Monday, July 21, 2008

July 2008 Meeting Notes

File Associations
  • You “associate” a file type to the program that opens it in Windows.
  • Associations are usually made for you when you install programs. So if you don’t have an association already for a file type, that usually means you don’t have the software to view that file type installed.
  • How do you find out what software to install? Look up the file type on Google, or ask the person who sent you the file what software to use.
  • The file type is the last part of the file name; it is a period followed by three letters.
  • You can see the file associations that are already set up by opening My Computer, choose Tools -> Folder Options on the menu, then choose the File Types tab.
    If a file is being opened by the wrong program, you can change the association by right-clicking the file, choose Properties, then look for the Change button next to the “Opens with:” line.

Gmail
  • http://mail.google.com/

  • Free, web-based email. 6+ GB of storage. You never have to delete any mail.
  • Quickly search through all your old emails.

  • You do have to be on the internet to read your mail, but you can get to your email no matter what computer you are on as long as you can get to the internet.

  • Built-in spam filter, and other tools to help control unwanted mail.

  • Built-in converters for some file types, eliminates the “file association problem” mentioned above.

Cleaning Malware
How do users get malware?
They download apps that include adware and spyware
They click on misleading popups or banners
They visit sites that use exploits to inject malware
Many users still don’t patch or don’t use antivirus or antispyware

Why doesn’t antivirus and antispyware stop malware?
They are dependent on signatures (they can only defend against what they know about)
Malware directly attacks it

Malware cleaning steps:
Disconnect from the network
Identify malicious processes and drivers
Terminate identified processes
Identify and delete malware autostarts
Delete malware files
Reboot and repeat

Essential Processes needed to run Windows
System Idle Process
explorer.exe
taskmgr.exe
spoolsv.exe
lsass.exe
csrss.exe
smss.exe
winlogon.exe
svchost.exe - (There will be a few of these)
services.exe
By shutting down anything other than these processes, stand alone Windows should operate fine, however if any of these processes are shutdown, Windows will start to become unstable or unusable.

What are you looking for?
Processes that…
have no icon
have no description or company name
are unsigned Microsoft images
live in Windows directory
are packed
host suspicious DLLs or services
    Posted by at
    Labels:

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)