Wiz's Computer and Website Security Blog

If you own any Internet Domains you already know that they require a valid Domain Registrar to hold your registration information, before they can go live on a web host or server. I have had website domains since around the year 2000, and they have all been registered through the same Registrar; Dotster.

Today I received a deceptive letter in the mail from Liberty Names of America, apparently a Domain Registrar. At the top right, in large bold type it said: Domain Name Expiration Notice. After that, in small print, it stated: "As a courtesy, we would like to remind you that it's time to renew your domain name, which is expiring on April 27, 2007." Below that it listed one of my various domain names and a reply by date of March 14, 2007. The rest of the details in the letter are in small type, except for the parts where it outlines the renewal rates for 1, 2 and 5 years, and the place where the gullible would fill in their credit card details to "renew" their domain with these pirates.

As I stated in the first paragraph, Dotster, Inc. is and always has been my domain Registrar. Liberty Names Of America is harvesting the Whois records for as many domains as they can lookup, then sending out phony renewal notices to capture business away from the existing Registrars, by deceiving gullible recipients of these letters. To be fair, the letter does state, in small print, that they are not your current Registrar, and that they want you to transfer to them. The back side of the letter contains almost 7" of type that is so tiny that it requires a magnifying glass to read it. In that tiny type are the legal details and disclaimers for their transferring of your service.

As a reference to you all, I currently pay $14.95 per year (1 yr renewals) to maintain my domains at Dotster. Liberty Names is offering me the fabulous opportunity to transfer my domain away from $14.95 a year with Dotster to them, for the low rate of only $25.00! Hmmm. Simple math tells me that they are charging almost twice what Dotster charges for common TLD domain name registration. PIRATES! Take me off your mailing list, Liberty Names of America. You are slimeballs, just like DROA, who sends out similar Expiration Notices to domain owners. Are you the same slimeball company under a different name? Go F yourself!

Now that my tirade is over, if you really do need a decent domain registrar, one that won't dick you around, I recommend Dotster. For $14.95 you can register your domains, not $25, or $35, or $40 per year that the ripoff registrars charge. They do have sliding reduced rates for 5 or 10 year renewals and charge only $8.95 to transfer your existing domain, plus they add one year to it's expiration date.

Nuff said.

Posted by Wiz at 1:41 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).

Spybot-S&D Updates Page

2007-01-19

Adware
+ NCast (10)

Dialer
+ EGDAccess ++ UniversalDial

Keylogger
++ SpyMyPC-Pro

Malware
++ AdArmor + Anti-Virus-Pro + DeepDive ++ ErrorKiller ++ FixerAntispy + RemedyAntiSpy ++ SpyAnalyst ++ SpyOfficer ++ SVerner.Search + Swizzor

PUPS
+ AntiverminsPro + SunStarCasino.Kasinos

Trojan
++ 1und1Bill.Fake (2) + Banload ++ CurePCSolution (2) ++ Hupignon ++ PWS.WOW + QQRob (6) ++ Some-Standards.com (2) ++ Win32.Agent.ar ++ Win32.Bifrose.LA ++ Win32.Delf.ago ++ Win32.SdBot.ye ++ Zinblog ++ Zlob.DirectVideo + Zlob.EliteCodec + Zlob.VideoActiveXObject

Total: 350350 fingerprints in 58536 rules for 2624 products.

English Language Company Links:
Spybot Search and Destroy Home Page
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. Furthermore, if you run with reduced user privileges, such as a Limited User, or Power User, your choice of updates will be more limited that if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users, or log onto an Administrator account and re-apply the updates and immunizations.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Posted by Wiz at 12:34 PM | Permalink

back to top ^

From the I don't believe it department comes this news...

Grisoft, the maker of AVG anti virus and anti spyware products has just announced that the cutoff of support for AVG Free 7.1 has been extended one month, to February 18, 2007. Last fall they had announced that all updates and support for AVG Free 7.1 would end on January 15, 2007. Many AVG Free users, including me, have already upgraded to the new version 7.5 as a result and are enjoying the improved interface.

Yesterday, on a service call, I checked for and obtained updates for AVG Free on a computer. After the update completed I decided to open the interface to see if it was the new version and was surprised to discover it to be 7.1. I upgraded it anyhow, but pondered why there was a definition update on January 17, when support was to have ended 2 days earlier. Now I know why.

Anyway, if you are still using AVG Free 7.1 you have one more month to use it, with definition updates, before they pull the plug (unless it gets extended again!).

What's different in AVG Free 7.5?

With version 7.5, users receive improved virus detection based on better heuristics and NTFS data streams scanning, smaller update files and improved user interface. Anti-Virus Free Edition 7.5 is also Windows Vista-ready and is available via Windows Security Center as a security solution. To upgrade to free version 7.5, users can visit visit: http://free.grisoft.com.

Grisoft also offers commercial versions of AVG Anti Virus, including a Windows Server edition. The commercial versions are available from http://www.grisoft.com . They also own the former Ewido Anti Spyware program and have renamed it to AVG Anti-Spyware. It is available as a trial version, which reverts to freeware with reduced capabilities after 30 days.

Posted by Wiz at 9:38 AM | Permalink

back to top ^

This article really falls under the catagory of Usability and Accessibility, as it deals with overriding fonts that are hard to read for some people with sight problems. Viewability has often been overlooked by website template writers who may be young and gifted with very good eyesight, hence they code their fonts to be a fixed size that they find comfortable. Those font sizes are often entirely too small for the elderly, or people with limited sight to resolve. Add to this the fact that web browsers are designed to display web pages as per the styles and fonts specified by the site designers, and that while these fonts sizes can be overridden, it is not always obvious to the users as to how they can do so. Furthermore, even if these folks know how to override default fonts on a webpage, they are forced to do this everytime they revisit that website, since browsers reset to factory default display mode after being closed out and re-opened.

I have often been asked for advise on changing website specified fonts to those preferred by the users, on forums and via direct inquiries (I am the Wiz and am assumed to know all the answers to all the questions!). Instances where this is an issue are typically on forums, where the default stylesheet uses fixed font sizes and/or colors, which the viewer may find difficult to read. People gifted with good eyesight shouldn't goff at this. Your day is coming too.

On a forum where I am the Moderator I was recently asked if it is possible to override the default font size permanently, just for that forum. The administrator is planning to rewrite the stylesheets to allow relative font sizes to be used, which is definitely more user friendly, especially to those with poor eyesight, but until that is accomplished I was able to find a means whereby people using Firefox browsers can create their own custom stylesheet in place of the one used by that forum. The really interesting thing about this custom stylesheet is that it can be specifically targetted to control only the fonts (family, size, color, boldness) on a particular webpage, or for an entire domain. This is good news if you are a frequent reader of a particular forum that uses fixed fonts that you have trouble reading. I have researched a solution for Firefox browser users to override the fonts on a particular website, or even on a particular page or sub-forum. From now on I will refer to this location as the URL.

The rest of this article pertains to the Firefox custom stylesheet workaround. I will publish information for Internet Explorer users in another article.

To begin, you will need find your Firefox Profile folder. Instructions for locating this folder are here, in my extended comments.

The method:
Once you have opened your Firefox Profile folder, open the sub-directory named "Chrome". You will have to create a new text file and name it userContent.css. You can do this in Windows using Notepad, by right-clicking inside the Profile folder and left-clicking on "New," then left-click on "Text document." After you add the pertinent commands to the new text document you should rename it to userContent.css (right-click on file and choose Rename, then type or paste in the new name, then click away from it). Alternately, you can open the sample file named "userContent-example.css" and edit it, then Save As, or Rename it to userContent.css

Here is an example of a custom Firefox Stylesheet to increase the font size, using Percentages or EMs as a measurement, for an exemplified forum URL, where the forum runs on current phpBB code.

@-moz-document url-prefix(http://www.forum.domain.com/) {
.postbody { font-size : 1.2em !important; }
}

Or else, use percentages, like this:

@-moz-document url-prefix(http://www.forum.domain.com/) {
.postbody { font-size : 120% !important; }
}

If the forum's BB code for the class postbody includes a fixed size line-height declaration you can add this to your custom rule: line-height: 1.3em !important;, or line-height: 130% !important;. Alter the em or % number to obtain the best line spacing and to avoid cutting off lower parts of drop letters, like lowercase g, j, p, q, or y.

You would change the URL (http://www.forum.domain.com/) to that of your preferred forum, by copying and pasting it from your browser's address bar. If the forum runs on phpBB code and you want to change the font size in the body of Posts leave the class .postbody as is. Otherwise, you can specify Body to override all font sizes, and use a percentage increase, instead of a set font size. Using the command !important; causes your style rule to override that of the website.

You can discover what stylesheet or css rules are being applied to a web page by viewing the source. In Firefox you press Control + U. Some stylesheets are included in the page you are viewing, within a set of <style> ... </style> tags. Others are in external files. Look in the HEAD section for a line containing; <link rel="stylesheet" type="text/css" src="URL">. Note the location of the external css file as listed in the src=" " part, then highlight and copy it with your mouse. Then go back to the web page in the browser, click on the URL in the address bar, remove any filename and sub-directory that is showing and paste the location of the stylesheet onto the end of the base URL, like this deactivated example:

ht*p://w*w.example.com/templates/site-style.css

If you got it right the stylesheet will display as plain text in the browser, where you can read it or save it as a .css or .txt file. Study the stylesheet to learn about the names of the Classes (names beginning with a period, as in .postbody) and IDs (names beginning with a # sign, like #content), that are assigned font size rules you want to override, and use those class or id names in your custom stylesheet, for that website.

By employing these techniques you can override the preset styles of virtually any website you may frequent, making it easier to view for your eyesight and monitor size situation. I will be posting more information about other techniques to change the font sizes in other articles on my blog.

Locate your Firefox Profile folder

Before the configuration files are presented, you should know how to find your Profile folder, which is where Firefox saves all your settings on your hard drive. If you are using a Windows computer you may have to change some default "View" settings before the Profile folder can be seen. If your Folder View settings already display hidden files and folders, skip the next two paragraphs.

By default, most Windows operating systems will hide certain types of files, extensions, and folders that contain system information, or are not usually used by computer operators. The Firefox Profile folder is among these normally hidden folders. It is in a sub-directory (folder) of the Application Data directory in Windows XP and 2000, which is also normally hidden from your view. Unless you unhide these directories you cannot navigate to or through them.

To unhide hidden files and folders and display extensions of known file types, open "My Computer" or "My Documents" and click on the Menu-bar item Tools, then go down and click on "Folder Options." When the Folder Options box opens click on the "View" tab, on top. Under "Advanced settings" click to check the option box - "Display the contents of system folders." If your view uses the address bar in folder windows you should also check - "Display the full path in the address bar." Next, under "Hidden files and folders, check - "Show hidden files and folders." Next, uncheck "Hide extensions for known file types." Last, click on "Apply" then "OK," to close out the Folder Options box. You can now navigate to your Profile folder, as follows.

• On Windows Vista/XP/2000, the path is usually %AppData%\Mozilla\Firefox\Profiles\xxxxxxxx.default\, where xxxxxxxx is a random string of 8 characters. Just browse to C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox\Profiles\ and the rest should be obvious.
• On Windows 95/98/Me, the path is usually C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
• On Linux, the path is usually ~/.mozilla/firefox/xxxxxxxx.default/
• On Mac OS X, the path is usually ~/Library/Application Support/Firefox/Profiles/xxxxxxxx.default/

%AppData% is a shorthand for the "Application Data" path on Windows 2000/XP/Vista. To use it, click Start > Run..., type %AppData% into the input field, and press Enter. You will be taken to the actual folder for your identity, which is normally C:\Documents and Settings\[User Name]\Application Data, for Windows XP/2000, or C:\Users\[User Name]\AppData\Roaming, for Windows Vista.

Back to the method

Posted by Wiz at 11:35 PM | Permalink

back to top ^

I just learned that router maker Cisco Systems, Inc. is in the process of purchasing IronPort Systems, Inc, for $830 Million, US, in cash and stock options. IronPort is in the anti-spam and anti-virus and and website security fields, and is the owner of SpamCop, of which I am a reporting member. That's why this acquision interests me.

SpamCop started out in 1998 as the property of Julian Haight, and is a website where members can paste the contents of spam and scam email messages to have them reported to the ISPs and web hosts involved in the delivery of those messages. SpamCop processes over a million spam reports a day and maintains a list of the ISPs through who these spam/scam messages are being sent. Referred to as the SpamCop Blocklist (SBL), that list of spammers and the unsecured computers they also use to relay their garbage is used by email systems around the World to identify and flag much of the incoming spam that floods the Internet everyday.

I use MailWasher Pro to screen and filter all incoming email and it consults the SBL to see if a message has already been identified and flagged by SpamCop, and adds it's own flag to the Status column to warn me about it. When I see a message flagged by the SBL and I bother to investigate, I find that it is spam, 100% of the time. MailWasher Pro also has a place to input your SpamCop login id and includes a checkbox to report spam via that account. You must respond to an automatic reply from SpamCop and go to your report manually to finish submitting it, but you are saved the hassle of reading the source code and copying and pasting it into the SpamCop reporting field yourself.

In June 2003, SpamCop became a wholly-owned subsidiary of IronPort Systems, Inc, which is a security software and solutions company. IronPort Systems, founded in 2000, is the leading email and Web security products provider for organizations ranging from small businesses to the Global 2000. And now, both become a division of the leading router manufacturer in the entire World, Cisco Systems. In case you didn't know it, the Internet runs on Cisco routers. This acquision will add a lot of financial backing to IronPort and SpamCop, to help them in their fight against the scourge of spam that inundates inboxes every hour.

By the way, you too can become a reporting member of SpamCop, for free, by visiting www.spamcop.net and signing up for a reporting member account. There are rules to follow and things you must learn to do, in order for your reports to be effective, but it is well worth your time to help report spam, rather than just deleting it.

Often, home or business computers are used to relay spam, unbeknownst to their owners, and a SpamCop report to their ISP may result in their account being suspended until they disinfect those computers. Other reports discover vulnerable email servers which can be secured after the owners are notified with a SpamCop report. Sometimes those reports lead to the termination of email and Internet access accounts used by the spammers/scammers themselves. In the case where a website is advertised in the body of a spam message, the hosting company is notified and that website will often be terminated for violating the Terms Of Service agreement.

As I mentioned earlier in this post, MailWasher Pro is a valuable tool for screening your incoming email and deleting spam before you download it to your email client's inbox. I have written about this product on my blog and have devoted an entire webpage to describing it. If you are plagued by spam and use Outlook, Outlook Express, Thunderbird, or any other POP3 email client to download your messages, MailWasher Pro can help reduce the flood of spam to a trickle.

Posted by Wiz at 11:55 AM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated. Users of the free version should check for and install the new definitions manually.

New definitions:
====================
Win32.TrojanPWS.OnlineGames +21

Updated definitions:
====================
Adware.Mirar +2
AdwareSheriff
FakeAlert
PurityScan +3
Softomate Toolbar +2
SpyHeal
Win32.Backdoor.Agent +2
Win32.Generic.PWS +2
Win32.Mydoom.A
Win32.Trojan.Downloader +22
Win32.Trojan.Keylogger +3
Win32.Trojan.MatrixHasYou +2
Win32.Trojan.SDBot +4
Win32.Trojan.Spy
Win32.Trojan.StartPage +7
Win32.TrojanClicker +6
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent +9
Win32.TrojanDownloader.Banload +4
Win32.Trojandownloader.Zlob +3
Win32.TrojanDropper +4
Win32.Trojan-PSW.Lineage +20
Win32.TrojanSpy.Banker +21
Win32.TrojanSpy.Goldun
Win32.Worm.Agobot.E +6
Win32.Worm.Warezov +21
Win32.Worm.Viking +3

MD5 checksum is 5b755fba0b0b6e2edfbcc22177c9a87d

You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

See all security program update notices in this catagory

Posted by Wiz at 12:11 PM | Permalink

back to top ^