Web Sites Increasing Vigilance Against Malware

These days, if you're publishing a web site - or surfing the web - you have to watch your back, constantly. Merely publishing a secure site - or only surfing to secure sites - may not be enough. Any link on any web site might link to another web site, with malware. Worse, any link on any web site might not link to a web site with malware, but to a web site that links to another web site, with malware. And so on ...

How do you draw the line how far to look? You can use a browser add-on which monitors your surfing, and tells you which web sites are safe, or aren't safe - but that add-on better go beyond just checking the immediate web site.

This month, we see progress in that direction. Just yesterday, I was asked, in Blogger Help Forum: Something Is Broken

I see that Blogger says "Blog Unavailable"
Upon further investigation, I found interesting reports from "safebrowsing.clients.google.com", which appears to be a database fed by Google and StopBadware.org.


The top level reports simply says that "earnovertheinternet.blogspot.com" is a dodgy web site. Here I won't comment on the name, more commentary will be found elsewhere.



We click on the "Why was this site blocked" button, and see the report for "earnovertheinternet.blogspot.com". "earnovertheinternet.blogspot.com" is clean, but it links to "popuptraffic.com".



We click on the link for "popuptraffic.com", and see the report for "popuptraffic.com". "popuptraffic.com" is clean, but it links to "javapo.t35.com", "downner.blogspot.com", and "lpspain.galeon.com".



We click on the link for "javapo.t35.com", and see the report for "javapo.t35.com". "javapo.t35.com" is not clean. Reports for "downner.blogspot.com", and "lpspain.galeon.com" contained similar warnings.



I'll note here the stated dangers from "javapo.t35.com"
25 page(s) resulted in malicious software being downloaded and installed without user consent ...

Malicious software includes 26 exploit(s), 2 trojan(s), 1 scripting exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine ... Malicious software is hosted on 12 domain(s), including velassin.com/, rmbclick.com/, 39m.net/.

11 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including popuptraffic.com/, adtrak.net/, hele.t35.com/.
We see evidence that the web site monitoring process is persistently cyclic.
The last time Google visited this site was on 2009-09-04, and the last time suspicious content was found on this site was on 2009-09-04.
And, it describes details about the degree of danger.
Malicious software includes 26 exploit(s), 2 trojan(s), 1 scripting exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine.


"earnovertheinternet.blogspot.com" and "popuptraffic.com" had apparently been visited that same day, 2009/09/17.
What is the current listing status for earnovertheinternet.blogspot.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-17, and the last time suspicious content was found on this site was on 2009-09-17.


The owner of "earnovertheinternet.blogspot.com" (you'll note that I won't be linking there) states his intention to clean up his act, and to convince at least one other web site to do likewise.
I will remove those popups ... I asked the admin of popuptrafic


This is a start. Get the responsible web sites to remove their links to dodgy web sites. Enough action here, and one day, maybe no more dodgy web sites.

We can dream, can't we?

>> Top

Getting Internet Service Requires More Than Excellent Signal Strength

As computers in general, and WiFi in particular, become more like home appliances and less tools or toys owned by the geeky or the wealthy, not everybody who needs Internet access will be able to get it at any given time. Some people aren't aware of the details involved, especially when using the convenient WiFi connectivity. Reports like

My Internet connection is Excellent, but when I start Internet Explorer, I see
The page cannot be displayed.
What is going on here?
are becoming more and more common in many forums.

Between turning on on your WiFi equipped computer, and seeing the home page of your choice pop up in the browser window, there are a few details which you need to consider.All of these are issues which involve WiFi connectivity, and all different ways. The bottom line, though, is that WiFi will never replace Ethernet. And there are other issues which affect Internet connectivity in general, but might still affect this computer, alone.

>> Top

Computers Running "Advanced" and "Simple" File Sharing On The LAN Together

If your computer runs Windows XP or Vista, and you're accessing a similar "server" running Windows XP or Vista, with Simple File Sharing / Password Protect Sharing Disabled, you're going to depend upon the status of the Guest account on the server. Occasionally, you'll see a familiar error

File not accessible. You might not have permission to use this network resource. Contact the administratior of this server to find out if you have access permissions. Access is denied.
Your first reaction will be to check the status of the Guest account. When you find that Guest is enabled, and with all security components properly setup, you're going to wonder
OK, now what?


The next thing that you need to do is examine the Sharing Properties of the file or folder in question. It's possible that you'll find that it now needs to be permissioned to "Everyone", and that's despite the fact that you know that you permissioned the parent folder to "Everyone", long ago.

By default, a new file or folder is owned by the account used for setting it up. If you're logged in to your server using a Full access account (equivalent to "Administrator" under Advanced File Sharing / Password Protected Sharing Enabled), that new file or folder won't be permissioned to "Everyone", but to the account that you're logged into. When you try to access the server from the network, and using the Guest account, the file or folders setup without permissions to "Everyone" won't be accessible to Guest, and you'll see the above error (or one similar).

So, besides the security benefit provided by using a limited access account, on a server with SFS / PPS disabled, you'll need to use a limited access account for setting up any files or folders that you'll be sharing. Unless you intend to manually check permissions for every new file or folder, that is.

Be consistent, and balance your file sharing / permissions setup. With just one computer running Simple File Sharing / Password Protected Sharing disabled, you'll be better off running all computers that way. And, always run under a limited access (non administrator) account on every computer, except when installing software or tweaking the system configuration.

>> Top

Your Browser, and Your Voice Modem

Occasionally, we read odd queries in various forums

When I am browsing certain web sites, or running a specific program, my computer starts the modem and dials out. Does anybody know what is happening here?
And those of us who are used to this query reply simply
Go to Internet Properties - Connections tab, and make sure that "Never dial a connection" is selected.


Long ago, when the browser was the only Internet application on the computer that was used with any regularity, the Internet Protocol stack and the dialer were built in to the browser. Even after the IP stack became part of the operating system, Internet Explorer continued to provide the option to have it dial out, automatically, if it detected a lack of Internet connectivity being provided by the operating system and network stack.

Unfortunately, the mechanism for detecting lack of Internet connectivity, from time to time, seems capricious. The oddest circumstances may cause the browser to dial out, leading to some interesting phone bills for some computer owners.

If you have a computer with an internal modem, and you connect your analogue voice service (aka "telephone") to the modem, maybe as a backup to your broadband service, you may occasionally hear the computer chattering away, when you pick up an extension and prepare to dial out. Now, you know why.

You can still have dial capability, as a backup to your broadband service. Simply use the dialer in Settings - Network Connections when necessary, and make sure that the browser is set to "Never dial a connection". Or, if you're interested, you could get a router that uses dialup access as a secondary connection.

>> Top