If you are ecrypting files on your Windows NTFS partition using the built-in encrypted file system (EFS), your files are NOT secure.

If you are on a network domain at work, do you know that by default your system administrator can decrypt your EFS encryped files?  The administrator has a shared key.  In fact, your administrator can even disable the feature, not allowing you to encrypt files at all.

EFS is only as secure as your login password.  If someone finds out what your login password is, they can login as you and access your encrypted files.

If you leave your computer turned on and logged in, there is software that can steal your session key and decrypt your files.

Basically, EFS is very breakable.  Do not rely on EFS for security.

Instead, you should use a robust On The Fly Encryption (OTFE) system that includes session timeouts.

On The Fly Encryption works similar to EFS, except that you can mount OTFE file systems as partitions (the partitions appear as drive letters on your system).  When you want to access files stored on the OTFE mount, you simply start a session by entering your secure password.

The files are decrypted and encrypted in real time.  State of the art OTFE systems will automatically expire your session after a specified time period.  The OTFE partition is stored as a single file on your hard drive and lacks any file signatures, so nothing can be guessed about the encrypted partition.

TrueCrypt is the leading open source OTFE system.  TrueCrypt allows you to set automatic session timeouts–the shorter the better, and TrueCrypt uses AES and other very strong ciphers for encryption.

TrueCrypt also blocks write access to unencrypted file systems while your session is open to avoid you accidentally writing your secure data to the unencrypted system.  TrueCrypt even includes a feature to disable Windows paging, preventing Windows from using the hard disk as virtual memory, which could lead to unencrypted data being stored in the system cache.

TrueCrypt is cross platform and available on Linux and Windows, with precompiled binaries available for Windows.

If you wish to keep your data away from pyring eyes, use OTFE for secure storage of files.

Recently, we hit the file quota limit on our Brawny Lads site.  There are two quotas in place for our web hosting account:

• Disk usage
• Number of files

Our quota limits us to 100,000 files, which seems like it should be enough.  However, we hit the limit, which prevented me from receiving emails or even checking my mail via the web mail system.

I searched for new files and found that there were many new files in our old forum’s folder.  We used to run Ikonboard for our forum, but we retired that forum when we moved to phpBB.  Ikonboard doesn’t use a database, so each new post creates one or more new files.

When our webmaster made the switch, he changed all of the links on our site from the Ikonboard forum to the new forum.  Basically, he hid the old forum by removing all links to it.

So, how were we still receiving new posts, all of which were spam? 

Ikonboard was installed in the default Ikonboard folder, which is /cgi-bin/ikonboard.  Apparently, some spam bots were accessing that folder directly rather than spidering through our website to find the forum, or they found the old forum by following an outdated link from another website.

Dangers of simply removing links

So, when you retire old software or web pages from your website, it’s not enough to simply remove the links for the following reasons.

• You may miss a link
• Other websites may be linked to it
• Once a spider visits and archives your site, that link may always be remembered
• Default locations are well known

Proper removal of web pages or software

When it’s time to retire an old web page or software, it’s best to do one or more of the following:

• Delete it completely
• Rename the folder or file to a new, unguessable, name
• Change the permissions so it can’t be viewed or run

Software that you leave laying around, thinking that you’ve properly retired it, may be a serious vulnerability, especially if you no longer keep it updated.

First, let me say that I don’t encounter too many destructive viruses any more.  Not since infecting computers became profitable have I personally seen any viruses that simply delete your hard drive or corrupt your master boot record or anything like that.

I planned to run the questionable application on my laptop.  I hadn’t yet installed any antivirus software on my laptop, so I installed McAfee’s antivirus and firewall.  After the shields were up, I scanned the EXE.  Nothing was detected by McAfee, so I ran it.  The program seemed to do nothing.  Yet, even more suspcious than the program not doing what was expected–the program actually deleted itself.

Just because your antivirus doesn’t detect a problem doesn’t mean there isn’t a problem.

It turned out to be a Trojan backdoor program, which also installed some Internet Explorer ActiveX add-ons.  Interestingly, when I disabled one of the add-ons through IE, it re-enabled itself before I shut down IE.  Make sure you manage IE’s add-ons through Internet Options in control panel rather than through the Tools menu in IE.

Also, I couldn’t delete the DLLs that were part of the malware because they were loaded by winlogon.exe.  I tried killing the threads and handles using Windows SysInternals Process Explorer.  That didn’t seem to let me delete the DLLs, even though they were killed.

I’ve had good experiences with Avast Antivirus in the past, so I installed that.  To anounce a virus, Avast uses an audio alert, like the ship’s computer on Star Trek, which appeals to me.  Avast also has a simple user interface and a no-hassle install and no-hassle updates.

Avast has a pre-boot scan which can delete viruses before they’re loaded by Windows.  Unfortunately, Avast didn’t even detect the malware DLLs, however it did detect the original EXE, which I tested by re-downloading it.

So, I did some research.  I found an article that actually compared the effectiveness of antivirus programs.  The program that was rated #1 for accuracy was a program called Avira.

Avira has a painless install, an easy user interface, and it detected not only the original EXE, but also each individual malware program that was delivered as payload by the EXE.

When Avira detected the DLLs, it asked what I wanted to do.  I said, “Move to quarantine”, but the files remained, which made sense because they were in use.   But after a reboot, the malware was effectively moved to the quarantine.

My favorite part about Avira’s user interface is that an open umbrella icon in your system tray means you’re protected, and a closed umbrella means you’re not–simple.

So, now I have three anti-viruses installed on my laptop, but they seem to get along.  Avira is free for personal use, like Avast.  However, Avira does nag you to upgrade with a pop-up, which may seem almost as bad as those Internet Explorer add-ons.

Antiviruses should be more clear by always giving an answer.  They should report one of the following: “infected”, “possibly infected (heuristics)”, and “unknown”.

Unfortunately, there is no way for an antivirus to report a program as “safe” unless the program has been digitally signed by a trusted author.  A digital signature identifies where a program came from, and it’s up to you to trust or not trust the program based on that.  It would be nice if an antivirus actually reported “safe”, not just “nothing detected”.