The Electronic Frontier Foundation is on the fore-front when it comes to defending our digital rights. Even as a European I think they are doing important work even though they are mostly US centric. This because whatever happens in the US ripples over the pond and affects Europe and the rest of the world anyway. That means that next to larger fast-food portions increased digital surveillance is on its way to the EU as well.
Next to protecting our digital rights they are the author of a number of awesome security plugins and tools like the HTTPS Everywhere and Privacy Badger browser plugins and a driving force behind the Let’s Encrypt free web site certificate tool set.
You know how it goes. You get this new and shiny computer from big computer company X and with it you don’t only get your OEM licensed Windows OS but also some “super handy” tools X happened to install just for you.
Dell is no different so mine come with Dell Data Vault, Dell SupportAssist and Dell Update Service. All of this is (of course) for your own benefit to update your machine to the latest drivers and blah blah blah, even though anything crucial is sent through Windows update anyway.
The downside is that these things are constantly running and using up your precious CPU and memory, while you’ll probably never need them. Ever. Oh, and they also come with some securityvulnerabilities apparently, which is always a good reason to kick their butt.
I don’t know what Dell Data Vault even does and don’t care to either (its backup software probably). To make things worse it even causes my system to lag sometimes which I notice as my audio glitches up when that happens. I don’t always listen to breakcore you know, so I do noticed that sometimes.
I also noticed that uninstalling Dell Data Service is pointless as (I think) the Dell UpdateService will just reinstall it. Which sucks.
So I see two options.
Uninstalling all Dell related software. This is kinda drastic and you might want that stuff if you need support after all.
Disable the software and prevent it from starting up altogether.
So how do you stop those services from starting up automatically? Here’s how:
On you desktop, press WindowsKey-R, this brings up the Run prompt.
Type services.msc and hit enter. This brings up the list of services installed on your machine.
Look for the Dell ones in the list.
Open them, one by one, and in the General tab select the startup type “Disabled”.
Hit “OK” to save.
Note that in the screenshot I’m disabling a completely innocent service per demonstration as I don’t have a Dell machine handy with an English version of Windows on it.
From now on those pesky services won’t be wasting your resources anymore, until the day you might need them again. All you have to do then is go back into the services console and switch the startup type back to Automatic and save.
Then right-click the services in the list and choose “Start”, or simply reboot the machine.
But we’re not quite there yet. There’s still the case of PCDoctor and the SupportAssist client. Those sneaky startups are hidden in the scheduled tasks. You can disable them using the Task Scheduler like this:
Press WinKey-R and type Taskschd.msc, press enter.
In the list of scheduled tasks in the root node you’ll see a “Dell SupportAssistAgent AutoUpdate” or something similar.
Right click the task and choose “Disable”.
Repeat for any other Dell tasks in there.
They don’t all have “Dell” in their name, but if you check the Action tab below the path to the executable will give them away (like in the screenshot). In my case I had some additional PCD (PC Doctor) tasks and one SystemToolsDailyTest task to disable.
Another good tool to disable scheduled tasks if from the CCleaner tools menu, or by using the SysInternals Autoruns tool.
This worked for me, but as is mostly the case with things you find on the internet… use this info wisely and at your own risk. ;)
If you want to kick some NSA buttocks and claim your privacy then get yourself this reset the net pack and install some super-duper encryption for your PC, Mac and phone(s).
There ain’t that much on there really, but if you scroll down to the Other Resources section there’s links there like the Prism Break one I mentioned before, which contain tons of (more techy) tools and software for all your stealthy encryption needs.
WordPress is popular and as it goes with all kinds of popular software, it becomes a target for hackers trying to take over and use your site to send spam into the world, or just cause some other kind of mayhem.
To protect yourself from this kind of trouble, there are a few things you can do to prevent bad things from happening to your precious WordPress site.
First of all, keep your WP software up-to-date. There are usually some security fixes in there and you do want to have those live on your public facing site. Hackers know what the vulnerabilities are in old WP versions and scan the internet automatically for unpatched sites. Don’t become an easy target by not having the latest version of WP installed. The latest version of WP (v3.7.1) is able to do security updates itself which is awesome. Be sure to check if your site supports this and activate it if it does.
Keep your plugins up-to-date as well for the very same reason. Old plugins can offer a way in for hackers and we don’t want that to happen.
Delete (old) pluginsyou don’t use anymore, or replace them with newer ones. JetPack has a lot on board out of the box now so you can probably ditch a few old plugins. The less plugins you have, the less possible vulnerabilities your site has.
Take regular backups. In case something goes wrong, you can at least restore a version you know isn’t compromised.
Use a long, hard to guess and preferably random password for your admin account. Using a different admin user is also a good idea. Brute force login attempts are made against the default “admin” user, so if that one has a long random password you’re pretty safe there. You can use something easier to remember for an alternative admin account if you want, but I recommend you to use something like KeePass to manage long & unguessable passwords anyway.
Here are some plugins that can help with these tips:
WordFence scans your site for possible vulnerabilities by checking your installed WP and plugin files with the ones from the official releases. It also helps with the first 2 tips by warning you by email if a plugin or WP itself needs an update. Quite handy.
WP security audit log won’t prevent anything, but it keeps track of logins, updates of plugins etc, so that if something weird happens, you can use it to figure out the “when” and “what”.
A backup plugin. There are plenty and you should pick one that fits your needs. I’ve used BackUpWordPress for a DB backup only, but it can also backup the files. It sends you an email with either the zipped backup or a link to download it if it’s too big to stuff in the email. Another good option is UpdraftPlus which can backup your files & DB to remote storage like Google Drive or Dropbox a.o. Your hoster might also have a full backup feature, which is usually the best option anyway as it will backup more than just your WP site.
BruteProtect protects (as it says) against brute force login attempts, a problem a lot of WP blogs had to deal with lately. Next to that you should of course make sure you have a complex password for your admin account.
Bad Behavior is mainly a tool to combat spam, but since it scans for incoming malicious requests it can also block the occasional bot looking for vulnerable sites.
For a more extensive guide to securing your WordPress site, also check out this Bloggers Guide to WordPress Security. It’s long and full of great tips and guides covering a wide rang of security practices like how to combat spam, CAPTCHA’s and setting up HTTPS.
Let me tell you about that time my site got hacked.
Once upon a time I received this email from Google. Now when Google emails you, you usually pay attention, even it it’s a bot. Those guys know their stuff.
The email told me that my site was possibly hacked because it was suddenly feeding spam when the Google bot was passing by.
The reason why I got this email is because I use the free web master tools from the G btw. That way they know my site has behaved nicely over the years, and when it suddenly started spewing spam, they knew something bad was up.
The scary part is that this only happened when Googlebot was munching my pages. Not when I or any other human passed by with a browser. So in other words, I didn’t have a clue.
Because it was quite the mystery, I checked my web folder and found a few suspicious files and folders in there. Suspicious, because I never put them there.
I found a folder named “coockies“, an unknown common.php, session.php and coockies.txt file. My .htaccess file was also changed. All php files and the .htaccess had the same timestamp. I compared my complete WP installation with the original installation files to be sure no other files were modified, which turned out to be the case.
The folder seemed to contain files with file names resembling URIs of my blog posts. The content was unreadable and appeared garbage. I’m guessing it was an encoded version of the spam my site was feeding Google.
At first I thought my WP blog was hacked, but the entry point was simply the modified .htaccess file. It contained a few new rewrite rules which checked the user agent of the incoming request, and if that matched any of the major crawlers, it would redirect to the new php files, which would feed the spammy content.
Cleaning up turned out to be rather easy.
I deleted all the new files, restored my old .htaccess file (hurrah for backups) and changed my site passwords just to be sure.
The fishy thing about all this is that I’m still not sure how these files got on my system (hence the password changes). The timestamp on the files seemed to point to the moment I last ran a WP and plugin update on my site. Maybe it was pulled in with a compromised plugin, but there is no way to tell which one it could have been. Another option is a compromised FTP account, but that password was already random before I changed it so that seems unlikely. I still changed it to a random and longer one to be sure.
I also took some extra defensive measures to try to avoid this kind of hack in the future, but that’s for another post.