“Microsoft still
has work to do”
Bruce Schneier in a restrained moment
The Malware
Menace-Thinking the Unthinkable
Conservative options in today’s harzardous
milieu
Most well-informed geeks know the score:
· A malicious virus like Mydoom.F can drop your computer in its tracks and wipe your hard drive clean of the files you value most.
·
Logic bomb malware like Kama Sutra will
strike at any time
of its choosing totally out of the blue, your computer will not just get slower
and slower until you take action.
·
There is
much, much more rogue
antispyware software on the market that will
infect your machine than there is that will protect your PC. Only certified
software is to be trusted.
· Your personal data is big business. Venture Capitalists have given nearly $200 million to startup firms to create spyware. (Corollary-you can bet a chunk it goes lawmakers to legalize spyware, like the watered-down California spyware bill.)
· HP estimates the average cost for malware removal at $130 per incident. Consumer Reports estimates an $8 billion loss to consumers from malware.
· Even if you follow the cardinal rules of prevention you can still become infected.
o Windows automatic updates should be turned on
o The firewall should be enabled.
o Updated antimalware software should be installed with auto scans on.
o Internet Explorer should locked down and only used on the internet at a trusted source such as Microsoft.com or a certified vendor. All other browsing should be done with a third party product with Java disabled. As per CERT
o Outlook should never be used and email attachments should not be opened.
o IRC or Instant Messenger programs should be avoided.
o Office products like Word, Excel, etc should have macros disabled
o Questionable software should not be run unless it is scanned and walled into a sandbox for evaluation.
o If you’re foolish enough to run Wi-Fi, lock it down very tightly and use AirSnare.
What do you have to lose?
Vulnerabilities abound and will not disappear with Vista. How important is the data on your computer in your personal and business life? Maybe you could lose it all and not care, even it was placed in the hands of the Mafia. If so, this article is a waste of your time. If you are in the IT management, real estate, medicine, finance, legal or defense sector, big bucks are on the line. Malware is very big business for marketing companies and even bigger business for Mafia cartels worldwide. Identity theft and denial of service blackmail schemes abound. The Zombie Hunters article by Evan Ratliff in the New Yorker is required reading.
There is a
little acknowledged but fairly effective preventive strategy in wide use at
public terminals, the white-list instead of the black-list. Security expert
Marcus J. Ranum talks about it in Execution
Control: Death to Antivirus more
specifically Exe LockDown.
Taxonomy of Malware
Malware researcher Joanna Rutkowska defines malware as "a piece of code which changes the behavior of either the operating system kernel or some security sensitive applications, without a user consent and in such a way that it is then impossible to detect those changes using a documented features of the operating system or the application." Notice that this includes everything from the very feeble to the grossly malicious--a generic variety of all forms of hostile, intrusive, or annoying software or program code that just won't go away.
Malware terminology is in more than a little bit of a muddle as it is used in the press, here are a few basics drawing heavily on the Wikipedia:
A computer virus is a computer program which distributes copies of itself, even without permission or knowledge of the user. Most virus launches come via use of a hacker kit from "scriptkiddies."
A Trojan horse is a program that contains or installs a malicious program (sometimes called the payload or 'Trojan').
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.
Spyware is computer software that collects personal information about users without their informed consent and is often used interchangeably with adware. Personal information can be secretly recorded with a variety of techniques, including logging keystrokes, recording Internet web browsing history, and scanning for and stealing documents on the computer's hard disk. Theft of autocomplete passwords stored in Mozilla and IE browsers of target machines has been automated and can lead to identity theft and fraud. The Anti-Spyware Coalition defines the spyware landscape here.
Fraudulent dialers are software designed to connect to premium-rate or 900 telephone numbers. The providers of such dialers often search for security holes that may be present in the operating system installed on the user's computer and use them to change the computer to dial up through their number, pocketing the rate gouge money for themselves.
A backdoor is a method of bypassing normal authentication while securing remote access to a computer, while attempting to remain hidden from casual inspection. As a result the machine is effectively under remote control. If you are using the machine to type at the time your machine is compromised, you may notice that the words will be misspelled because characters will be dropped as you type. As this happens you will notice that the title bar of the document window will blink from blue to gray and back to blue and that characters will only drop out when the bar is gray not when it is blue. If this ever happens to you unexpectedly, unplug the machine from the internet immediately--you have a visitor.
A rootkit is a set of software tools intended to conceal running processes, files or system data (such as the use of internet ports) from the operating system. In and of themselves they may seem harmless, but when bundled with a payload that includes several Trojans the result can be devastating because the hidden items can not be located by the search commands supplied with the operating system. Rootkits have become the norm for high end spyware and zombie kits. Even Sony has its fingers in the pie! See Rootkits for Dummies.
Common Misconceptions
· Antivirus is
good enough. Many companies which offer a virus scanning product do not
include the ability to detect other forms of malware.
In the modern security landscape a scanner without spyware,
trojan, and rootkit capability is like a car without wheels. This poor
showing accounts for the need for premier niche products like SpySweeper, TrojanHunter, ProcessGuard and Sandboxie.
· The package I bought will block or remove the menace. The most effective Trojans specifically target antimalware products by deleting them, crippling them, or blocking them. Eighty percent of new malware defeats antimalware. See Why popular antivirus apps 'do not work' by Munir Kotadia and Anti-adware misses most malware. It takes more than one virus package to fight a virus plague and more than one spyware package to fight spyware.
· .exe files are the only danger – Roger Grimes documents well over 100 file types, or extensions, that may contain or spread a virus or bring about malicious results; some of the most common today are .doc, .rtf, .htm, .mp3, .pdf, .exe, .com, .cpl, .msi, .pif, .reg, .scr, .vbs, and .zip. The only way to protect against attachments is to block them all.
· It’s safe to open attachments from senders
I recognize – Many e-mail messages that contain virus-infected attachments
will appear to come from someone familiar to you; the virus can spoof the From
address to mislead the recipient into a false sense of security. Malware is quite capable of mailing out invites to everyone
in your address book. Never open any attachment unless you phone the sender and
verify that it is legitimate.
·I will know if I'm infected. Start by reading a list of symptoms. It's
not necessarily all about popups and inappropriate
search engine results. A zombie payload is all about maintaining secret control
of your machine in perpetuity. An AOL survey showed 90% of infected users did
not know they were infected.
·I will be able to use an online scanner if my scanner is
corrupt or missing. Nowadays infections
come as a payload, a redundant hacker cocktail, a blended threat. When I was
hit by the Beagle,
it involved a least two rootkits, 4 Trojans, a
dialer, a keylogger, a backdoor and 131 viruses and
other assorted items. McAfee was wiped clean from the drive and would not
reinstall, nor would several other antimalware
products. Safe mode was disabled. Internet Explorer was hijacked. The rootkits kept the Trojans cloaked from the online scanners
so they could not be removed. No single tool is likely to get you up and
running against such a barrage of targets. The rootkits
must be disabled first, then the cleanup can begin if
you are foolish enough to think you can find it all.
·I will be able to use a backup restore point to recover. All my backup restore points were erased.
·Malware is written by disaffected teenagers in their spare time. Mafia Malware is written by
teams of highly-skilled software engineers with large budgets on projects that
take man-years of effort and can go to extremes
to maintain control of your machine.
·Not many people get infected. There was a government press release from
·Spam is a harmless nuisance. It is estimated that 70-80% of all internet email is spam
and a third of that is sent out by spam zombies illegally. They are infection
vectors recruiting more zombies. The second most common cause of infection
after spam is spim, i.e. instant messaging.
·The passwords stored in my browser are encrypted, so they
are safe. Nope.
· The Microsoft/Claria acquisition will help assure protection for me.
Yeah, sure.
Help-I Got Hacked. Now What Do I Do?
In an eye-opening article of the same title Dr. Jesper M. Johansson of Microsoft gives us news worse than we have probably heard before about malware--give up and wipe your drive, there is no cure. The single "cleans all/prevents all" solution out there is fdisk.
The point is well-taken, if you neglect your backups, the worst is upon you. What you have to lose is potentially the whole ball of wax. If you leave the computer on, a logic bomb may wipe you clean--out of the blue. If you try to clean the machine with a scanner, there may be no way to boot the machine again. Many modern Trojans corrupt the system files so that it is impossible to restart in Safe Mode. If you repair Windows with the factory install disk while the infection is active, reinfection can occur when you reboot.
If you give the machine to a semi-competent IT professional without rigorous instructions about what data is critical and how much you are willing to spend to get it back, you stand a very good chance of getting back a blank drive with a fresh install of Windows on it. There is a whole industry of data recovery professionals available and they are not cheap. They can work on physically damaged hardware or malware damaged hardware. Let them get and clean the data before they wipe the drive clean if the cost is justified. If you are not the geeky type and your data is critical, you are taking an unjustified gamble.
Fixing it yourself with forum help
This is a very touch and go situation as mentioned above. There are cadres of well-meaning self-help volunteers on a number of malware forums such as CastleCops, GeeksToGo, SpywareInfo, SpywareWarrior, Tom Coyote and many others. They will usually post an orderly preliminary set of procedures they would like you to follow before you send them a HijackThis log file to examine. Such procedures have saved a lot of grief for most users, but it can often be impossible to follow the procedure if Safe Mode has been crippled by the malware or if the first antimalware scan you try freezes your computer. The clock will be ticking for some of these users and an examination of a cross section of these procedures never once mentioned or hinted of the potential danger or the desirability of booting to a diagnostic or rescue CD.
Most reputable antimalware packages have some kind of Rescue CD provision. It may be an extra cost option or a set of instructions on how to make a bootable version of their product with BartPE, but something will be available. If it isn't, cross them off your list of potential vendors unless you are a master geek ready to make your own. Using an ERD Commander or BartPE approach is even better than a factory rescue disk because whatever malicious files might be hidden by a rootkit will be open to the naked light of day. You will be running Windows from a safe read-only bootable CD and at the same time you can be running chkdsk, backing up any critical files or scanning for and removing unwanted files.
Once your data is safely backed up, just verify that it is current and complete as best you can, then just follow Horowitz's thoughtful procedure for wiping the drive in How to Remove Spyware and Malware from a Windows computer. Just remember that there will always be bookmarks, browser password files, registration numbers and sundry items tucked away that you don't think about very often like annual events. Yes, you will have to reinstall your applications and that will take time. The alternative is that you will probably spend just as much time running scan after scan from a myriad of online scanners and trial offer packages until you think you are clean. One scan might take two hours, four hours, even ten hours. Some of the packages are excruciatingly slow. In the end you might think you know whether the system is clean, then again the drive might not boot at all. Choices, choices. It is much faster to just scrub the critical data you want to save than it is to wade through gigabytes of unnecessary files.
If your data is worth saving and not backed up, then it is worth having alternate bootable storage. Short-term it can even be a large capacity flash drive, since prime-expert.com makes a software package called Flashboot. Flash drives are too unstable to provide exclusive reliable backup. Most systems do not come with two hard drives when new, but acquiring an extra drive is money well spent, many will just plug in to the USB socket.
The Escalated Approach (not advisable)
Some people like to play with fire. It pumps the adrenaline. If the temptation to continue running your existing Windows installation is just too great then get a copy of Always Use Protection by programming guru Dan Appleman and read the pages in the middle with the black edges several times as a strategy briefing. Then read preliminary instructions from one or more forums and think about the consequences. With the computer turned off write out an outline of what you think needs to be done on a step-by-step basis escalated by how serious your symptoms are.
Then get a copy of Absolute Beginner's Guide to Security, Spam, Spyware & Viruses by syndicated computer expert Andy Walker. It is easy to read and quite useful even for the experienced user. This book is the opposite of Dan’s book. It is all about products, not about strategy and internals.
Once you turn on the machine, keep a journal of just what you try and the results. It will probably take several days of your spare time. The past can get too foggy too fast. If you do not have a bootable CD, think hard about how to mount your drive after booting elsewhere first, perhaps you could install another drive or use an USB to IDE cable.
The web site www.antirootkit.com is very useful for locating antirootkit scanning and troubleshooting tools. Penetrating the cloak of any rootkits takes priority in locating problems.
There are lots of ways to boot a computer and some are much safer than others.
ERD Commander or BartPE CD
Antimalware Rescue CD
XP Installation CD
Boot from alternate partition, hard drive or flash drive
Safe Mode (with or without DOS)
Recovery Repair Console
Last known good configuration
Dan explores most of these in his book. He gives a few sample commands to help you get your feet wet. He does not talk about the pros and cons of particular products. He does not use the one size fits all approach a forum preliminary recipe might. Forums typically recommend one or more online scanning tools such as:
We will scan for free and try to fix it for free if you
are infected:
Kaspersky.com online checker (http://www.kaspersky.com/virusscanner-selective)
Bitdefender Online Scan (http://www.bitdefender.com/scan8/ie.html -selective)
Housecall online check at trendmicro.com (http://housecall.trendmicro.com/ -selective)
eTrust online (http://www3.ca.com/securityadvisor/virusinfo/scan.aspx -selective)
This last site did not find Eicar virus test files sprinkled all over the drive.
We will scan for free and give you a sales pitch if you
might be infected:
Mcafee online scanner (http://us.mcafee.com/root/mfs/)
Symantec online security or virus check (http://www.symantec.com/securitycheck/)
F-Secure Online Virus Scanner (http://support.f-secure.com/enu/home/ols.shtml)
Panda ActiveScan (http://www.pandasoftware.com/)
On some occasions a more specialized Spyware scan might be best:
Ewido Antispyware (http://www.ewido.net/en/onlinescan/ -- buggy? Died midway)
MySpyZero
and Virus online checks at http://global.ahnlab.com/
SpyXposer (http://www.pandasoftware.com/products/spyxposer/ -- expose, not fix)
Trend-Micro Antispyware for the Web (http://www.trendmicro.com/spyware-scan/)
TrojanScan (http://www.windowsecurity.com/trojanscan/)
Just remember that you are telling Internet Explorer that you are trusting these companies who are making a list of every file on your drive. Who do you want to have that information and what will they do with it? Does the company have a certified product?
Knowing how well the scan works
Eicar virus test file - http://www.trendmicro.com/en/security/test/overview.htm
PestPatrol spyware test files - http://www.pestpatrol.com/Support/V4_Updates.asp#Test
Take these harmless test files and put additional copies of them in a .zip file, an .rar file, an .iso file and scan each with a right click to your favorite scanner to see what happens.
Sometimes it useful to do a browser or port scan
Shields UP at grc.com for ports 1-1000
Firewall test at Auditmypc.com for ports 1-10000
Many of the forum moderators can zero in on a problem rather quickly after seeing some logs and recommend a specific tool which will save the day.
I recommend that you run a freeware program from Microsoft called TCPView to monitor your internet traffic during the first moments after you boot. At this time hacker software will phone home and tell the hacker servers that your machine is ready for traffic. When you see the two or three dozen invites being sent across the globe, it should give you pause to contemplate the meaning of the word redundancy. Some processes cloaked from taskmgr.exe may be visible with TCPView and can be killed with it. Once you know the name of the program (from viewing its TCPView properties) you can search for and delete it when you boot from an alternate drive. Then your antimalware software has a better chance to run unimpeded if you previously could not boot in Safe Mode.
Another useful freeware program is Pocket Killbox. It claims to be able to remove a file that is in use and cannot be removed with the normal Windows delete capability. Many antirootkit tools have a more complete ability in this regard.
Lastly it is helpful to have a quick easy way to see what starts up when your computer boots—Startup Control Panel.exe (standalone) , Starter and Autoruns each have their own pluses and minuses, but all will do the job. StartupCP.exe is the easiest and Autoruns is the most comprehensive.
I also recommend that you make a slipstream SP2 update of the Windows XP installation CD using update with theeldergeek.com instructions. Once you have an up-to-date Windows installer CD the geekstogo.com article How to repair windows XP will tell you how to use it to update corrupted Windows system files that prevent you from booting in Safe Mode. I recommend that you make the CD now, not it the midst of a crisis.
By the way, resist the temptation of ever buying a machine that does not have a copy of a Windows installer CD in the bundle unless you already have one that will do the job.
Once you see how many poison pills have been scattered throughout all levels of your system software you may hear the spirit of Dr. Johansson echoing in your brain. It is not a defeat to come to your senses, just a reminder to “Make New Mistakes.”
Turning on Protection, How-to Tutorials, Hardening Checklist
(save to your disk)
If you don’t use the web much and are truly paranoid you can even uninstall Java (JS2E) and even uninstall Flash animation, but since you can turn browser scripting on and off with preferences, this is probably overkill. If ActiveX scripting is totally disabled, then automatic updates will fail.
MICA Step-by-Step guide to securing your Windows XP machine – security tweaking ideas for the devotee
Desktop Audit Protocols – Enterprise-level procedures to guide IT professionals (pdf)
If you read all these bulletins and caveats you will have spent several hours amusing yourself reading about the diverse ways that your machine can give you headaches and what to do about it. What are your chances of actually remembering what to do and when to do it? Do you know a zone elevation block from a BHO? And ultimately the much bigger question is how many hours are you willing to spend just to keep one program from messing up your life? It’s hard to escape the conclusion that IE is as big a pest as the pests that exist because of its inadequacies.
Likewise, considering that most infections come from spam, there is no good reason for most home users to even consider using a POP3 email program when there are quality free services with built-in high-quality spam filters like gmail and yahoo mail out there. Outlook for most home use is an unjustified high risk invitation to infection.
Closing Thoughts
The same way dirty power is the biggest single cause of hardware problems, malware is the single largest cause of software problems. If you do not choose to take a proactive stance with a line conditioner and range of antimalware products, you are a sitting duck on both counts. The buzzards are circling, virtually none of them are in jail.
Even if your web doors are
locked your data is somewhere in someone else’s database on the web. Every week
hundreds
of thousands of personal records are compromised. Every year tens of
millions of personal records are lost, stolen or sold outright to criminal
elements. Only a handful of states like
Webibliography
of key references:
FTC Shuts Down BlogSpot Spyware Ring by Ryan Naraine at eweek.com
The Zombie Hunters by Evan Ratliff in the New Yorker.
Execution
Control: Death to Antivirus. by Marcus J. Ranum
Potentially Malicious Windows Files by Roger Grimes
Rogue/Suspect Anti-Spyware Products & Web Sites from spywarewarrior.com
Microsoft Internet Explorer does
not properly validate source of redirected frame
IE CERT Vulnerability Note – government recommends no IE use, try third party.
Spam Trojan Installs Own Anti-Virus Scanner – how malware can guard its booty
Help-I Got Hacked. Now What Do I Do? By Dr. Jesper Johansson at Microsoft.com
How to Remove Spyware and Malware from a
Windows computer by Michael Horowitz
Always Use Protection by Dan Appleman
Absolute Beginner's Guide to Security, Spam, Spyware & Viruses by Andy Walker
HijackThis Tutorial – from bleepingcomputer.com - (be forewarned that without reading and understanding a tutorial that: HijackThis+computer=KaBoom)
Antivirus
Software – review from consumersearch.com-What
they don’t say about Kaspersky is that phone support
means a call to
Help! Vendors promise solid tech support, but our test found long hold times and poor advice. by Ed Skoudis of Information Security magazine. A review of tech support from five different anti-virus vendors.
Why popular antivirus apps 'do not work' by Munir Kotadia,
Anti-adware misses most malware.- even running top two best scanners misses 30%!
Complete year of the Beagle (pdf) by Jason Gordon at infectionvectors.com
May I Help You: The Search Assistants (pdf) by Jason Gordon at infectionvectors.com
How to repair windows XP tutorial from geekstogo.com for replacing corrupted or missing windows system files using your factory disk.
Rootkits for Dummies by Larry Stevenson and the CastleCops.com volunteer staff-meaty insider scoop covering the whole range of the malware problem with a rootkit special focus.
Antirootkit.com – most comprehensive listing of antirootkit tools
Windows rootkits
of 2005, part three – Listing of a few tools and how they work
Inside Windows Rootkits-Chris Ries, Security Research Engineer (pdf)
Antivirus Tools Cannot Clean Infected Files in the _Restore Folder- Microsoft warning Windows Rootkits Prevention Measures – potpourri of options to explore
Phish-Hooked-Thieves Find Easy Pickings on Social Sites
– Washington Post (note that the number of alerts listed by the Anti-Phishing Working Group multiplied by 100 -17,600 in May
2006 compared with 176 in January 2004).
PayPal Security Flaw Allows Identity Theft – Slashdot
Nist Unencrypted Hall of Shame and A Chronology of Data Breaches
AOL/NCSA Online
Safety Study (pdf)
CyberInsecurity: The Cost of Monopoly--How the Dominance of Microsoft's Products Poses a Risk to Security --Microsoft vulnerabilities are a national security risk
benedelman.org - spyware watchdog and expert witness Ben Edelman tracks the industry.
When Google search result includes "This site may harm your computer?" warning
FTC Consumer Complaint Form – where to go to complain about malware
Applications:
SpySweeper TrojanHunter ProcessGuard Sandboxie BartPE TCPView Killbox CWShredder Starter StartupCP.exe-standalone Autoruns Flashboot Exe LockDown HijackThis Zonealarm AirSnare IMSecure QuickAccess
Norton Emergency CD instructions and free definitions
McAfee rescue floppy instructions and free definitions
Kaspersky 6 rescue CD instructions and free cumulative definitions
AVG Rescue CD -
$150 with a 1 year subscription
P.S.
Keeping your private data
private
One way to assure that others won’t be reading confidential material is encryption.
But that is only half the problem, what if a hacker has a keylogger running? On-screen keyboards are actually not likely to help unless integrated into the encryption program.
A hardware key aka a token is another option, but not commonly available on most low cost home products, and what if you lose it? Such dongle keys are normally supplied as a USB token that looks like a flash drive but includes both an internal processor and memory analogous to an encrypted phonebook of keys. Tokens can also come on smart cards that will plug into the same USB socket via an inexpensive smart card reader. Biometric solutions also exist, but tend to be more expensive. AES was designed for low-power smartcards and has been approved for Top Secret use. Blowfish was designed as a free (unpatented) algorithm for very fast encryption by cryptography expert Bruce Schneier. It allows for longer keys than AES. EFS is a form of encryption built into Windows and is not likely to help most zombie owners.The U.S. Supreme Court ruled in California vs. Greenwood that discarded materials confer no right to privacy, more or less giving individuals the right to peruse second-hand disk drives. If you don’t thoroughly wipe a drive when you’re done with it, too bad for you and your data. At least 600,000 laptops are lost or stolen every year.
File, Folder and Virtual
Drive Encryption
dsCrypt – Secure PassPad immunity to keylogger-infested environment (256-bit encryption), flash drive compatible, only encrypts files. Free.
CP-Lab.com File Encryption XP – 384-bit Blowfish algorithm, flash drive compatible Can encrypt both files and folders. $30.
CipherIX Secure IT (448-Bit blowfish encryption) and Cryptainer (128 bit encryption)
SecurStar DriveCrypt – 1344 bit encryption – can be used with Hardware Decryption Keys implemented as USB tokens or the SecuGen optimouse fingerprint reader. There is a traveller modus to allow use of the software on flash drives. Can only encrypt containers which can be mounted as virtual drives. $77.
PhysTechSoft Strongdisk - supports USB tokens with Blowfish with up to 448-bit et al
Digital Vault and Steganos Safe are other products that use
256-bit encryption
Low budget quality encryption can be had via a password protected a winrar file
Full Disk Encryption (FDE) Solutions:
Pros and cons. If malware makes your encrypted
system disk unbootable, all data may be permanently inaccessible, be sure to
ask.
Federal Government to deploy
Full Disk Encryption on all government owned computers
TrueCrypt open source FDE with 256 bit
encryption or create a file that is a virtual volume that can be mounted as a
disk. Wiki writeup. Free.
SecureDoc Winmagic – DOD quality full disk encryption (FDE) for desktops and laptops, employing authentication from password to hardware token, and biometrics with a home version called MySecureDoc with 256 bit encryption from $20.
Pretty Good Privacy (PGP) – high quality product that handles drives and email with USB token support, multiple algorithms up to 4096 bit encryption, $100.
SafeNet
and PointSec –
High-end GSA contenders for the federal FDE contest
Secure Flash Drives (some
will be vanilla drives bundled with generic software)
Store ‘n’ Go - Verbatim’s proprietary AES bundled solution for their flash drives, unfortunately they are too wide to fit in many USB jacks. On sale for around $20/GB
JumpDrive Secure II - Lexar’s proprietary cross-platform 256-bit encryption USB drives which require administrative privileges to run under Windows.
Kingston DataTraveller Secure - 256-bit AES encryption USB drives
Kanguru Micro Drive –
256-bit AES encrypted portable USB flash drive. It is the only such FIPS
certified device.
RITLabs The Bat!
Voyager PRO test - a 256-MB secure flash
drive
MXI ClipDrive
Secure – equipped with AES encryption using a 256 bit key
Imation Pivot Flash Drive – comes bundled
with 256-bit AES encryption software
Thanko Secure Morse Code Flash Drive – with numeric keypad,
if you speak Japanese
Authenex -
tokens and flashdrive storage
AData, Ativa,
Disgo, Intuix, Memorex,
PQI, Sandisk,
TwinMos, Verbatim are
WARNING: simply plugging a U3-based flash
drive into a USB connector may autoinstall software
linked to an advertising site on your hard drive without asking your
permission. Even though an ad for the device may claim U-Safe is bundled with
it, U-Safe may be missing. There may be no software on the device or referred
to in any help or instructions as to how to uninstall U3
components. The Control Panel may not show any entry in the Add or Remove
Programs listing of installed applications. Caveat Emptor.
(I found 5 pieces of U3 software in my C:\WINDOWS\Prefetch folder after
supposedly uninstalling this software with their uninstaller.) Many online
reports have been posted by users complaining that this software causes their
machine to crash.
SanDisk Cruzer
Micro USB Flash Drive –
password-protected (uninstall of U3)
SanDisk Cruzer
Profile USB Flash Drive –
biometric finger swipe
Hypertec Biodisk from Hypertec Ltd
BioCert ClipBio
Pro Biometric "Flip Clip" Flash Memory Drive 1 GB
fingerprint-based with password override.
Lector Emptor - If you choose to try to fix you own problems, it is your responsibility alone. All imaginable caveats apply. This document is guaranteed to contain unwitting errors and omissions of one sort or another.
Keywords: viruses virus scanning software removal remove recovery trojan mcafee scan virusscan norton bartpe pebuilder CERT NIST troubleshooting troubleshoot powerful free virus removal software tools remove vulnerable vulnerability infection infected infect protect protection malicious malware key logger keylogger repair restore recover recovery faq prevent prevention preventing windows xp registry countermeasure hijack hack attack spyware worm virus trojan backdoor rootkit disguise cloak cloaking cloaked antimalware antirootkit antivirus antispyware guide comprehensive boot reboot bootable restart unplug disconnect secure security desktop hardening zombie backup pc machine computer hijackthis submission guide avast trendmicro kaspersky asquared panda bitdefender nod32 etrust KAV NAV Ewido AVG SpySweeper , TrojanHunter , ProcessGuard Sandboxie TCPView Sandboxie ExeLockDown Zonealarm CWShredder definitions free malware removal tools free spyware removal tools spim spam instant messaging biometric token key secure flash drive full disk encryption encrypt decryption decrypt FDE EFS WiFi Wi-Fi wireless