Now and then the unexpected happens and leaves you floundering. Even though we know that certain emergencies can occur – the punctured tyre, the stolen handbag or the phone dropped down the toilet, for example – we never seem adequately prepared for them when they eventually occur.
Yesterday evening, Tigger said that she could not get the Internet radio to work. Then when we looked at the BBC’s iPlayer site, that wouldn’t run either. Were there problems at the Beeb or…?
I began to notice problems on my own PC, in particular difficulty accessing certain sites online. I couldn’t load even such standards as the Google search box. Some sites would load and then they wouldn’t, or a previously refractory site would become available, but only briefly.
I suspected that the Internet connection was misbehaving even though the PC was reporting that it had a strong signal with good speed. Then I thought to try the iPod and found it could access all sites without the least difficulty. This indicated that the Internet connection was fine and that the problem was on the computer… on BOTH computers, because Tigger was having the same problems.
I switched off the wireless connection and connected my PC to the router with a cable and tried accessing the latter’s adminstration page, thinking it might have some scrambled settings. I found I couldn’t access the admin page on the PC even though I could easily do so on the iPod. The mystery was deepening.
I eventually reached a position where I could access ordinary Web sites with Firefox (though not with Internet Explorer, Comodo Dragon or Opera), though they took an unusual amount of time to load, but all sites relating to viruses, such as Kaspersky’s Web pages, refused tot load. This reminded me of what happened last time I had a virus infection, then too I was locked out of such sites.
There was another piece in the jigsaw. When I rebooted the computer, the familiar little window that pops up to tell you about programs still running would appear and inform me of a running program whose name was unfamiliar to me. It in fact appeared to be a string of random characters. Was I in this catching a glimpse of a virus’s coat-tails?
These clues suggested to me that my computer had been infected with a virus that had managed to sneak past the firewall and antivirus shield and install itself at ease on my machine.
What exercised me, though, was that Tigger was experiencing similar problems. I began to think that I had inadvertently passed the putative invader on to her machine via the wireless connection. (Jumping ahead somewhat in the narrative, the technician I spoke to said this couldn’t happen.)
There was nothing for it but to pack the laptops in their bags and, thIs morning, for me to trundle them up the road in the shopping trolley to the computer repair shop.
I am at a loss to understand how two computers simultaneously but independently develop the same fault unless infected by the same virus. But what is the likelihood of two people engaged in different tasks falling victim to the same virus at more or less the same moment? The odds must be hugely against it. On the other hand, if it isn’t a virus, what is blocking our access to the Internet and Web?
If the worst comes to the worse, I have all my data, together with the installation files of my applications, backed up on external disc drives, though if we do have a virus, then these drives could be contaminated too and would need to the cleaned.
We will now have to wait, as patiently as possible, to hear what the repair shop has discovered. In a household where, unless we are going out for the day, the computers are switched on first thing in the morning and switched off last thing at night, this wait is painful, to say the least. I keep thinking of things to do, only to realize I can’t do them because there is no computer to do them on.
I can do a certain amount on my Blackberry and on my iPod, and we also now have an iPad which can be pressed into service, but the hole in our lives is all too evident nonetheless.
For this reason, I am surprised how calmly I am taking what I would previously have regarded as a calamity. Perhaps recent events on the health front have helped put such things into perspective. The computers will be back on our desks in a day or two, all being well, and normal service will then be resumed, albeit at a cost of money that was needed for other things.
For now, I am enjoying (if that’s the right word) a break from computers and rediscovering other ways of filling my time.
My initial thought is that if the two laptops share a connection (wi-fi router) and are “visible” to each other then it might be possible to pass the infection without doing anything. That’s assuming it is an infection. For us, the best thing I ever did was to create a massive hosts file to stop the machine being taken anywhere we don’t want it to go.
Recently it took me four days of virtually non-stop work to get Java sorted out on our multi-boot system, just to try and make us feel a little safer. It’s possible to get to a situation where you can’t uninstall or reinstall the 7u11 version of the dratted product no matter what you do (scraping the registry of references, scouring all drives and deleting all folders and contents, etc). Fortunately I found a way…
Good luck with the repairs – hope all goes well and ASAP.
Tigger is less sure than I am that the trouble is caused by a virus. In some ways I would prefer it not to be because I have various security devices and look only at sites declared safe. If even these “safe” sites are dangerous, then that leaves me feeling very insecure.
I will therefore be very interested in the repairers’ diagnosis and advice, if any, for avoiding a repetition.
The main goal remains that of restoring the laptops to working order so we can get back online. Blogging with the Blackberry and the iPod (on which I am writing this comment) is fun but not as easy and convenient as using a computer.
I agree with you about the scariness of having supposedly safe sites suddenly become unsafe. I try to keep up with the latest threat descriptions (watering hole attacks and the like) and it’s a full time task. Folks like us who conduct research using the ‘Net may be exposed to attacks far more than the average user (except that the balance swings the other way if the average user is accessing porn – as we are led to believe
)
My finger of blame points mostly at the advertisers. Many sites now not only demand that you keep cookies enabled for third parties if you visit, they also make access to fourth and even more party sites a requirement before you can gain access to information.
In the past if you blocked dubious sites using hosts it was no big deal: just a blank or an error message in the portion of the screen where the ad was destined to be placed, so if it carried a payload you never received it.
Now some sites transfer control directly to the undesirable site, which hosts the return parameters and won’t transfer you back until you have received their materials. My policy in those circumstances is simple: if a site demands that I surrender any part of my security in order to satisfy their advertising agreements with all and sundry, then I stop using them as a source. It can make life difficult, but not as difficult as trying to recover a damaged system…
PR and commercial sites (and criminals) are continually developing sophisticated new techniques, not merely for advertising but also for the purpose of manipulating their audience. Ordinary users have no chance of keeping up with this and of understanding the dangers and how they are being manipulated.
Another possibility (one I’ve been skating around trying for a while now) is application white-listing. I don’t think you’ve said whether you do this – my guess would be that you don’t.
If you don’t run too many different software apps on your systems, you could consider application white-listing, which would mean that the only executables that get to run are those that are explicitly authorised by you.
In general this is superior to all other forms of protection, even antivirus and firewalls. Where it falls down is when the malware masquerades as an approved application. But there is a failsafe: the checksum. The chance that a piece of malware could not only fake being an approved application but could also fake the currently-verified checksum is so small as to be regarded as nil.
You can find lots of info online about application whitelisting so I won’t give links here. Depending on your OS, you may do better to go with a third party white-listing utility (but then you’re talking additional cost).
The reason I’ve skated around it for our system is that I have tons of software that I use fairly regularly so white-listing would be a real pain for quite a while
As you surmise this is not something I have considered. As attackers become ever more sophisticated, though, who knows what we may have to consider in the future?
DEP (Data Execution Prevention) was supposed to be the ultimate, implemented not only in software but especially in more modern hardware – but then hackers found a way around even the hardware implementation so that barrier became moot.
Twenty years ago the solution would have been to avoid using the Internet, but who can afford to do that today?
I often think about this when I hear that a high profile network belonging to a national national security has been hacked via the Internet. Putting these systems on the Internet is an open invitation to hackers.