account numbers, social security, passwords, credit card information, as well as other sensitive information.

It is very important that you remove the virus from the computer to avoid further spread.


AVOIDING VIRUSES & SAFETY

In this modern day and age, very few people have any use of this feature and it is best to disable this so as to avoid being infected with a virus that can propagate itself each time the removable media is inserted.

A very useful tool to remove or to nip it in its bud is to disable this feature altogether and not have Autorun run itself when removable media such as DVDs, USB drives, CDs, or Memory Sticks are inserted in the first place.

The easiest way to disable Autorun in just a few minutes and which will potentially save you from getting infected with a virus that takes time (or money) to clean is by downloading the utility “Disable Autorun.”

Click on the link and download and install the tool. Once it's installed, right click the shortcut on the desktop and click Run as Administrator.

Choose from the following options:

Disables AutoRun on drives of unknown type
Disables AutoRun on removable drives
Disables AutoRun on fixed drives
Disables AutoRun on network drives
Disables AutoRun on CD-ROM drives
Disables AutoRun on RAM disks
Disables AutoRun on all kinds of drives

I would recommend that you select all available options and, if you’re not sure of which options to pick, check the option "Disables AutoRun on all kinds of drives."

Click the Apply button and restart your computer to save and apply the changes. Repeat on other computers around you home or send to a friend to do the same.

[Note: this program must be run with administrator privileges, or you can right click the program and click "Run As Administrator" to run this program.]

[Devesh Prabhu is an avid blogger and has been blogging posts and rants on many subjects through his various blogs. He has been associated with the blogosphere for the past 8/9 years and inadvertently left the blogging scene albeit to concentrate on his personal life, but his desire to be among his readers brought him back.]

[NOTE: The article "[PC Basics] Avoiding Viruses the Smart Way: Disabling Autorun Feature" first appeared on the Komputer Knowledge Blog.

[DISCLAIMER: All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. These terms and conditions of use are subject to change at anytime and without notice.]

No Comments

Keep Your Passwords Secret On A Public Computer

Has anyone ever told you before that it is risky to use a public computer? The main reason for this is because there could be Keylogger software or Spyware installed in the public terminal that can capture your user name and password when you type on the keyboard. Can you imagine your Email/Bank/Paypal password being stolen? What loss would it cause to you?

KYPS is a Web service that allows you to log into your account from a public computer without disclosing your password to that computer. The way KYPS works is very simple: You register your website (be it an email account or any login site) with the KYPS server. Based on the username and password that you have provided, KYPS will encrypt the password and generate a list of one-time codes that you can use to login to your account.

Everytime you want to login to your site, KYPS will prompt you to enter the code from a certain pad. It will then decrypt the code, rebuild the password and auto-login to your site. After that, that particular code will be rendered useless. Even if there is a keylogger software that logs the one-time code, it won’t be able to login to your site. The image below show a graphical explanation of the whole process.

When you first use KYPS, you are required to register your login account with them. During the registration, you are asked to enter your username and password. From here, you can choose how many one-time codes you want to generate. The more codes you generate, the more times you can login to your site without using the actual password.

Once you have submitted the registration, it will prompt you to download a PDF file that contains your list of one-time codes. This is what it will look like:



The number on the left of each column is the pad while the string of characters on the right is the one-time code. Whenever you want to login to your site, KYPS will ask you to enter the code with number XXX. You just match the number to your list, enter the corresponding code and you will be securely logged in to your site.

In case you are worrying that KYPS is a phishing site that is out to collect your password, you can be assured that the password you have entered is not stored in the database. It is only used to generate the one-time codes and will be deleted after that.

If you are still not convinced, you can leave out the password field when registering your site. KYPS will then bring you to another site where you can disconnect your computer from the network and use the java applet to generate the one-time code.

Apart from logging you into your account, KYPS also acts as a reverse proxy that you can use to hide your online trace. All of the website is delivered with the “https” protocol and the URL does not contain the original link of the webpage. In this way, your privacy is protected and you don’t have to worry about other people finding out which sites you have been to.

KYPS may not be the only way to fight against keyloggers, but it is definitely one good way that anyone can use to protect themselves. The only troublesome thing is that you have to pre-register your login accounts with KYPS on a keylogger-free/spyware-free computer before you can use the service on a public computer. If you have the sudden urge to log into an account that you did not register with KYPS, you have to subject yourself to the same risk as others.

In addition, if you have plenty of accounts, the generated codes will form quite a huge list (imagine 200 codes for each account). If you mind carrying a huge list of codes everywhere you go, then KYPS might not be suitable for you.

No Comments