So, my last couple of posts have been a little too political. Hopefully there's some info in this post that will come in handy, but what would really be great is if it 'learned you a little...'
Yes. I use McAfee. Yes, it's a pain in the ass. Unfortunately as of this moment in computer security, if you're using Windows (which for the moment I'm forced to), you need some sort of virus scanning software. Why McAfee? I don't know. I guess because I've had a subscription which I keep renewing rather than go out and research other products. (I'm a bit pressed for free time at the moment.)
So a couple of days ago, McAfee started to fail when trying to update definitions. Today, I finally had some time to figure out what the problem was (with a little help from McAfee tech support). The problem was that my computer was too secure to allow McAfee to update properly. Yes, you read that right. My computer was too secure to allow my security software to run properly. Well... that, plus there was an incorrect setting in my local hosts file. I'm not going to go into why I think McAfee needs to hard code IP addresses. I think that's a little ridiculous, but they may have a valid reason. Doubtful, but hey. Anything is possible.
What they don't have a valid reason for is the following options in IE "Internet Properties:"
--Disable "Check for publisher's certificate revocation."
--Disable "Check for server certificate revocation."
--Disable "Check for signatures on downloaded programs."
--Enable "Use SSL 2.0"
The most frightening one is the 3rd one, checking for signatures on downloaded programs. What's a signature? In the simplest of terms, it is a digital way of verifying that the file you're about to download (and possibly execute) comes from a trusted source. If you don't know that downloading and running programs from untrusted sources is a Bad Thing(TM), it would not at all surprise me if you've got a trojan on your computer, and you should stop doing it immediately. So...
First, don't download programs from untrusted sources. Second, if you can, keep this check enabled. At the very least, it may prompt you with an annoying warning banner. At the most, it might save you from having your computer become part of a botnet.
So, what are these certificate revocations you ask? It's simply a way of verifying you are connecting to the web site or server you think you're connecting to. Sometimes after a digital certificate has been issued to a web site or server, it must be marked as invalid, or revoked. Sometimes this is due to unforeseen errors. Sometimes it's due to the company that issued the certificate being hacked. If you are unaware that a certificate has been revoked, you may be redirected to a web site pretending to be a trusted web site, which (if you keep that "Check for signatures of downloaded programs" option disabled) may be able to install software on your computer without your knowledge. That's a Bad Thing(TM)
Lastly, we come to this SSL 2.0 thing. SSL stands for Secure Socket Layer, and it it as the heart of commerce on the Internet today. It's how you can securely log into your banking web site and transfer funds. It's how you can enter your credit card number into Amazon.com without worrying that a Bad Guy(TM) will get it and go buck wild on your dime. Well, there's different versions of SSL. SSL 2.0 is less secure than SSL 3.0. SSL uses weaker mechanisms to set up a secure connection, and is subject to what's called a man-in-the-middle attack. A man-in-the-middle attack is just how it sounds. Some Bad Guy(TM) gets between you and what you think is a trusted web site. What you don't know is that he can read and manipulate every piece of information sent to and from your computer. For the home user, this didn't used to be a big deal. But with the ubiquity of WiFi, a man-in-the-middle attack is very easy. I'll have a post coming up on some WiFi security measures (when I get some more free time).
So, McAfee, the company that I (for now, unwillingly) trust to keep me safe is in fact, making me less safe. Sure, I trust McAfee not to download Bad Things(TM) to my computer, but these settings don't affect just McAfee stuff. They affect every connection I make to any server in the world, and that's a...
Bad Thing(TM)