Prevent keyloggers from grabbing your passwords

Prevent keyloggers from grabbing your passwords

By Scott Dunn

Strong passwords are important, but even the best password won’t keep you safe from keyloggers — hardware and software that’s designed to secretly record your keystrokes.

Fortunately, there’s a way you can enter sensitive data so it’s extremely difficult for snoops to extract your passwords from keylogger files.

In her Aug. 6 Top Story, WS contributing editor Becky Waring reported that Google’s Gmail service allows hackers to try to guess your password 1,200 times per day. She provided some useful tips for making strong passwords that are easy to remember but hard to crack.

The bad news? Even the strongest passwords can be recorded by keyloggers. These are software and hardware products designed to capture computer events and store them in a log file.

Keyloggers can have legitimate uses in business, or they can be perverted into collecting passwords for identity theft. For more information on how these products work, see my Oct. 9, 2008 review of free software keyloggers.

Windows’ On-Screen Keyboard app is also logged

If you’re using a computer you aren’t sure is keylogger-free, how do you protect any passwords to sensitive Web accounts you may need to access? A reader named Kenneth recently submitted the following suggestion:

• “I use a simple existing tool in Windows called osk.exe (On-Screen Keyboard). This program, as you may know, resides in the C:WINDOWSsystem32 directory, but there’s no shortcut or link to it, so most people don’t know it exists! You can launch it by entering osk in the Run command.

  “Anytime I need to log in to any sensitive sites (banking, etc.), I launch osk.exe first and use this on-screen keyboard to click and enter my user name and password, even on my own home computer. This way, I feel confident that my credentials can never be captured.”

Kenneth’s suggestion may be useful to prevent some types of hardware keyloggers from detecting signals from the physical keyboard. Unfortunately, the program provides no defense against software keyloggers. Windows’ On-Screen Keyboard sends information to applications as keystrokes, just as though you’d pressed the keys on a keyboard.

The first keylogger program I tested with the OSK workaround — All in One Keylogger from RelyTec — easily captured my keystrokes as I signed in to a Web site. (For more information about the All in One program, see the vendor’s site.)

Holes in anti-keylogging software protection

Another alternative that’s often touted to protect your passwords is to use anti-keylogging software. The Antispy Software site lists several such products, but I can’t vouch for them.

Anti-keylogging software — even if it were effective in its stated mission — wouldn’t prevent your password from being intercepted by a hardware keylogger. The sad fact is, if a keylogger is deployed effectively, you can’t detect whether a public or unsecured computer has a hardware or software keylogger — or any keylogger at all, for that matter.

The universal defense against password snoops

Your best defense is not to use any untrusted computer to sign in to any site that contains banking or sensitive personal information. When you simply must take a chance on using a random PC, however, you can minimize the risk — if not eliminate it.

Security blogger Ian Saxon publishes an approach that may not be 100% foolproof but should provide some reasonable protection when entering passwords. Writing on his Defending the Kingdom site, Saxon outlines what he calls the “revised Vesik method” for entering passwords:

• Step 1. Click in the password box and type three random characters, mixing upper and lower case, numbers, etc.
• Step 2. Use your mouse or the Shift and arrow keys to select the characters you just typed. Then type three more random characters or a portion of your password, replacing the characters you typed previously. (Mixing random characters with actual parts of the password makes it more difficult for keyloggers to identify your password.)
• Step 3. Repeat steps 1 and 2 a few times. The more often you repeat the process, the harder it will be for an intruder to discern your password when examining the keylogger file.
• Step 4. Click to the left or right of your password segment and follow steps 1 to 3 to add a few more characters.
• Step 5. Repeat the process, adding a few more characters of your password on each cycle until your entire password is in the password box. Then sign in to the site.

This procedure clutters the keylogger’s log file with a series of click events and characters. There’s no easy way for the intruder to know which characters are your password and which are random.

The key is to select and gradually overtype gibberish characters with your actual password characters. Don’t simply type some garbage, backspace over it, and then enter your real password. Most keyloggers compensate for backspacing but can’t keep track of characters you select and overtype.

As Saxon points out, this method isn’t foolproof. For example, if you use an untrusted PC to sign in to the same site twice — and you don’t use identical gibberish each time — a hacker could compare the two captured keystroke sequences and possibly figure out which characters constitute your actual password.

However, most crooks are looking for “low-hanging fruit.” They’ll move on to another victim rather than spend a lot of time trying to filter your password out of the noise.

Of course, if we all used the Vesik method to obscure our passwords, hackers might develop keyloggers that track this kind of data entry, too. But most people don’t conceal their passwords in noise, so keyloggers don’t compensate for it.

If you have no choice but to sign in to a site on a PC you aren’t sure of, protecting your password is a difficult problem with no perfect solution. Many software programs, such as RoboForm2Go, offer password-protection schemes that vary from the no-cost Vesik technique. WS senior editor Gizmo Richards recently reviewed these methods in an analysis at his Tech Support Alert site.

Just be aware that accessing the Internet using your own laptop — on which you run up-to-date antivirus software — protects your passwords better than using a public Internet terminal or a friend’s PC.

Contributing editor Scott Dunn is the co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

Keep your computer beyond the reach of hackers

This month’s free bonus download for all our subscribers is a two-chapter excerpt from Hacking Exposed: Computer Forensics by Aaron Philipp, David Cowen, and Chris Davis. The book provides valuable information about protecting everything on your computer out of the clutches of harmful hackers, be it important data or merely your IP address.

The printed volume isn’t in stores yet, but all subscribers can receive our exclusive excerpt of two full chapters through Sept. 30. Simply visit your preferences page, save any changes, and a download link will appear. Thanks! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

Trade in your hops for grapes … fun will follow

By Stephanie Small Sick of drinking beer at parties? Hate it when your buddies stick you with a warm brew? Nothing sucks the fun out of social occasions faster than the same old swill. Well, your lackluster beer-drinking days are about to be supplanted by the best of aged wines … cabernet sauvignon! Pronounced just as it’s spelled, this high-class “fancy” beverage can turn any frown upside down — if the frowner is of legal drinking age, anyway. Aged since 2002, the grapes are at their peak of fermentation … and the beverage even comes in a light version for those watching their waistlines! So call for a cab at your next pool party or festive bash. And of course, there’s no better way to impress that special someone. Play the video

Reset your BIOS so USB keyboards work on boot-up

By Fred Langa Just because your PC fails to recognize a USB keyboard at startup doesn’t mean you’re now the owner of the world’s largest paperweight. When Windows works perfectly, but your PC’s underlying hardware goes south, a slightly geeky hardware trick might just get the crippled machine going again!

A dead keyboard can spell big trouble

George Molzahn is caught in a Catch-22 situation:

• “I have Vista Home Premium on an Intel-based system. All of a sudden, my PS/2 keyboard stopped working, period. I checked connections, rebooted, etc., but my keyboard still won’t work. I figured it had died, so I bought an inexpensive USB keyboard, hooked it up, and it operated just fine — except it was dead during boot-up.

  “As the boot proceeded and Vista started, the keyboard came alive and worked great. Hmmmm …. I got a USB-PS/2 adapter and plugged the new keyboard into the PS/2 port in the back of the computer and guess what? The keyboard is ‘dead,’ just like before.”

Sounds like two things are going on. First, your PS/2 keyboard port clearly has failed. Sometimes, accumulated stress can cause a physical port’s solder connections to break; a tiny hairline crack is all it takes for the electrical connection to be severed.

While resoldering is technically possible, it’s a deep-geek fix to do by yourself and an expensive job to farm out to a repair shop. For me, a dead port is a clear sign that it’s time for a new PC — or at least a new motherboard.

The second thing going on is that your USB ports aren’t set up to work at boot time. Windows is doing its job because your ports work fine once Vista is in control of the system. But to fully use your PC, you need a way to get the USB ports to work at initial boot, before the operating system loads.

Most current BIOSes are designed to work with USB devices at boot, but that feature may be disabled on your system. Normally, you can enable boot-time USB access by pressing a specific key, such as F1, F2, or Esc, to enter the BIOS setup program as the PC starts and before Windows loads. But — Catch 22! — you can’t do that without a working keyboard.

You can reset or “clear” the BIOS manually using a small switch or “jumper” on the motherboard. A jumper is a small electrical bridge that can be manually positioned over conductive pins that stick up from the motherboard. (See Figure 1.)

Figure 1. It’s easy to manually reset a BIOS — sometimes called CMOS or RTC — by finding the reset pins and manually positioning the jumper.

Jumper pins are usually labeled with tiny type printed right on the motherboard itself. With your PC off, open the case and use a flashlight to look inside for the small type printed on the motherboard next to each component. The BIOS reset — which is sometimes called “CMOS,” “RTC,” or some variant thereof — is usually located near the battery.

There are three pins, usually numbered 1, 2, and 3. In Figure 1, the jumper is bridging pins 2 and 3. To reset the BIOS, remove the jumper and replace it so it bridges pins 1 and 2. Wait 30 seconds or so, and then restore the jumper to its original position over pins 2 and 3. That’s all it takes!

If you need more guidance, see the WikiHow.com article, “How to reset your BIOS,” or the illustrated instructions by Tom’s Hardware.

Resetting the BIOS this way restores all the BIOS defaults. If those defaults include USB support at boot — which they commonly do in modern systems — you’ll now be able to use your USB keyboard at boot time!

Why won’t my PC open the .cda files on a DVD?

John Biddlecombe is having trouble with his DVD files:

• “My DVD writer records DVDs and plays them back OK, but when I try to look at them on the computer, it just lists the files as type .cda. Do I need a specific codec before I can even read the DVD?”

A .cda file is actually a kind of shortcut to a CD audio track. Each audio track has its own .cda file. You can’t “play” a .cda file directly, because it contains only information about the audio and is not the actual audio track itself. Thus if a .cda file is created incorrectly — or you copy or burn a .cda file without its associated audio track — playback will fail.

Microsoft explains .cda files and all other Media Player file types in Knowledge Base article 316992. The Windows Media Knowledge Center article, “Why can’t I play CDA files?,” may provide the information you need to resolve the problem you’re experiencing.

If it doesn’t, switch to using a known-good burning/ripping tool. I get great results when I use Ashampoo Burning Studio Free 6.76, which is available free, as the name states, from the program’s download page on CNET’s Download.com. Ashampoo’s product is relatively small and simple, yet it reliably rips and burns CDs, DVDs, and Blu-ray discs in all the standard video, audio, and data formats. The program supports all current versions of Windows, including Windows 7.

With a fresh setup of a reliable, known-good DVD-burning tool, I’ll bet your .cda problems will be a thing of the past!

‘Unable to display this folder’ in Outlook inbox

Charles Buchanan can’t get into his Microsoft Outlook inbox:

• “When I try to enter the inbox of Outlook, I get a message ‘unable to display this folder.’ All other folders can be accessed. Any suggestions?”

Outlook offers an impressive array of almost 50 command-line maintenance tools (or “switches”) that can help solve or bypass various problems. Microsoft lists all the Outlook command-line options on the Office Online help site.

I suggest you start with the commands /cleanviews — which removes any corrupted “views” of your folders — and /safe — which starts Outlook in its own safe mode and bypasses the more-complex settings and views that may be causing the trouble.

In XP, click Start, Run. In Vista, click Start. In both versions of the OS, type either outlook /cleanviews or outlook /safe. Microsoft warns that “in some instances, it may be necessary to run the switch a second time.”

Although your question was specifically about Outlook, it can be a good idea to run the Windows chkdsk command whenever you encounter a file-access problem. Your problem may show up in Outlook but may not actually be caused by Outlook itself.

For more on XP’s chkdsk utility, see Microsoft KB article 315265, “How to perform disk error checking in Windows XP.” For Vista, see the Windows Help Central article, “Windows Vista chkdsk.”

Recover a lost Vista key by calling Microsoft

Mike Vandenboo’s Vista key has become partly illegible, making reinstall impossible:

• “I bought a Dell preloaded with Vista. While in Iraq, the HD failed, and when I went to reinstall Vista on a fresh one, I looked at the registration key and it has 10 out of the 15 digits legible. The other five are smudged, and I can’t read them. If I call Microsoft, shouldn’t they be able to pull my key out of a database? I did register my copy of Vista.”

Although Microsoft has a reputation as a big, bad, impersonal corporation, I’ve actually always found the company quite easy to work with, even when dealing with them as a regular end-user, same as anyone else, and not in my tech-journalist persona.

I suggest you call Microsoft’s U.S. customer-support line at 1-800-642-7676 and simply explain your predicament. (In other parts of the world, visit Microsoft’s Help and Support page, enter your country’s name, and then select the “contact customer service” link.) I bet you’ll find the Microsoft support staff helpful and accommodating.

Oops, there goes another disk partition!

Don Farr joins the list of those of us who have accidentally deleted an entire hard-disk partition (yes, I’ve done this, too):

• “Recently, while doing some HDD maintenance, I accidentally deleted the only partition on my external USB HDD. I immediately shut down the drive and am looking for a direct way to fix the situation. I have done nothing to cause the files to be disturbed, so it seems there should be a straightforward solution. Any advice other than to not do dumb things like this?”

You did the right thing by not using the drive at all after the error, Don. Your best chance at a successful file, folder, or partition recovery comes immediately after the accidental deletion. Once you start using the drive and making changes, the odds of a successful outcome decrease.

Two of the most-popular commercial recovery tools are the $39.95 Active@ Undelete, which is available at the vendor’s site, and Acronis’s $49.99 Disk Director, which you can read more about on its product page. Both programs are available to try before you buy.

I favor using established commercial tools for these types of recovery tasks, because there’s not a lot of room for error and you may not have multiple chances to make things right.

But if a free tool is more to your liking, check out the comprehensive list of “Free data recovery, file and partition recovery, undelete and unformat utilities” at the FreeCountry.com site.

And good luck with your recovery, Don!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Hackers exploit FTP flaw in Microsoft's IIS

By Robert Vamosi Sites running the FTP service on Microsoft’s Internet Information Services (IIS) Web software may be vulnerable to attacks. The company says FTP service versions 5 and 6 are affected, but claims version 7.5 is unaffected on Vista and Windows Server 2008.

Beware of anonymous FTP users bearing gifts

Webmasters take note: if you use Microsoft’s FTP service, attackers could plant code on your servers or launch a denial-of-service (DoS) attack against your site.

According to Microsoft, a newly discovered set of FTP flaws allows an attacker to install unauthorized software on an Internet Information Services (IIS) server or to crash the box.

The vulnerable versions of the FTP service shipped on several flavors of Windows and Windows Server over the years. The company says the latest version of the FTP service, 7.5, is safe on Vista and Windows Server 2008.

The remote-execution vulnerability, which was first described on the Milw0rm security site on Aug. 31, could allow an attacker to run malicious code. Modern versions of Windows have a feature called /GS (a buffer security check) that protects them from remote-code execution, but earlier versions do not.

The newly announced vulnerabilities include a buffer-overflow flaw, which could lead to a DoS attack against any of the affected versions of Windows. Buffer-overflow attacks use an anonymous account that has both read and write permissions. The threat, however, isn’t limited only to anonymous users.

Microsoft has updated security advisory 975191 to discuss all the known unpatched FTP exploits in IIS.

Partial workarounds offered for the IIS flaws

In a TechNet blog post on Sept. 3, Allan Wallace of the Microsoft Security Response Center (MSRC) said, “The initial vulnerability was not responsibly disclosed to Microsoft, which has led to limited, active attacks putting customers at risk.” Wallace states that a patch “will be released once it reaches an appropriate level of quality for broad distribution.”

In the meantime, some workarounds are available for the FTP flaws. But Microsoft admits that the solutions currently offered don’t fully mitigate the risks:

• Upgrade the FTP service. If you’re running Vista or Windows Server 2008, Microsoft recommends upgrading to IIS 7.5. However, FTP sites will still need to be migrated from the FTP service in IIS 6 to the equivalent in IIS 7.5.
• Restrict anonymous users. If you’re running versions of Windows other than Vista or Windows Server 2008, you’ll need to restrict your anonymous FTP users. To do so, launch IIS Manager and follow these steps:

  • Right-click Default FTP Site and click Properties;
  • Choose the Home Directory tab;
  • Uncheck the Write option;
  • Click the Security Accounts tab;
  • Make sure that Allow anonymous connections is deselected.

• Disable the FTP service. If you don’t need the FTP service in IIS, turn it off. Instructions for removing FTP from IIS 5.0 and 5.1 can be found in Microsoft Help and Support article 321141. The same basic steps apply to later versions of IIS as well.

Don’t shoot the automatic Messenger upgrade

Microsoft announced Aug. 25 that it will be upgrading all users of its Windows Live Messenger service to version 14.0.8089. The upgrade, described in security advisory 973882, will occur automatically when you sign in to your Windows Live Messenger account.

If you’re using a previous version, you’ll be prompted to download the latest release. While you can delay doing so for a while, failure to download the update may result in blocked access to the service.

Why is Microsoft upgrading Windows Live Messenger? You’d think it wouldn’t need to, since the company recently patched vulnerabilities in its Visual Studio Active Template Library (ATL), as described in security bulletin MS09-035.

However, Microsoft has since discovered another ATL remote-code-execution vulnerability.

Additionally, Microsoft decided to remove the Attach Photo feature in Windows Live Hotmail. The company claims the change is “on a short-term basis in order to fix the issue.”

Microsoft didn’t provide a timetable for the Attach Photo feature’s return. In the meantime, the company states that photos can be added to Hotmail messages by clicking Attach and then selecting the photo you wish to send.

Firefox checks Adobe Flash, so you don’t have to

The Mozilla Foundation’s upcoming release of Firefox 3.5.3 and Firefox 3.0.14 includes a new add-on for the browsers that will automatically check the current version of Adobe’s Flash Player. The add-on wasn’t available for testing, but sources say it will alert you when your Flash Player is out-of-date. (See Figure 1.)

Figure 1. Firefox’s new add-on will tell you not only when your Adobe Flash Player is out-of-date, but also where the update can be found.

Johnathan Nightingale, Mozilla’s “human shield,” said in the organization’s security blog that Firefox will be monitoring Adobe’s Flash Player because of the technology’s popularity. Studies have shown that as many as 80% of Firefox users have an outdated (and likely insecure) version of the Flash Player on their systems.

Nightingale said Adobe is just one of several vendors Firefox will be working with. “Our intent is to get [users’] attention and direct them to the Adobe Web site, where they can download the most up-to-date version,” Nightingale states in the post.

WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers. He is currently a security, risk, and fraud analyst for a Bay Area financial services research firm.

New Web-based attacks target Windows Media holes

By Susan Bradley Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites. These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week’s Windows patches.

MS09-047 (973812)
Browsing without new patch could be hazardous

This month’s security patches for Windows are a reminder that even the sites we trust can be sources of malware infections. Microsoft security bulletin MS09-047 (973812) patches a hole that allows infected, downloaded media files to gain complete control of your system.

More and more sites — even popular ones such as Facebook — have unknowingly hosted malicious banner ads, which is one way these media files can infect you. Microsoft’s Security Research & Defense blog predicts that this vulnerability will likely be targeted by such exploits within the next 30 days.

Vista and Windows 7 have some protection against these attacks, but you should download and install MS09-047 immediately to stymie them completely, especially if you use XP.

If, for some reason, you can’t install this patch, remember that even sites you think of as trustworthy might serve a malicious banner ad from a third-party ad host. The safest course of action is for you to apply this patch and use a browser other than IE, such as Firefox, Chrome, or Opera.

MS09-045 (971961)
JScript scripting engine susceptible to malware

MS09-045 (971961) fixes a problem with the JScript scripting engine. Many sites use JScript to change messages and other site elements dynamically.

This isn’t the first Windows patch for malicious JScript code. A similar hole was addressed back in 2006.

One way to prevent — without patching — attacks that target this glitch is to raise to High Internet Explorer’s security setting for the Internet zone. Unfortunately — as anyone who has tried to browse with this setting will tell you — doing so is painful, because you’re prompted to allow nearly every action you take on a site. By comparison, Vista’s User Account Control warnings are a walk in the park.

If you’ve upgraded to IE 8, the risk of such an attack is mitigated by the browser’s Data Execution Protection features.

However, if you install this update on a system running XP Service Pack 2 and IE 6, and then update to SP3 or IE 7, the patch won’t be listed in the Add or Remove Programs applet (and you therefore won’t be able to uninstall it if need be). On XP SP2 with IE 6, you should first install XP Service Pack 3, then install IE version 7 or 8. Do this before you use Microsoft Update to apply MS09-045, so the patch will correctly install and still be removable.

Just as with the Windows Media patch described above, even sites you would otherwise trust can host malicious banner ads that can be used in these attacks. I recommend that you make both updates a high priority this month. They’re the two vulnerabilities most likely to be targeted in exploits within the next 30 days.

MS09-046 (956844)
ActiveX dynamic edit control leads to exploits

The third browser-based vulnerability to be patched this week also affects sites you may frequent on a regular basis. MS09-046 (956844) fixes a hole that allows a site’s ActiveX control to be used in attacks. (Ironically, a security researcher at Google originally brought this issue to Microsoft’s attention.)

As with the JScript problem described in the previous item, you can prevent this exploit from affecting your system by raising Internet Explorer’s security level for the Internet zone to High. However, it’s easier to apply the patch.

If you’ve installed IE 8, the risk of this vulnerability is reduced because of the Data Execution Protection built into the browser.

Office Genuine Advantage: Skip this ‘update’

Much ink has been spilled decrying Microsoft’s Windows Genuine Advantage (WGA) spyware. In an April 16, article, for example, WS contributing editor Ryan Russell listed problems that still affect WGA.

Now the Redmond company has devised a new way to annoy its customers: the separate but related Office Genuine Advantage applet is now attempting to creep onto your systems in the guise of a security update. (See Figure 1.)

Figure 1. The Office Genuine Advantage Notifications update, shown in the last line of the image, attempts to slip onto PCs as a “high-priority” patch.

The “update,” described in KB article 949810, is being offered to some computers to test whether they have a genuine version of Office installed. If your copy of Office doesn’t pass muster, OGA will say you have an illegal version.

You do get some warning: you must approve an end-user license agreement before OGA will install. Based on the number of confused customers posting on Microsoft’s Genuine Advantage Forums, however, OGA serves only to annoy legitimate customers.

For now — and probably forever — you should skip the OGA update.

MS09-048 (967723)
TCP/IP patch excludes Windows 2000 systems

Still running Windows 2000? You’d better have a good firewall in place. And you may want to consider using this old operating system even less, given the release of MS09-048 (967723). Windows 2000 machines aren’t able to obtain this TCP/IP patch, because the OS’s networking architecture doesn’t support it.

Microsoft claims in its September 2009 security-bulletin summary that the risk of remote-code execution due to this vulnerability is very low on Vista and Server 2008 systems. However, Windows 2000 can’t be protected against denial-of-service (DoS) attacks due to this hole at all — unless you use a third-party firewall.

In addition, Microsoft is adding new Memory Pressure Protection features for the TCP/IP stack, as described in KB article 974288. The extra protections included in this update are not enabled unless you adjust some Registry keys. At this time, however, I recommend that you install the patch as is and make no other system changes.

I’ll revisit this issue and provide more details about the Memory Pressure Protection features in a future column.

MS09-049 (970710)
Wireless LAN AutoConfig Service spells trouble

Most laptops these days include a wireless adapter that’s enabled by default. This means they may broadcast to and pick up signals from wireless access points at any Starbucks or other hotspot their owners may pass by.

Until you apply MS09-049 (970710), you’d be wise to slide your notebook’s little wireless-adapter button to the off position. Not only will you save battery power, you may also prevent the machine from being taken over by a malicious wireless access point.

This patch affects only Vista and Windows Server 2008, not XP or Windows 2000 machines.

975497
File-sharing zero-day vulnerability reported

Microsoft Server Message Block (SMB) version 2 is the second generation of file-sharing technology in Vista, Windows Server 2008, and Windows 7. A zero-day flaw affecting SMB 2 was announced on Sept. 8 in KB article 975497. Interestingly, the glitch is also present in the Windows 7 release candidate but not in the RTM (released to manufacturing) version of Windows 7.

If you use Vista or the Windows 7 release candidate in a standalone environment, you’re probably running the “public” firewall profile. This will protect you from attacks attempting to use the SMB vulnerability.

To determine whether you’re using this profile, click the networking icon in the taskbar’s notification area, choose Network and Sharing Center, and look for a park bench icon. (See Figure 2.)

Figure 2. Look for the park bench icon in the Network and Sharing Center to indicate use of the public firewall profile.

The public firewall profile protects systems from these outside attacks. If you don’t see the park bench icon in the Network and Sharing Center, and if your machine is part of a peer-to-peer network, an external firewall should protect you from this zero-day threat until a software patch becomes available from Microsoft.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.