April 2008

Free Security Utilities from
Gibson Research

Obtained from author with the author's permission for publication by APCUG member groups.

I recently received an email from a reader of this column who was getting a variety of annoying pop-ups on his computer. He had an updated antivirus utility installed, a good anti-spyware utility was updated and running, and a competent firewall; yet still, he was getting annoying pop-ups promoting male enhancement products, pornographic websites, prescription drugs without a prescription, and a variety of other illicit products. He had already run Trend Micro’s excellent Housecall free online security scan (www.housecall.antivirus.com), and Microsoft’s free OneCare security scan ( www.safety.live.com ), and both corroborated that his system was clean of malware, but still the aggravating pop-ups continued. In his email, he pleaded for a solution. I recommended a tiny free utility from Gibson Research with a nasty name, Shoot the Messenger.

Shoot the Messenger is just one of several small free utilities that Steve Gibson makes available on his website under the Freeware – Security link on the top of the page at www.grc.com. This popular security program has been downloaded over 2 million times, and I routinely install it on every computer that I work on. What this tiny 22k size program does is selectively turn off or on Microsoft’s Windows Messenger Service. This Windows service, totally unrelated to the popular instant messaging services such as AIM (AOL Instant Messenger), Yahoo Instant Messenger, MSN Messenger, and similar instant messaging services, was intended by Microsoft as a way to send messages from a system administrator to everyone on a network. Monitoring for these intermittent system messages takes a small amount of computing power, and leaves a port open on the system that is typically unprotected by a firewall. What this open port has done is to allow spammers and distributors of pop-ups to send their illegitimate content directly to your desktop, bypassing the traditional perimeter security defenses. By turning off the Window’s Messenger service, these miscreants can no longer access your computer through this vulnerability. With Shoot the Messenger, the user can selectively turn the messenger service on (to receive legitimate network messages as well as annoying pop-ups and on-screen spam), or off, which closes the otherwise open port and prevents the irritating display of those annoyances on your computer. My reader, with the annoying pop-ups, downloaded Shoot the Messenger, and then ran it turning off the Messenger service; the pop-ups instantly ceased. It should be reiterated that this service has absolutely nothing to do with the external instant messaging services, and thus has no impact and no degradation whatsoever with those services.

Another security issue that we face is the vulnerability of our computers to external access while online or on a network; this is precisely why we all need some variety of firewall. Fortunately, most of us these days have a firewall installed and running on a fulltime basis, whenever the computer is running. Most of us blindly accept that our firewall is protecting us from hackers, and live with that blissful ignorance. It just so happens that most firewalls leave some vulnerable ports open for a variety of reasons ranging from intentional design to user misconfiguration. Steve Gibson offers two extremely popular and free methods to test the security of the firewalls installed on our computers, Shields UP!, and LeakTest.

Shields Up! is arguably the internet’s most popular free firewall checkup utility, with over 71 million computers tested for security vulnerabilities. Shields UP! Is a free online test which electronically probes all of the ports on your computer (over 65,000 of them), and reports on which ones are open or otherwise vulnerable. Once the vulnerabilities are detected, most firewalls can be configured to protect against those external vulnerabilities.

To detect if malware may be sending information from the computer to parties unknown through open outgoing ports, Gibson has a small (25k), free utility for download, LeakTest, from www.grc.com/lt/leaktest.htm . LeakTest has been proven to be very popular, with over 6 million copies downloaded. LeakTest can be used to determine if any malware that may be on the computer can transmit data from the computer, and then allow the user to block the vulnerable outgoing ports that are often unprotected by many firewalls. It should be noted that the Microsoft’s integral Windows XP firewall, that millions depend on as a default firewall, offers almost no protection from malware that wants to use outbound connections. Most contemporary third party firewalls now offer outbound protection, but LeakTest would be a valuable adjunct to verify the veracity of the outbound protection on any computer.

Another vulnerability, that no less than the FBI has flip-flopped on, is Window’s Universal Plug and Play feature. Present in all current versions of Windows, this vulnerability allows hackers to access the system level of the computer, and effectively take control of it. Once control of a computer has been compromised at the system level, the computer may be internally attacked with a “Denial of Service Attack”, which allows the hacker to totally crash a computer. This vulnerability also allows a hacker to control the computer (now called a “zombie”), and along with countless other such infiltrated computers, launch a simultaneous Denial of Service attack against another computer, online service, or website. To combat this vulnerability, Gibson offers its free UnPlug n’Pray  for free download at www.grc.com/unpnp/unpnp.htm . This tiny 22k program has been downloaded over 2.8 million times, and has selectively enabled and disabled on demand Microsoft’s Plug and Play service (sometimes ridiculed as “Plug and Pray”).

Steve Gibson, with his release of over a dozen such free utilities with a cumulative download count of about 25 million, is to be complimented for his unselfish service to the computing community. Steve Gibson supports his activities by selling his commercial product SpinRite (www.grc.com /sr/spinrite.htm). SpinRite is one of the most widely used utilities to determine the physical condition of a hard drive or other storage media, recover data, repair the data structure, and maintain the integrity of a hard drive or other magnetic media. Available at $89 for first time purchasers, with substantial discounts for upgrading from a previous version, SpinRite can be an essential utility to diagnose and repair hard drive problems.

I recommend that all PC users visit www.grc.com  and download some of the free utilities and check their computers for vulnerabilities; we all need to know where our weaknesses are before we can deal with them, and Gibson Research can provide us with that invaluable assistance.

Click here to view more articles that may interest you.