Urgent use of a corrupted computer, safely!

Computer problems are often due to corrupted system data. Corruption can be caused by virus, update/install failure, sabotage by hacker, etc.

What can you do if your computer is having problem but you need to go online safely?
Well, what about putting in a CD, bootup and done; you are ready to go!

Yes, it is that simple. Even a hardisk failure cannot stop you.
Just as long as it is not RAM or motherboard failure. Such failures are rare anyway.

---

What do you need?
A software package from Porteus (http://www.porteus.org/)

Software:	Porteus
Type:	Portable Linux (standalone complete system)
Edition:	XFCE edition is recommended (~200 MB)

How to use?

1. create boot CD
2. bootup from the CD

Try it out now and keep the CD for emergency use.

---

What is Porteus?
Proteus is a complete Linux operating system that requires no installation to use. It can run from any bootable storage media such as CD and USB flash drive (aka thumbdrive). Porteus is pre-configured with various ready-to-use applications.

Linux?
Don't let Linux scares you. Many distributions are intuitive and easy enough for normal use. Anyway, Android is also a Linux system.

How to switch back to Windows?
Remove the CD and reboot.

My Windows is a complete wreck. Can Porteus be used?
Yes. Porteus is a complete system by itself. Windows is never loaded when using Porteus.

What will happen to my Windows system?
Nothing. It stays intact as it is, corrupted or not.

Can I run my Windows system inside Porteus?
No. Your Windows system and its applications cannot be loaded and cannot be used in Porteus.

My Windows system is hacked and planted with spyware. Is it safe to run Porteus?
Yes. Porteus is completely safe from the mess in your Windows system.
Although unlikely, but there is a possibility that files can be infected with virus that target Linux system. However, as long as you never manually open those files, they can do no harm.

Can I access files saved in my Windows system?
Yes, if you know where to find them.
Be very careful when accessing the Windows drive. Your entire Windows system is just a bunch of files and folders. Damaging them might cause permanent damage to your Windows system.

Important Reminder

Documents that you create in Porteus must be manually saved into external storage (e.g. USB flash, hardisk) before shutting down Porteus. Every time you bootup Porteus, it will be exactly as the same state as the first time bootup. By default, nothing is preserved.

---

Create boot CD

1. download ISO file.
2. burn it into a CD

Alternatively, USB flash can be used instead of CD.  USB flash loads much faster and it is highly recommended if you use it frequently. You need to create a bootable USB flash for this. We are not going to cover this topic here but the guide is available online.

Bootup from the CD

1. insert the CD
2. reboot
3. (if system does not load automatically) use the Boot Menu to select the CD drive. Boot menu can be activated by pressing a function key (either "F12", "F11", "F8" or "Esc") at the initial stage of your computer power up
4. (optional) edit the BIOS to try booting first from CD drive
   

Porteus bootup screen is as shown below;
It is recommended to use the "Copy To RAM" option for better performance.

	Porteus - Bootup

Upon successful loading, the system will be as shown below;

	Porteus - XFCE Edition

Configure wireless network (Wi-Fi)
If you are using wireless connection, it can be configured as shown below;

	Wi-Fi Configuration

Upon successful connecting, you are ready to roll!

---

You may want to use the optional features below.

Authentication is required for administrative access: User: root Password: toor

   
(Optional) Enable Firewall
You can enable the firewall with pre-configured protection level as shown below;

	Firewall

Hide online identity & Access blocked sites

There are various methods and tools available for one to protect privacy when online. Over the years, one solution that matured well and stood out is Tor. Not only it works quite well, it's free!

What is Tor?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy...
(excerpt from Tor's site)

What is the scope?

The method we discussed here enables you to hide your identity so that you can surf anonymously. It also allows you to access sites blocked by rogue regime from wherever you are surfing from.

Any precaution?

Remember not to use online accounts that can personally identify you while you are trying to surf anonymously (e.g. Facebook and Twitter).

What do we need?

A software package from Tor (https://www.torproject.org).

Package	TorBrowser (a.k.a. TorBrowser Bundle)
OS	Windows / Mac / Linux
Setup	No installation required

How to use?

1. Download the required software package
2. Extract the package into a folder
3. Run a program in the extracted package
   

If this doesn't work, any other alternative?

Search for "free proxy" using search engines like Yahoo and Google. Many sites provide limited free use.

General security rule: Do not use unknown or public network connection for financial/banking transaction, Tor included.

QUICK GUIDE

The following is a short guide on using the package in Windows. Other systems are very similar though.

Step 1

Download the "Tor Browser Bundle" package

Run the EXE file shown above to extract the package into a folder of your choice.

Step 2

The extracted package is as shown below.
It's highly recommended that you close any opened browsers now before proceeding. When ready, run the "Start Tor Browser" file.

Step 3

The "Vidalia Control Panel" as shown below appears.

Connecting to the Tor Network starts automatically right away. The connection state is shown in the status field.

Step 4

On successful connection, the bundled Firefox browser appears automatically. This may take a short while.

When appears, IP address shown in the browser is used by this browser only.


Do not start other browsers in your computer such as Internet Explorer, Chrome or Opera. They will still use your real IP address and not the one provided by the Tor network. Although other browsers can be manually configured to use this IP address, it's not recommended for inexperienced users.

You are now safe to surf using the bundled browser!

When done, just click the "Exit" button in the Vidalia Control Panel to quit.

Facial recognition by cavemen

In computer technology, facial recognition is about using computer application to identify or verify a person. This is done by comparing facial image with the faceprint of the individual in question.

It's like comparing a photo to a reference photo. Instead of making intelligent judgement like human, computer uses measurements. It measures the distance between eyes, the size of nose, the shape of cheekbone and etc. The problem with such measurements can come from various factors such as the angle of facial image, the quality of photo, facial expression, lighting and others.

Facial recognition works to a certain degree of accuracy only in controlled circumstances. That means if good quality facial image can be captured without too much variations in parameters like illumination and facial expression.

The fantastic tales from TV shows about automated recognition system picking up individual in random crowd does not translate as well in the real world. Even with today's high resolution cameras, such system are nowhere near that. Several deployments carried out in the US had ended in complete failure. As for now, their portrayed power is only as real as the Superman.


Facial recognition in action

To get a real feel of facial recognition in action; Facebook, Google Picasa, Apple iPhoto and Windows Live Photo Gallery have such capability. Try them out using your own photos with different facial expressions, hairstyles and lighting conditions.

It won't take you long to realize their reliability, rather unreliability. High resolution photos help but they won't solve all the problems.


Facial recognition circus

The recent circus hoo-ha in Malaysia;

Defence Lawyer: US Experts 99.99% Sure It's Anwar

Here is a clip of the sex video

It's baffling that experts can make 99.99% certainty claim in facial recognition using such a poor-quality black and white video. This is more than exaggeration. The named, so-called experts have very serious technical explanation to do if their reputation is worth some salt.


This farce is like cavemen talking about the mystical washing machine.

.

Regain control of returned computer

When something looks stupid, it could be just plain stupidity or there might be hidden agenda. For example, if some mad people take away your modem and monitor along with your CPU on the pretext of police investigation, it is not likely they use them as dumbbells.

When the equipments are eventually returned, do not connect them to the existing network right away. They should be treated with suspicion until properly checked and dealt with.

You can use the followings as general guidelines.


For monitor, do the followings;

1. check for sign of casing being opened
2. visually inspect it for suspicious looking object such as listening device

For modem, do the followings;

1. update its firmware

NOTE:
- to update firmware, follow the instruction provided by the manufacturer


For router, do the followings (router could be built into the modem box);

1. update its firmware (for standalone router)
2. revert its settings to the manufacturer defaults
3. implement security for Wi-Fi access
   
4. use different password for Wi-Fi access (password different from the previous setting)

NOTE:
- sometimes router and modem are built as a single-box device. Basically, if your 'modem' can connect to multiple computers or have Wi-Fi feature, it's a modem+router box


For CPU/laptop, it's highly recommended that you reinstall the system;

1. visually inspect the hardware for suspicious looking device
2. update the motherboard's firmware
3. reinstall the operating system

However, if you are unable to reinstall your CPU/laptop, at least do the followings;

1. visually inspect the hardware for suspicious looking device
2. scan for planted spyware using proven software
3. check the firewall settings for suspicious setting (complete reset is recommended)
4. update the motherboard's firmware

NOTE:

• Only download firmware from the device manufacturer's site or reliable sources
  
• Firmware is a small program residing in the ROM (read-only memory) of electronic devices. It's used to control the internal working of the device.
• Firmware update is also known as "flashing the ROM"

IMPORTANT:
Make sure you use the correct firmware for each device. Firmware is specific to each make and model of the device. Different versions of the same model could also be using different firmwares.

Internet censorship is good

"Gov't mulls China-style Net censorship"
http://www.malaysiakini.com/news/110048

When you learn how to sidestep Internet censorship, you will appreciate the government's effort to make you more Internet savvy. Necessary information will be available in due time.

Not a bad effort for government with a dinosaur mentality!

Malaysia Today's blocking is a waste of time

Malaysia Today blocked! Order from MCMC
http://www1.malaysiakini.com/news/88683

It's a waste of time!

For blocking done at DNS-level, the previous post already render it useless. If that does not circumvent the blocking, there are other ways.

Why waste time blocking?

Overcoming Poor DNS Service

Poor DNS (Domain Name Server) service is often not known nor identifiable by ordinary internet users. However, it does cause frustrating browsing experience.

Syndromes of poor DNS service are slow websites access and unreachable websites. Note that these syndromes are not exclusive to poor DNS service. Other factors could cause or aggravate the problem.

The solution to poor DNS service is to use better alternative servers. This can be done by tweaking your computer's DNS setting so that it points to alternative servers. Note that the default servers used are assigned by your ISP (Internet Service Provider).

Is it difficult to change?
No, it is very easy. Only take a couple of minutes.

Do I need to change the setting everytime I use the computer?
No. You set it only once.

Can I revert the changes?
Yes, anytime when you no longer need the service.


Where to find alternative servers?
http://www.opendns.com/ (It is a FREE service)
The servers are;
208.67.222.222
208.67.220.220

(Opendns service is no longer recommended. Use Google's DNS service instead)


Where to find alternative servers?
Google Public DNS (It is a FREE service)
The servers are:
8.8.8.8
8.8.4.4


Any guide?
1. Go to https://developers.google.com/speed/public-dns/
2. Follow the instructions

Voila! Your DNS service is no longer controlled by your ISP.

Wipe Disk & Shred File

In an earlier posting, Delete Does Not Delete, we've discussed about why deleted files are still possibly recoverable and how to remove their traces permanently by cleaning the disk's free-space. Of the many terms used to describe the 'cleansing', I think "disk wiping" best fit the description.

For those who have used the disk wiping before knew that the process is very lengthy and can take hours to complete. This might not be very practical at times.

Is there other way to destroy file permanently?

Yes, we can 'shred' the file instead. This is analogous to shredding of paper document. Again, there are other terms used to describe this process. Commercial softwares are easily available as well.

If you are using the software introduced earlier (named; Eraser), shredding functionality is readily accessible. There are functions to shred files or shred everything in the Recycle Bin with just few mouse-clicks.

To shred files (using Eraser);
Right-mouse click on the files to be destroyed

- Select Erase to permanently destroy selected files

To destroy the Recycle Bin's content (using Eraser);
Right-mouse click on the Recycle Bin

- Select Erase Recycle Bin to permanently destroy everything in the recycle bin


NOTE:
Some document editing software (e.g. Microsoft Word) might periodically creates copies of the document being edited for error recovery purposes. There is no guarantee that the copies will be safely discarded. Therefore, file shredding may not be sufficient to replace disk wiping.

.

Addendum: Windows XP's Login Security

There is an update in an earlier posting titled, Windows XP's Login Security
Look out for the red coloured text.

.

Confidential Files: Handle With Care

Lets start by looking at the commonly used methods to protect confidential files and their associated issues.

Most people save confidential files in an external media (e.g. CD) and then hide the media in a 'safe' place. If the files are not properly encrypted, this method is akin to hiding money in a container and then bury the container in the backyard. Another security risk is that the traces of the original files in the local computer must be manually removed.

Some use document's editing softwares to save the files with password protection. In such cases, the reliability of the security mechanisms need to be ensured. Dealing with large number of such files can be very unproductive.

Internet savvy users also upload their files to external servers for safekeeping. This method is very useful for off-site backup but it has other weak security links. Weakly encrypted files can be intercepted by hackers during the transfers. Furthermore, the reliability of the servers are not often known. To edit the files is cumbersome as the files need to be downloaded and local files need to be properly disposed off after using.

However, the most tricky issue to overcome is still a non-technological one. In the event of strongly encrypted files fallen into the wrong hand and the user is threatened to reveal the password, what then?

Are there easy-to-use and secure solutions available that address the above issues?
Yes, there are!

One highly recommended such solution is TrueCrypt which is an open source solution. That means, it's free!

To find out more, continue here.

.

TrueCrypt - Disk encryption software

TrueCrypt is an open source, disk encryption software. It works transparently without extra hindrance to the user once the security authentication is validated.

The cryptographic algorithms used are of very high standards. For example, the Advanced Encryption Standard (AES) is adopted by the U.S. government for use in all government departments/agencies to cryptographically protect sensitive information.

TrueCrypt is available at;

TrueCrypt (Please check its license)
http://www.truecrypt.org/

I am not going to create a step-by-step guide here. You can have such guide after installing the software (go to "Help - User's Guide" menu).


Demystifying Complexities

In the simplest form, there are only 2 major steps required for you to get started;

1. Create the 'protection unit' (known as volume)
2. Use the volume to save confidential files

Simple isn't it?

Here are some explanations to help your understanding;

- Volume is just disk file that is used by the TrueCrypt. Go ahead and create as many of them as you like. You can always delete them if thing got messed up.

- When creating the volume, you have the option to create a hidden volume inside the volume itself. You can imagine the hidden volume as sub-section of the volume that requires different password to access.

- To use the volume created, you need to mount the volume's file. Refer to user's guide for details

Mounted volume


- Upon mounting, the volume can be accessed as a virtual disk DRIVE


Mounting Explained

Mounting Standard Volume

- To mount the standard volume, enter the standard volume's password
- Volume's contents cannot be technically identified without successful login
- If the volume to be mounted contains hidden volume, activate the Hidden Volume Protection feature during login. Failing to do so may risk in damaging the hidden volume when the volume is used

Mounting Hidden Volume

- To mount the hidden volume, enter the hidden volume's password
- Volume's contents cannot be technically identified without successful login
- Each volume can optionally has one Hidden Volume. The hidden volume cannot be identified nor proven exists technically without successful login.


Facts you must know

Strong password is at times cumbersome to use. Why must one use strong password?
The only thing that keeps confidential files away from thieves is the password. Weak password can easily be hacked. On the other hand, using strong password can easily be practised and becomes a habit. More on strong password here.

What can be done if I forgot the volume password(s)?
Well, the only thing you can do is to bid your files goodbye. You can try to hack the security using brute force hacking. But, based on current technological capability, it can take thousands or millions of years depending on the strength of the password used.

.

Delete Does Not Delete

When a computer file is deleted (and the Recycle Bin cleared), many think that the file is gone for good. In actual fact, it is only gone as far as our naked eyes can see. The deleted file is still possibly reconstruct-able using commercially available softwares!

No, the computer is not playing tricks. This behaviour is by design and not exclusive to computer system. It is common for almost all electronic storage media such as; PDA, mobile phones, digital camera, and etc.

In non-technical terms, this is what actually happens;
When a file is deleted, the system merely releases the 'lock' on the file's storage spaces without destroying their contents. These released spaces go into the free-space pool and stay as they are until they are used again. As long as these spaces remain unused, their contents can be captured and the original file can be reconstructed.

In the nutshell, there is a possibility to retrieve any deleted files. This possibility decreases over time and the rate is beyond user's control.

How to ensure all the deleted files are gone for good?

There are many softwares available that can get the job done. These softwares are called various names such as, disk wiping, disk deletion, traces removal, and etc. Nevertheless, all of them use the same method which is by populating the unused space (free-space) with randomly generated data.

One such software, FREE for home use;

Eraser (Pls check its license)
http://sourceforge.net/projects/eraser/

If the software you use works, the deleted files are no longer recoverable using any commercially available softwares.

.

Strong Password

Creating password sounds easy. But have you ever think for a moment if the password that you created is good enough?

There are many comprehensive guidelines available on this topic. I am not going to go into details any of those. Bore you to tears does not give me any pleasure at all.

Golden rule to stay ahead in password security is to ask, what 'ammunition' does the potential thief might have against you.

ATM card's pin
In the case of ATM card, snatch thief might find IC, driving license, letters, and receipts in the snatched bag. Therefore, IC's number, date of birth, vehicle registration number, and home address are some very bad choices for bank ATM card's pin.

Computer related password
For computer related password, the most common attacks are guesswork and brute-force.
- Guesswork might be lethal if the profiles or preferences of the password's owner are known to the attacker
- Brute-force attack is done by trying a large number of possibilities, until one hit the jackpot. Say, for a 4-digits number password; ranging from 0 to 9999, there are only 10,000 possibilities. Computer needs only few milliseconds to generate all the combinations!

Strong password
A good password is one that is difficult to guess, and in the case of computer, with too many possibilities to generate within practical time limit. Such password is known as strong password.

Guidelines to create strong password
- Minimum 8 characters length
- Mix of uppercase and lowercase letters, numbers, and symbols
- Use non-dictionary words

e.g. Deriving from a simple phrase, you can have a strong password
Phrase: why do you like chocolate so much?
Password: y2UlkCoco$m?

Before you start celebrating your brilliant creativity in creating a strong password, make sure you can remember it and keep it safe!

If you need to test your boredom immunity further, continue with these;
http://www.microsoft.com/protect/yourself/password/create.mspx
http://en.wikipedia.org/wiki/Password_strength

.

Windows XP's Login Security

Do you need to login into your computer before you start using it?
If you don't, this article is for you.

Login functionality is not compulsory for Windows XP if the machine is not connected to a domain server. However, it can still be used to add a level of security to the machine.

Reminder:
This login feature is not hack-proof. Do not assume this feature alone is enough to keep your files safe if the machine falls into the wrong hand.

If login is activated, a screen similar to the one here will be appear when the machine starts.

All user accounts will be listed on the screen


Activate Login

To activate the login feature, follow the steps below;

Start - Control Panel - User Accounts

OR

Display can be toggled between Category View and Classic View.

To enable or disable login;

Start - Control Panel - User Accounts

- Do not disable Guest Account as this causes local resources inaccessible from other computers.
- Disable Guest Account if your computer does not use a local network. Otherwise, problems might occur in the sharing. Check out more at http://support.microsoft.com/kb/300489
- NOTE: If the Guest Account is not disabled, anyone can login the computer using the account.
- Open the Administrator Account

Administrator Account

- Use "Create a password" to activate
- ("Remove my password" is displayed instead if login is already activated).
- Follow the instructions to complete the process.
- Restart your computer and login using the password you just set.


IMPORTANT

If somehow you managed to forget your password, you will not be able to login into your computer anymore. If this happened, you can either;

1. Re-install your machine and lost all your files
2. Find someone to hack the login module
   

If you are confident that eventually you will forget the password, you should prepare a password reset disk before that day arrives. Guide is available at the link below

How to create and use a password reset disk for a computer that is not a domain member in Windows XP
http://support.microsoft.com/kb/305478/

.

Browsing Privacy

As you surf through the Internet, copies of web pages, browsing history, cookies, and other data accumulate in your computer, with most of them in the browser's cache. These data are automatically managed and their existence is hardly your concern if not for the security issues they pose.

As far as these data are concern, there is only one protection method available, that is to delete them. The deleted data will be automatically reconstructed again later on, as needed.

Guides to manually delete cache data;
- Mozilla Firefox 2
- Internet Explorer 7

It is advisable to delete the cache's data after performing sensitive transaction such as; online banking and credit card related transaction.

Cleaning Tool (CCleaner)

For Windows user, a FREE cleaning software is highly recommended. Besides deleting browser cache's data, it also removes temporary data generated by some other softwares.

CCleaner (Pls check their license) http://www.ccleaner.com/

NOTE:
Software Uninstalling and Startup Programs Management functionalities are also included in the CCleaner. Please check the help files for details.

.

Clear Browser's Cache (Mozilla Firefox 2)

To clear the browser's cache;

Tools - Clear Private Data

Options to delete individual group or all data

.

Clear Browser's Cache (Internet Explorer 7)

To clear the browser's cache;

Tools - Delete Browsing History

Options to delete individual group or all data.

.

'Homeland' Security - Protect When Connect

If our home is broken into, we usually know what was stolen. If our computer is 'broken' into, do we know what was stolen? Usually we don't. Is ignorance a bliss?

The only computer that needs no protection is the one unplugged and locked away in a safe.

The scope we are covering here is fairly limited. It is about protection of HOME computer when it connects to an unprotected network or the internet.

How to protect then?

Not armed-guards required but solutions of the following categories;

- Antivirus - Anti-spyware - Firewall (software-based firewall is sufficient)

A very brief explanation on their functions;
- Antivirus searches the storage media (e.g. hard disk) and removes any potential threats
- Anti-spyware protects against malicious softwares
- Firewall serves as protective boundary that monitors and restricts information travels in and out of the computer


Solution
Such solutions are aplenty. There are also commercially available suite-solution that bundles all the 3 categories into a single-unit product. Finding good ones is not as easy though. That is not the topic.

Below are examples of some FREE softwares available. You can compare them against other softwares before deciding on what to use. Many commercial softwares offer free-trial usage. Paid softwares do have very valid reasons for their existence.

Just bear in mind that not all softwares are created equal. Some worked, some don't. Some sucks, some thrilling.

Antivirus

AVG Anti-Virus Free Edition (Pls check their license) http://free.grisoft.com/

Anti-spyware

Spybot - Search & Destroy 1.4 (Pls check their license) http://www.safer-networking.org/en/index.html

Firewall
If you are using Windows XP system, you have the choice to use Windows Firewall. However, you need to first update your system with Windows XP Service Pack 2 (SP2).

1. Where to get Windows XP Service Pack 2 (SP2) 2. How to use Windows Firewall

Alternatively, you can use;

ZoneAlarm Firewall Free Version (Pls check their license) http://www.zonealarm.com/

After installation, it is advisable to scan your computer for virus and spyware.

It pays to spend some time understanding the firewall solution you are using. If used correctly, it can help to identify malicious softwares that eluded the detection by other security softwares.

.

Windows Firewall

For Windows XP, Windows Firewall comes in Windows XP Service Pack 2 (SP2) package.

To enable/disable Windows Firewall;

Start - Control Panel - Windows Firewall

(NOTE: If the Windows Firewall icon is not found here, most probably your system is yet updated with SP2)

Windows Firewall - General

Turn on the firewall

Windows Firewall - Exceptions

(Optional for more control) Configure individual program's setting here.

.

Windows XP Service Pack 2 (SP2)

To check if your computer has been updated with SP2;

Start - Control Panel - System

"Service Pack 2" message indicates that the system has been updated with SP2


Where to get SP2

Reminder: This is a major update. It is advisable to backup your important files before proceeding.

Installer can be downloaded from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Alternatively, you can use the Windows XP's Automatic Updates feature to update;

Start - Control Panel - Automatic Updates


Note:
If you use the installer to update, you may want to keep the installer for future use.

.

Computer & Internet Security

We will be discussing some computer & internet related security issues here in few days time. Do drop by if you are interested.

Geeks are welcome to share their knowledge as we move along.

The main priority is to equip everyone with sufficient knowledge in pertaining to computer/internet security. I will post guidelines in series of small postings according to their relevance with immediate adoption by readers in mind. Some tools and utility softwares that I find useful will be introduced.

Major areas to be covered are as followings (not in any particular order).

Computer security
Topics from securing computer to maintaining security will be discussed.

Files security
Files are foremost important when working with computers. Protecting confidential files will be one of the key highlights.

Privacy
Removing traces of unwanted information permanently

.

Whispering shout!

Can’t whisper and shout at the same time?
Try whispering shout!