Say you've just recovered from a serious worm attack. You've run your antivirus and adware/malware removal utilities, installed the latest patches, even double-checked to make sure your security and privacy settings are set at high. You're good, right? Maybe not.
Microsoft recently released a Security Advisory (along with an update to Windows XP Service Pack 2 containing the fix) warning about an "unexpected behavior" in Windows Firewall that could let a clever attacker who had broken into your PC leave a back door to the Web unlocked for next time. Only PCs running either XP with SP2 or Windows Server 2003 are susceptible.
Hackers sometimes get into a PC by taking advantage of the ports that Windows uses to talk with the world. Literally thousands of ports are available, but Windows Firewall automatically blocks most of them to protect you.
You can let programs connect to your PC through specific ports by entering those ports as exceptions in the firewall's user interface (found in Windows' Control Panel). The user interface also lists these exceptions so that you can see what ports are enabled on your system. Information about the ports is stored within the Windows Registry.
Recently, someone figured out that if you insert port exceptions directly into the Registry and give them "malformed" names, the firewall's user interface won't be able to display them and you'd never know the port was open. Fortunately, no exploits of this vulnerability have been reported yet.
The Security Advisory also explains how you can determine if any sneaky exceptions already lurk on your PC. To get the update, which makes invisible entries visible in Windows Firewall, go here. For the Security Advisory go to http://www.microsoft.com/technet/security/advisory/897663.mspx.
Avoid fake Google
Panda Software identified a new worm that redirects your search requests to a phony Google site. The P2load.A worm masquerades as a free Star Wars game. After you run the file, your attempts to point your browser to Google actually take you to a fake site with different paid advertisers.
The worm alters your start page, changes your Internet Explorer search options, and infects your PC with various adware programs. It spreads through peer-to-peer file sharing apps, such as Imesh and Shareaza. For directions on identifying whether your PC's been infected and wiping the imposter off your system go to here.
When Windows update doesn't
Have you been thwarted in your quest to get updates from the Microsoft Update or the Windows Update site? Instead of receiving a reassuring patch install confirmation, you may have been left staring at a screen filled with the geekiest sort of cryptic error messages (for instance, "Error 0x80072EE2"). Possible causes include conflicts with third-party firewalls and problems with the update sites' addresses hard-coded into Windows' Hosts file.
To get Microsoft's step-by-step workaround for users without a proxy server go to here.
For those using a proxy server, see the workaround at http://support.microsoft.com/kb/900935/.
Fix Wi-Fi router problems
Linksys has issued a firmware update for its popular WRT54G wireless routers that patches several security flaws. Someone exploiting the bugs could target you with a simple denial-of-service attack intended to crash your router, or they could change the configuration of the router, including the password. This could allow the attacker to change your firewall's rules and install new firmware on the router.
Get Linksys's update here.
IDefense, the research firm that found the bugs, has five advisories with more details.