This free malware detection browser addon similar to McAfee SiteAdvisor is a community based website reputation rating system for Firefox, Safari, Opera, Chrome and Internet Explorer with more than 5 millions of users, WoT uses the collective data to detect websites that contain malware. An icon using green, yellow and red colours in the browser indicates the overall website approval rating, you can customize it to reflect the way you surf the Internet, if you don’t care about adult content related sites for example, you can disable child safety warnings.
To establish if a site is safe, besides the online community ratings, WoT has access to a list of databases containing phishing and malware websites, to stop spammers using the system to mislead users WoT uses a complex algorithm tracking each user’s rating behaviour allocating trust to the individual user rating a site, thus eliminating manipulation.
Web of Trust (WoT) ratings
Trustworthiness: It marks with a red light all sites containing spyware and Internet scams.
Vendor reliability: Returning products problems, shipping delays and customer service are rated here.
Privacy: Websites that can not be trusted not to send spam to your email address will be given a very low privacy rating.
Child Safety: Adult materials like violence related content is highlighted within this setting.
When you search the Internet with the security WoT browser addon installed Google, Bing, Yahoo (over 20 search engines), Wikipedia, Windows Live Hotmail, Gmail and other sites will show a WoT rating next to each external link allowing you to decide if a site is safe to go to before clicking on it, there is no need to register in order to use WoT but registration allows users to make comments on websites, that is where it gets tricky because like all user generated content, the comments do not necessarily reflect reality, the more people contribute reviewing a site the more trustworthy it will be, in many cases you will be left wondering about the accuracy of the comments.
Web of trust (WoT) security addon
The Web of Trust (WoT) plugin makes for a good complementary tool for your online security needs but it should not be the only application you rely on, colour blind people can benefit from this Internet security addon too by changing the settings to a mode that does not rely on a colour code warning system.
Minitool Power Data Recovery is an easy to use data recovery tool, you don’t need to have any technical background to use it, a clear interface helps you choose the best data recovery method for your situation, besides recovering erased files which many other tools can do, this software can recover data from damaged and formatted hard drives, scratched CD/DVDs (ISO9600, Joliet, UDF format) and memory cards (SD, USB, MMC, iPod,etc).
After installing Minitool Power Data Recovery you are shown five different data recovery modules with different scanning depths:
Undelete Recovery (erased files and folders)
Damaged Partition Recovery (damaged and formatted partitions)
Lost Partition Recovery (lost or erased HDD partition)
Digital Media Recovery (flash drive, memory card, memory stick, iPod)
CD/DVD Recovery (CD and DVD)
Power Data Recovery file recovery
A preview window will show what files can be recovered once the program has finished scanning the media, the data recovery process can be paused and resumed, there are search and filtering capabilities to exclude results with memory cards being automatically detected. An annoying nagging screen asks you to upgrade to a business license everytime you start the software, the home edition is free for non-commercial use, unless you want to recover data off a RAID configured hard disk, which is not supported by the free version, there is little reason for you to upgrade.
How does data recovery work?
Data is stored inside sectors in a computer hard drive, HDD plates are made of a combination of metal, glass and ceramics with magnetizing coating, when you instruct your operating system to delete a file that sector will be marked as empty and will no longer be visible to the user, the sector will now be available to store data on it once again, until something is written on the sector the old data will still be recoverable as it has never actually been deleted only marked as available free space and made invisible to the user, data recovery software can unmark those available sectors making visible the data they contain to the user.
For damaged hard drives a commonly used data recovery methods is consistency checking, data recovery software checks the main directory of a hard drive and compares with its internal logical structure making sure it coincides, if it detects inconsistencies it lists them and they can be amended.
Data carving is another data recovery method, data carving checks for files that have no file system allocation information, i.e. corrupted or deleted files, after the user manually adjusts the block size (carve), the file can be recovered, this method is heavily used in computer forensics, it relies in a lot of trial an error work and it needs good technical knowledge.
Hard drive clicking noise explained “Click of Death”
If your hard drive does not start and you hear it clicking as it spins this probably means the drive has defective read and write heads. When a hard drive is first powered up it always checks that it has enough speed before placing the read/write heads over the magnetic drive plates, if the necessary speed isn’t reached the hard drive will restart the whole process again causing the clicking noise.
If you hear your damaged hard drive clicking and you run recovery software you will strain the drive heads with read/write (I/O) errors being written on the disk making data recovery more difficult for an expert were you to turn over that HDD to a technician later on.
Note: Do not attempt to recover data off a damaged hard drive by placing it inside the freezer (Internet myth), although it could be helpful solving internal HDD metal contraction problems, it will create condensation on the hard drive plates making data recovery troublesome.
Even if you are very careful with your computer security other sites are not and your email address can be hacked through no fault of your own if a third party where you were using the same password for multiple accounts is compromised, the first thing malicious hackers do when they get hold of someone’s username and login details is to try the same combination of username and password at Facebook, Twitter and online banking accounts. While readers of this blog will be intelligent enough to use a password manager and create unique passwords for every single site they register with, most Internet surfers still don’t do it.
ShouldIChangeMyPassword
ShouldIChangeMyPassword is a website that checks your email address against a large database of stolen online accounts released on the Internet by criminals, if it finds your email address in the database you get a warning, it is not a perfect system because the website is only as good as their database of compromised accounts is and some malicious hackers never release to the Internet stolen data, they rather steal money off them first.
Last year I had myself my email address and password leaked on the Internet when the Gawker website database was stolen with my email inside, ShouldIChangeMyPassword has successfully detected it providing me with the date on which the details were leaked onto the Internet. Whenever a new database of leaked passwords is made public the site is updated, as of right it can be checked against the hacked databases belonging to Mt. Gox, Pron, Infragard Atlanta, Sony, PBS, Fox.com, Gawker, and others.
The word steganography has Greek origins, it means concealed writing, in the digital world steganography (aka steg or stego) consists in hiding data inside data, it is mostly used to hide text inside pictures or sound files but any kind of data can be hidden and any kind of file can be used as a carrier file.
Steganographic software takes advantage of the way binary works where the bits towards the right of a file are the ones with less significance, changing them results in little distortion for the file, an example of this would be changing the red colour of a few pixels on a digital photography for a different tone of red that it is not noticeable to the human eye, since a photography can have millions of pixels slightly changing a thousand of them would be very hard to notice without the the original picture to compare with.
Another use for steganography is digital watermarking, the film industry is known to embed an invisible watermark in their preview films, before release, if one of these copies is leaked and found in a file sharing site they can track down who the person responsible for that copy was. Steganographic software is commonly used in conjunction with encryption, the data is encrypted before hiding it to add an extra layer of security, if the hidden data is ever found it would still be protected by a password.
Steganography advantages over encryption
It does not attract attention: Encrypting a message gives away that there is something of value and this will attract unwanted attention.
Packet sniffing barrier: Encrypted PGP email messages start with a line identifying them as an encrypted PGP message, making it easy for a packet sniffer on an ISP to flag encrypted PGP emails by just scanning for the word PGP or GnuPG, this can not be used against steganography.
Makes Internet surveillance difficult: If someone’s Internet activities are being monitored visiting Flickr and uploading personal family photos with hidden messages will not trigger any alarm but sending encrypted messages and visiting a political discussion forum will.
Difficult to prove it exists: In some countries like the United Kingdom you can be required by the police to provide the password to your encrypted files, refusing to do so carries a prison sentence, if the data has been hidden inside a photograph the police would first have to show beyond reasonable doubt that there is definitely something hidden inside the file.
Methods to detect steganography
Steganalysis is the art of discovering hidden steganographic messages, this science is not perfect, it is possible for steganalysis not to detect steganographic files if the data has been very well concealed and the original file, before data has been hidden within it, is not available for analysis.
Image steganalysis
Steganographic software embeds information in front of the hidden message, this information contains details about the length of the message, compression method, and anything else the developer chooses, after all the data has to be readable at some point, if the software used to hide the information (aka payload) inserts some unique characteristic in the header then it can be proved the file has been tampered with.
A good method to find hidden messages inside pictures is by using an hexadecimal editor and read the image header first bytes, for example a GIF image seen by an hexadecimal editor will always read “47 49 46 38”, it means “GIF” in ASCII code, if a GIF image has been used to hide a message within it when viewed with an hex editor the first identifying bytes will be different from the standard ones.
There are automated tools to detect steganography, one such tool is Stegdetect, capable of detecting messages in jpeg images, after a hidden message has been found a brute force attack can be launched, with dictionary words attempting to guess the password and expose the data.
Highly compressed data like .rar, .mp3 or .jpeg files make it more difficult to hide data inside because they have less “spare” bits available, if you want to make it tough for someone to find your hidden data use an uncompressed carrier file, like .bmp for images and .wav for sound.
How to hide text in pictures and other files
There are various steganography programs available to hide text or files inside photographs, sound files and executable files, you can even hide data inside documents and HTML code, any kind of electronic file can be used to hide data within it.
StegHide: Open source project, it can hide data inside images (.jpeg, .bmp) and audio files (.wav, .au)
MSU StegoVideo: It hides any kind of file inside a video and protects it with a password.
Steganos Privacy Suite (Not free): It hides data inside pictures and sound files and encrypts is with AES256.
Mp3Stego: It encrypts and hides data inside .mp3 files, free program with source code available to look at.
Drobbox is an online cloud storage service with millions of users, they claim to keep the data encrypted but their terms and conditions state that (using slightly different wording) there is a backdoor to your private data to allow USA authorities to access it with a subpoena. Besides being unethical it is also a security risk because any backdoor that encryption has can be exploited by the bad guys, without one your data will be more secure from malicious hacking.
Computer hacking forensic investigator
In case using Dropbox back-doored cloud storage does not put you off, a command line computer forensics investigation tool targeting Dropbox users has been released by Architecture Technology Corporation, the tool takes advantage of Dropbox database files and it is meant to be used by computer forensic experts to aid them in their investigation. In real life, anyone with a little Python and Unix knowledge, bad and good people alike, can use this free tool to get data out of Dropbox user’s.
Dropbox Reader can get the user’s email address, Dropbox identifier, software version being used, a list of recently changed files stored in config.db, even without the actualy physical files, names many times reveal clues about the files content, Dropbox Reader can also get a list of files marked for synchronization and the shared directories, stored in filecache.db.
When Dropbox is installed it makes changes in the Windows registry, an investigator should be able to find out that Dropbox has been previously installed by just looking at the Windows registry keys and get some information out of Dropbox even when this has been uninstalled, when uninstalled Dropbox removes the database but keeps the installation directory in place.
Antispyware software should be used in conjunction with antivirus software and not as a replacement, antispyware and antivirus have different functions, antivirus software for example, does not warn you of tracking cookies, good antispyware software will not cause you any incompatibility when you run it alongside an antivirus the developers will have designed it with that in mind.
Free antimalware tools
SuperAntispyware: Light on system resources, it has been designed not to slow down your computer during spyware scanning, it works alongside anti-virus software without compatibility problems, a very thorough antispyware tool, scanning your files, computer memory and Registry, it’s custom scanning engine allows you to check external USB devices like thumbdrives for spyware and exclude folders you are known to be safe in order to speed up the antispyware scan.
SuperAntiSpyware menu screen
MalwareBytes: Multilingual antispyware software that can detect spyware before installation and remove it if the computer has already been infected, the free basic version is very limited, it has no real time protection and no heuristics against zero day threats.
SpywareBlaster: It prevents installation of spyware, adaware and other malware designed to get into your system and invade your privacy. It doesn’t use any significant CPU or computer memory and will not slow down your computer while it protects your Internet browsing session, capable of running along other antivirus and firewall software.
SpywareBlaster malware scan
Spybot Search&Destroy: This malware protection tool provides complete information on any spyware it finds, it works in the backgrouond protecting you against new threats not found by your antivirus software, in between others, it protects you against toolbars installing in your browser without your knowledge and homepage hijacking.
SpywareTerminator: Real time HIPS protection, after scanning your computer SpywareTerminator will show you a list with easy to understand information of all of the threats it has found, the entries are classified by risk level and the user can decide what has to be removed, integrated with ClamAV open source antivirus which is included with the antispyware software download.
Lavasoft Ad-Aware: The free version provides basic behaviour based heuristic technology able to detect zero day threats, rootkit removal, integrated with Windows Security Center, spyware scanning can be scheduled and customized pin-pointing Ad-Aware to single files or external hard drives, you can submit suspicious files to Lavasoft technicians for analysis with just a click.
Beware of fake antivirus and antispyware!
A well know multimillion scam is run by fake software pretending to be a legitimate spyware removal tool that is not able to detect anything and makes computer users believe that they have been infected by malware by showing them window replicating a computer scan with annoying popups and scary messages, in order to remove the non existent malware from the operating system the user must to buy an “upgraded” version of the software which then removes the fake malware warming message.
Fake spyware alert
Stay out of brands you know nothing about, if you believe your system has been infected by spyware do as much research as possible on the Internet about the kind of malware you have, before upgrading to any paid for software whose brand you know little about inquire around first and most important of all, never install any pirated antivirus software in your system or buy it from dodgy sources, not only the updates for counterfeit antivirus will eventually stop working, but most times warez cracked antivirus software also comes embedded with a virus.
Trusted Platform Module hardware contains a built-in chip with cryptographic capabilities able to perform RSA 2048 bit public key encryption and decryption with its own internal hardware engine for SHA-1 hashing, the private encryption keys are created within the TPM chip and never exposed to outside elements, TPM chips are usually found in high end notebooks, many of the of laptops using a fingerprint reader to login are linked to the motherboard’s TPM security chip.
A Trusted Platform Module chip stores digital certificates some of which are file encryption and login authentication keys, the data can only be decrypted by the TPM chip itself, one of the requirements for a notebook to contain a TPM chip is that the chip has been permanently attached by soldering it down to the motherboard, tampering mechanisms, e.g. tampering proof tape, are recommended but not mandatory.
A TPM chip can optionally forge a key tied up to specific computer hardware, aka “sealing” a key, by creating a snapshop of the computer values and hashing them (aka checksum), where a TPM sealed key exists, every time the computer boots file hashes are compared and if they do not match the computer will not boot, removing the hard drive from the device and plugin it in somewhere else will make it unbootable.
Trusted Platform Module encryption diagram
How to enable a TPM security chip
Not all computers have a TPM chip, it is normally found in enterprise level laptops, most of them come with the Trusted Platform Module chip disabled by default, you will need to enable it in the BIOS.
To enter the BIOS click on Del or F2 (depending on BIOS brand) while rebooting the computer, the TPM chip settings are found under “Integrated Peripherals” or in a separate “Security Section” that some motherboards have, choose to enable it, save the BIOS settings and boot your operating system, you will now need to install the motherboard device driver for the TPM chip, the motherboard manufacturer provides you with it.
TPM chip security considerations
Full disk encryption software like Bitlocker and PGP Whole Disk Encryption can be used with a TPM chip, but some basic security measures must be taken, like establishing ownership of your TPM chip by setting up its own unique password totally independent of other passwords. Because the private encryption keys will be stored inside the TPM chip, if you replace the computer motherboard or reset it to factory settings you will no longer be able to access your fully encrypted operating system.
Embassy Trust Suite, a business security suite that comes with most Dell business computers and can implement full disk encryption, makes use of the TPM hardware chip to generate encryption keys.
