abhishek [MSFT] (Moderator):
Welcome to today's chat. The chat topic for today is "Security for Everyone".

abhishek [MSFT] (Moderator):
We will be starting the chat at 5:00 PM IST.

Subratam (Expert):
hi

Subratam (Expert):
Q: Hi Subratam
A: hi

abhishek [MSFT] (Moderator):
welcome to the chat today on Security for Everyone

abhishek [MSFT] (Moderator):
The expert for today is "Subratam Biswas"

abhishek [MSFT] (Moderator):
Subratam is an MVP. Come to talk about the current day internet security scenario. Know more about spywares and adwares getting introduced to the worst infections for example coolwebsearch, look2me and the recent idemlog infection and how to defend against them.

We will also be introducing rootkits, the latest in security threats and how to defend against them. After the chat, you will be well aware of tips and tricks to keep your computer healthy and free from malicious software and annoying pop-ups.

abhishek [MSFT] (Moderator):
the profile of Subratam: I am a 23 year old guy who loves to fight against spywares and viruses. I did my Bachelors in 2004 with Computer Science. I run my website http://www.subratam.org, Microsoft approved Related Community site where alongwith my team try to help out users worldwide and raise security awareness. I also maintain my blog at http://www.blog.subratam.org I am Security Expert in forums like www.castlecops.com, www.spywarewarrior.com, www.gladiator-antivirus.com and many others. I am in Team Spybot , member of Alliance of Security Analysis Professionals and in my interest , I also analyse and test viruses and spywares sent to me from worldwide.

abhishek [MSFT] (Moderator):
As always , few chat rules just before we begin

abhishek [MSFT] (Moderator):
Please refrain from sending any private messages to the expert during the chat

abhishek [MSFT] (Moderator):
Chat Procedures:

This chat will last for one hour. During this hour, our Experts will respond to as many questions as they can. Please understand that there may be some questions we cannot respond to due to lack of information or because the information is not yet public. We encourage you to submit questions for our Experts

abhishek [MSFT] (Moderator):
We ask that you stay on topic for the duration of the chat. This helps the Guests and Experts follow the conversation more easily. We invite you to ask off topic questions after this chat is over.

Subratam (Expert):
Hello one and all .... warm welcome and good evening

Subratam (Expert):
Q: Hi i want to know about the security
A: Security is a huge field , what specifically you want to know about the security?

abhishek [MSFT] (Moderator):
To post the questions for the expert, please use the check box "Ask the Expert"

abhishek [MSFT] (Moderator):
i will hand over the floor to Subratam now.

Subratam (Expert):
Q: Can you let me know how to take care of spam mails which flood our inboxes
A: Spam mails normally spread due to misconception , opening suspicious attachments and so on. The best way to take care of spam mails is to have updated antivirus and enable real time scanning and scan any attachment you going to download. Do not open mails from suspicious persons.

abhishek [MSFT] (Moderator):
Q: Can you let me know how to take care of spam mails which flood our inboxes
A: I would also say that if you are using any of the online web based email systems, set their spam filters to maximum security. this will filter out most of the spam. Also, when you get spam, don't just delete it. Mark it as spam so that the web based email systems can register these email IDs as spam and not deliver them to your mailbox.

Subratam (Expert):
Q: What approach should be followed to start finding the vulnerabilities for a given application?
A: Vulnerabilities for a given application can be found if it is easily crashed or exploited , if there are invalidated inputs or even buffer overflows

abhishek [MSFT] (Moderator):
Q: about web application security
A: Hi test. Developer related security is out of specific topic of discussion. you can find more information at: http://msdn.microsoft.com/security/

Subratam (Expert):
Q: What are the general extensions we should avoid while opening attachments
A: General extensions are PIF, SCR, EXE, CMD, BAT, VBS etc should be avoided or scanned before opening

Subratam (Expert):
Q: Can we talk about .Net security specifically??
A: This is not a .net specific chat :) , but ofcourse we can answer .net based security questions too

Subratam (Expert):
Q: I am interested in knowing .net security, is that out of scope from this topic?
A: No it is not out of scope.

Subratam (Expert):
Q: while downloading spams unknowingly ,is there any way i can use NAV or anyother antivirus systems content to prohibit spams
A: That is where real time scanning comes into play , which will scan heuristically and also can catch viruses or malwares in the wild. Any antivirus having real time scanning mechanism will be able to tackle it but still it is always better to be safe than sorry

abhishek [MSFT] (Moderator):
Q: we are expecting security in developer point of view...( in .NET)
A: there will be another chat on developer security especially that we will be holding in sometime. today the chat is focused more towards security threats in windows client.

Subratam (Expert):
Q: Is WinXP's SP2 is worth to prevent spywares?
A: Windows XP SP2 is a huge step forward from Microsoft to prevent spywares. It is stable and lessens down the flaws. People complain Windows XP SP2 crashes , but it is always recommended to install SP2 and then connect to internet , or make a computer spyware clean and then install SP2

Subratam (Expert):
Q: Can you let me know more about look2me ?
A: Look2Me is one of the worst spyware that gets inside machine and autoupdates itself often. It monitors websites you visit and sends the information to a central server. And normal symptoms are innumerable pop ups from no where

abhishek [MSFT] (Moderator):
Q: Is WinXP's SP2 is worth to prevent spywares?
A: Also, XP SP2 has many more features that reduce spyware on your machine. the features most useful are: Pop Up Blocker and Manage Add Ons from the Tools menu in IE. Also, IE 6.0 in SP2 prevents, cookies from being deposited on your machine without your knowledge. Of course, Microsoft AntiSpyware is the tool to prevent spywares coming on to your machine

Subratam (Expert):
Q: Is ZoneAlarm reliable?
A: Zone Alarm is good but is a resource hog at times. There are quite a few good firewalls out there , namely , Outpost , Sygate , Kerio etc. Kaspersky Anti Hacker is also one of the best , and my personal recommendation.

Subratam (Expert):
Q: what is difference bet. spyware and malware?
A: Spyware is a broader term , which means a spying software that gets installed in your machine without your permission. Malware means malicious software which can be called a superset of spyware , adware etc

Subratam (Expert):
Q: How to find that a spyware is accessing my data?
A: It is always recommended in today's world... to have one antivirus , one firewall and one or two antispywares. The reason is there are huge number of spywares and lots of varieties. Firewalls do help when a spyware tries to contact any remote server , antispyware can help when there is any spyware already in your machine.

Subratam (Expert):
Q: when computer gets infected by spyware, does it currupts explorer.exe?
A: There are lots of varieties of spywares , and explorer.exe is one of the common target. So normally it gets infected but there maybe some spywares which do not touch explorer.exe

Subratam (Expert):
Q: >It is always recommended in today's world ....... then it will slow down the net speed.
A: slow down in what way?

abhishek [MSFT] (Moderator):
Q: what are the basic new security features incorporated in .net 2.0, specific to web applciation?
A: there are many resources online to address this question. Some are:

http://msdn.microsoft.com/msdnmag/issues/04/06/ASPNET20Security/default.aspx

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGPractices0001.asp

Later when we do chat on developer security you can ask specific questions on the same.

Subratam (Expert):
Let us now talk about some of the different infections like coolwebsearch , rootkits or idemlog etc

Subratam (Expert):
The word "rootkit" became more popular due to the infamous Sony incident and now people know what harm can it do silently

Subratam (Expert):
there are different types rootkits around , but the most famous rootkit must be the HackerDefender which is still active in the web , created by Holy Father ( as creator names himself) , but there are others like FU , Vanquish , NT roorkit etc

Subratam (Expert):
Now almost every spyware or virus companies are taking the help of rootkit to spread and infect much more strong way , as rootkit does the dirty part of hiding the spywares or malwares in the system

Subratam (Expert):
The recent threats are also that spyware companies now promote and invoke people to download "antispywares" but in reality they are rogue products

Subratam (Expert):
Like SpyAxe  and the recent Spywarestrike too , both portraying themselves as antispywares but instead install and infects computer

Subratam (Expert):
The best way to remain secured today is to have firewall and antispyware in addition to antivirus , because no more there is only virus that attacks or is threat to computers now. Spywares and adwares have made their presence felt and sure needs dedicated tools to stop them. These tools dont slow down machine but protect you.

abhishek [MSFT] (Moderator):
we have 10 mins left for the chat. please continue to post your questions for the expert using the "Ask the Expert" button.

Subratam (Expert):
There are free antiviruses like avast, avg, antivir which are much smooth in operation, less resource hog and has real time scanning mechanism too. Free antispywares like spybot and ad aware are also there , Microsoft Antispyware ( now called Windows Defender) has been a great tool though still in beta.

Subratam (Expert):
I would also like to take this opportunity to say that we have opened a community website http://www.securitynprivacy.com/ which will address Developer, IT Admins and Home User security related discussions and questions

Subratam (Expert):
Q: Our mobiles/PDAs are secure in India?
A: Nothing is "secure" anywhere , it is our duty to click and surf safe to be safe. As always best way is to use antivirus because even mobiles are also subject to virus attack or infection.

Subratam (Expert):
Q: Hi subratam!!
A: Hi sathik , we are having a security chat as of now :)

Subratam (Expert):
Final word of advices , click safe and be safe .

Subratam (Expert):
Small tips for everyone to try out --  Service Host (Svchost.exe) is a core piece of Windows XP code that collects a number of lower-level system-critical services and runs them in a common environment.

By gathering multiple functions together, this arrangement reduces boot time and system overhead and eliminates the need to run dozens of separate low-level services.

Now , here comes the usefulness of a command called “Tasklist” . Normally if you want to see what processes / tasks associated with list of applications currently running , you can use the command “tasklist” .

Now go forward and add a ” /svc to it ” which gives “tasklist /svc” without quotes. That will give you services for each process. Type manually and NOT copy paste , atleast what I found out , tasklist /svc /fi “imagename eq svchost.exe” in the command prompt and Enter. I can bet you will be happy what you will see as result.

abhishek [MSFT] (Moderator):
Thanks for attending the webchat today

abhishek [MSFT] (Moderator):
Hope this chat was useful and informative.The transcript of the webchat will be put up on: http://www.microsoft.com/india/communities/chat/default.aspx

 
Subratam (Expert):
Thank you to everyone , do not neglect security but just do the basic things right ( firewall , antivirus and antispyware and clicking safe) and you will be secured :)

abhishek [MSFT] (Moderator):
Would like to express special thanks to Subratam, MVP Security Technologies who took time to chat with us on security

abhishek [MSFT] (Moderator):
Thanks Subratam for delivering this interesting and informative session

abhishek [MSFT] (Moderator):
Please feel free to pool in your feedback at commind@microsoft.com