WizGidget

Last week we discussed using the Windows System Restore tool, and I commented that I’d let you know how it went with finding the issue with backups.  It turned out that the problem stemmed from the “Connection Manager” software I’d installed to support my broadband wireless card.  This week I thought it might be helpful to go over the process I used to isolate and resolve the issue.

The Windows System Restore tool is found on Windows XP by clicking the Start button, then All Programs, then Accessories, then System Tools, then System Restore.  The first screen on the System Restore window gives three choices: Restore, Create a restore point, and Undo my last restoration.  I picked Restore and clicked Next.  The next screen shows a calendar, with today’s date selected, and the list of restore points (if any) that were created for today.

Because I wanted to be able to put things back the way they were, I started with the current day and worked backwards, recording any software that had been installed, in the order it had been installed.  I kept going back day by day until I found the backup software install.  That way I developed a list of applications I would have to reinstall on the way back to the current setup.  Some of the restore points were listed as “Software Distribution Service”, which are clusters of updates done by the Windows Update or Microsoft Update.  I didn’t need to worry about which updates those were, I could just let Microsoft Update take care of tracking which updates needed to be reinstalled.

Once I had the list of software that had been installed after the backup software, I went ahead and did the System Restore, which requires a reboot.  I immediately tested the backup software to see whether it worked or not.  Joyfully it did, and so I knew that something that came after that broke things.

Even though the Windows and Microsoft updates had been interspersed with other installations, I thought it might be good to go ahead and get all the updates installed first.  I have Windows set to download, but not install updates, so most of them I could install that way.  Others I went to the Windows Update website (there’s a link on the Automatic Updates tool, available from the Control Panel) and forced the install.  After all the updates were installed and I’d tested backups, I installed each application, one at a time.  I tested backup after the application install, then rebooted, and tested it again.  When I installed the Connection Manager, backup still worked, but after the reboot it no longer worked, so I knew I’d found the culprit.  It turns out that  the broadband card manufacturer Sierra Wireless also has a connection manager tool separate from the cell phone provider, so I tried installing it instead, and that one doesn’t break backups.  It doesn’t have the nice bargraph showing how much bandwidth I have remaining for the month, but I can live with that.

Recently I upgraded the internal disk for my laptop from a 120Gb (Gigabyte) disk to a 500Gb disk.  This is a tough thing to do because I have quite a few applications installed on my laptop and it requires reinstalling Windows.  The order of install is important too — for instance I have two HP network printers that each have their own software and drivers.  I have to install the inkjet printer before I install the laser printer.  Then there’s a bazillion Windows updates that have to be installed (the Urban Dictionary defines “bazillion” as, among other things, “A figure of speech describing more of  ’something’ than is imaginable.”)  The Windows installation media I have installs Service Pack 2 (SP2), where SP3 is current for Windows XP, so I have to install SP3.  Fortunately I keep a downloaded copy of SP3 available.  Most of the Windows updates get installed via the Windows Update or Microsoft Update that I discussed last week, which downloads them individually.  Boy am I glad I have a broadband internet connection: it would take days with a dialup connection!

The real challenge is that sometimes installing new software or updates breaks things that were already installed and working.   One of the things I’d installed was the client for a network backup tool I use: Netbackup.  Netbackup (NBU) is an enterprise-level backup application that I run in my home/office environment so that I can kindof-sortof stay competent on the product.  After I’d installed the NBU client, I verified that backups were working.  I then continued to install other applications and updates.  Somewhere along the line, NBU went snobby and wouldn’t allow the server to connect over the network anymore.  I tried turning on the logging and checking the logs for errors, doublechecking configuration, and all sorts of other diagnostic measures.  I couldn’t figure out why it wasn’t working, because all of the configuration was correct.  My intuition told me that because it had worked at first, it was probably one of the applications or updates that had been installed after NBU that was breaking things — but which one?

Fortunately, Windows has a tool called “System Restore” that can be used to semi-miraculously put Windows “back in time”, say before the offending update had been installed.  System Restore allows setting checkpoints that saves the system state at that point in time.  Also fortunately, Windows updates and most software installs are smart enough to take a System Restore checkpoint before they do their work.

So, I used the System Restore utility to put my laptop configuration back in time to just after the original NBU client install, and then tried running a backup again: Voila! it works again. This confirmed my impression that it was a software or update install that had broken things.  Now I just have to re-install software and updates that were installed after that point in time, a few at a time, to figure out exactly what broke things.  I’ll let you know how it goes.

Any application you run on your computer is a computer program.  Windows itself is a program.  Anytime a program is written, care must be taken to make sure that the program behaves in the way you intended, but as any programmer can tell you, this is a difficult thing to do.  The more complex the program, the more difficult to check your program for issues, or what programmers call “bugs.”  One of the ways a program can behave in a way you didn’t expect is to do things like allow running another program, or allow unauthorized access to other programs on your computer.

A vulnerability is a flaw, or “bug”  in a program that allows an attacker to do things they shouldn’t.  For instance Windows may have programs “listening” on the network for connections, such as a query to see what fileshares or printers your computer has “shared.”  If these programs have security flaws that allow an attacker to copy a program file to your computer and then run it, and a hacker or cybercriminal figures out how to take advantage of that flaw, then your computer becomes vulnerable to that attack. Another way your PC can be vulnerable is by secondary programs, like WinZip, or Acrobat Reader.  If you receive an email with an infected zip file or PDF file, and you open the attachment, your PC would be infected with that virus.

Last week I mentioned that something like 2500-3000 new vulnerabilities are discovered every 6 months.  That’s a lot of vulnerabilities!  The context of those numbers wasn’t mentioned in my reference, so I’m assuming that it pertains to Windows and/or Windows-based applications.  When those vulnerabilities are discovered for Microsoft products, Microsoft puts out Security Updates to “plug the holes” so to speak.   It’s really important to get the security updates installed on your computer, so that you’re protected against those 2500- or so new threats.  Fortunately this is pretty easy to do with a PC with an internet connection: you just configure Windows Update.  There are good instructions on setting this up on the Microsoft website: just do a search for “windows update XP” or “update windows 7″ or something like that for the version of Windows you’re running.

If you also use other Microsoft products such as Microsoft Office, there is another tool available that takes the place of Windows Update: Microsoft Update, which is available at “http://go.microsoft.com/?linkid=3646727“  If that link doesn’t work, try searching for “Microsoft Update”.  Once Microsoft Update is installed, it works the same way as Windows Update, except that it checks for updates for all of the Microsoft applications you have installed, not just Windows.

A word of caution with Windows Update or Microsoft Update: I recommend that you set it to download the updates, and let you choose when to install them, as opposed to automatically installing them.  That way, if an update breaks your PC, you’ll know that it was an update you just installed that caused the problem, which will make it easier to fix.

This week I want to dig a little deeper into the subject of Botnets, especially with regard to what you can do to protect your PC against becoming bot-infected.

The first consideration is vulnerability — how does your PC become infected in the first place?  Basically viruses are introduced through the introduction of new data.  If your PC were sitting there by itself, with no network connection, no modem, no floppy drive, no USB-ports for thumbdrives (some people call ‘em flash drives), it would be pretty safe from virus infection.  It would also be fairly useless.  How would you install new software, or get data you need on or off the PC?

New data comes in the form of thumbdrives, network and so forth.  One way the virus can be introduced is by getting you to run the program that infects your PC.  You might actually run the program yourself, or it might happen automatically via the windows “Autorun”.  I wrote about how to turn off Autorun back in the first September issue.  The only real protection against becoming infected via programs that you run, other than being  judicious about what you run,  is to have a good virus protection software, keep it up-to-date, and use it to scan external storage such as thumbdrives as soon as you plug them in.

Most people use their PC to access the internet for web-browsing, email, and other forms of communication.  It’s pretty obvious that net surfing is introducing a LOT of new data to your computer.  Viruses can come in the form of attachments to email and compromised websites.  A common infection in the last year or two is the fake anti-virus scam that usually comes from a malignant or compromised website.  Even the NY Times website was compromised with this scam for a short time, via the “comments” feature of the site.  I suspect that websites that your mother would disapprove would be prime candidates for this — the risk of infection is proportional to the level of  “I shouldn’t be doing this” — especially since I believe the virus authors use that type of honeypot website to attract people and thereby infect them.  Another form is infected zip or even PDF files that arrive as email attachments. Generally these are spam emails that are detectable because they’re coming from someone you don’t know, or were unexpected, etc.

Finally another avenue for infection is through Windows or application vulnerabilities.  Microsoft is really good at marketing, but not so good at writing what programmers would call “tight, secure code”.  The vulnerabilities make it possible for malware to get into your PC over the network — which is why I mentioned securing your WiFi the last couple weeks.  According to Jeff Jones, director of Trustworthy Computing at Microsoft, there are 2500-3000 new vulnerabilities reported every 6 months.  Other than keeping your virus software up-to-date, the best solution here is to keep your Windows up-to-date as well.  Microsoft provides a utility to do just that, called “Windows Update”, which we’ll talk about next week.