Uncategorized Archive

Using a standard User Account with high UAC settings in Windows 7

By derek | Filed in Security advice, Tips & Settings, Uncategorized, Windows

You should always use a standard user account in Windows 7 and Vista.  We know that in in ideal world, you would have created a standard user account and a separate Administrator account when you installed Windows. However we don't live in an ideal world and many new computers come with a default account already set up that has full Administrator permissions and access. This link will show you exactly how to create a new Administrator Account and demote your existing Admin Account to a standard user. Make sure you create the new Admin account before demoting your existing one.

When you are the only user on the computer, you can make life easier when starting up the computer, by setting windows not to ask for a user name and password when you log on and automatically log onto your everyday user account.  

Windows 7 and Windows Server 2008 R2 introduce additional User Account Control (UAC) settings that are similar to the Internet Explorer security zone model. If you are logged on as a local administrator, you can enable or disable UAC notifications, or choose when to be notified about changes to your computerWindows Vista only offers you two types of UAC settings: on and off. In Windows 7, you have more settings to choose from.

The default settings for Windows 7 are set too low and can allow you or anybody with access to the computer to accidentally allow malware to install or settings to be changed. This is especially true if you have children ( teenagers) who use the computer. I Strongly recommend that you always set UAC to the highest level Always notify. When you use this setting while also using a standard user account ( not an Administrators Account) then you will be protected from 99.9% of any attempt to install malware or change any settings on your computer without you knowing about it.

You should be aware that when you use a standard user account and have UAC set to any level except "Always Notify" and something attempts to install or change settings without you initiating it, Windows is designed to silently reject the changes. This behaviour is very good in a corporate environment when windows is locked down to stop any attempt at installing programs or changing settings, but causes so many problems in a typical home environment.

The advice below has been copied from http://support.microsoft.com/kb/975787

Adjusting UAC settings in Windows 7

To adjust the UAC settings in Windows 7:

1. Open User Account Control Settings, type UAC in the Start Search box, and then click Change User Account Control settings in the Control Panel window.

 
 

Open UAC

2. Move the slider to a desired notification setting, and then click OK.

 
 

UAC levels

There are four UAC settings that you can choose from:

  1. Always notify

    Select this setting if you:

    • Always want to be notified when programs try to install software or make changes to your computer
    • Make changes to Windows settings.
  2. Notify me only when programs try to make changes to my computer

    Select this setting if you:

    • Want to be notified only when programs try to make changes to your computer.
    • Don't want to be notified when you make changes to Windows settings.
  3. Notify me only when programs try to make changes to my computer (do not dim my desktop)

    Select this setting if you:

    • Want to be notified only when programs try to make changes to your computer without the desktop being dimmed.
    • Don't want to be notified when you make changes to Windows settings.
  4. Never notify (Disable UAC)

    Select this setting if you:

    • Never want to be notified when programs try to install software or make changes to your computer.
    • Never want to be notified when you make changes to Windows settings.

 

Share

Shutting down phishing sites

By derek | Filed in Uncategorized



I wish all hosting companies were as efficient & effective as Hostgator.com
This morning I reported a phishing site on one of their shared servers.
I reported it at 07.46 am UK time
They replied at 08.05 that they were investigating
At 0807 I saw the phishing pages on the site had been removed and the legitimate content on the site was still working

It is so refreshing to report a breach of TOS & it get immediately dealt with, with none of the usual crap you get from several well known hosting companies who try to pass the buck to the client

Every malware spreader or hacked site or phishing site I have ever reported to Hostgator has always been dealt with quickly & efficiently. I think the longest that I have ever seen a dodgy site active after reporting it, was 1 hour
10-15 minutes is a brilliant response time, especially bearing in mind that it is the middle of the night in Texas USA where they are based
That is one of the reasons why I use them for my hosting and always recommend them to others. Good customer service and a willingness to help

Share

The dangers of Freenet

By derek | Filed in Privacy, Uncategorized, Warnings and Alerts

I have had this bought to my attention & I feel it should be widely spread because I am very concerned that users might not understand what they are getting themselves into. Too many people think they can use Freenet in place of other P2P programs to share copyright files, music, movies etc and by using the anonymous behaviour of freenet they won’t or can’t be caught and punished for it.

Read the remainder of this entry »

Share

List of public DNS services

By derek | Filed in browser, Malware, Phishing, Privacy, Uncategorized

Until fairly recently, nobody bothered with changing their DNS server. Everybody used the ones provided by their ISP. Today, there are several providers worldwide that provide free public DNS service with additional features like  blocking known malware sites,  blocking known phishing sites, parental controls and some even say that their services are quicker and more  reliable.

Here are a  few of the  better known and more reliable ones . It's up to you to choose the one that has the  features or protection that you want.

You will  find instructions on  how to change DNS addresses on their webpages.

OpenDNS
208.67.222.222
208.67.220.220

Google Public DNS
8.8.8.8
8.8.4.4

Norton DNS (Symantec Corporation)
198.153.192.1
198.153.194.1

ScrubIT (ScrubDNS Inc.)
67.138.54.100
207.225.209.66

DNS Advantage (Neustar Inc)
156.154.70.1
156.154.71.1

Comodo Secure DNS (Comodo Security Solutions Inc.)
156.154.70.22
156.154.71.22

Share
Tags: , , , ,

Fake HMRC emails. Web page contains a zbot trojan

By derek | Filed in Uncategorized

Currently spreading in UK are emails pretending to come from HMRC ( Inland Revenue/Tax Office) warning of a fraud on your account with underpayment of tax

If you follow the link you will arrive on a page looking reasonably like the genuine HMRC page
hmrc1

If you are unwary enough to click on the link telling you to download the statement, you will get a z-bot trojan

Every click on the link gives a different version of the trojan, which makes it hard for Antiviruses to have detections for all of them

Share