josephkk said:
Thanks, the third one did it for me. I guess i will finally have to
reconsider dealing with ePrey.
?-)
That's great, Joseph. I had a lot of problems with eBay when I first
started using them, but that was many years ago. Since then, it has
turned into a very smooth operation and I've had zero problems. I've only
lost one shipment, and the vendor quickly sent another unit.
One thing I stronly recommend is to split your operating system into
separate installations. One for normal browsing, and a second
installation that is strictly for financial transactions.
I use Ubuntu 10.04 LTS as the host, and VirtualBox as the VM. I have
separate installations of WinXP that provide the services needed for
browsing, banking, software development, etc. I do pcb layout and routing
in Ubuntu so a windows crash will not interrupt an autoroute in progress.
The XP installations are stripped to the bare minimum that is needed for
the required services. That means all unnecessary functions and services
are stripped or disabled. I turn off Auto Update, Restore, Firewall (not
needed), and I don't bother with antivirus programs. Everything else is
turned off and any unnecessary files are deleted.
This allows making a very small installation that is easy to back up to a
spare hard disk. I use a 10GB dynamic hard disk in VBox. The banking file
is only 830MB, and the other installations may be 2GB or so. These copy
very fast to the backup drive, so it is convenient to keep the backups
current. I can increase the size if needed, and shrink it later when the
requirements change.
Then if a virus strikes, or I get a bad software installation that wrecks
the registry, I don't have to reinstall XP and all my files, then try to
get all the original settings back. That takes a very long time and I
never get tham all.
I just copy the backup over the bad file and I am back on the air in a
matter of seconds. The other advantage is I can copy the installation to
a different computer and get a byte-identical installation on the other
computer. XP doesn't know that it is a completely different motherboard
and hard drive, so it doesn't care.
I use the System File Checker from Win98 to check for missing or
corrupted files, and to see if any new ones have suddenly appeared. This
only works with the Win98 version - the XP version does not allow you to
specify the file extensions and folders you want to monitor. It also
eliminates Win7 since that has folders that will not allow Win98 to
enter.
I use the various rootkit detectors to look for keyloggers and other
malware. But the combination of Win98 SFC and Rootkit Revealer pretty
much covers any trojan or virus that can attack the system, so there is
no need to waste time on Symantec or other resource hogs.
The banking installation is the only place where the passwords and logon
information to Paypal and the banks is kept. This information is stored
in Stickey Password manager and is heavily encrypted. So it is not
available to viruses or trojans that may scan the hard disk looking for
text strings. But there is little chance they could be on the banking
computer since it never goes anywhere else except to the financial sites.
If one of the other installations got infected, there is no way the
malware could detect if there is another installation, and none of the
keystrokes on the banking computer can be detected on the other
installations, so a software keylogger will fail.
The banking computer has no access to email, so a phishing attack on the
another computer will fail.
Most of the well-written malware that is aimed at stealing your banking
logon information will shut down as soon as they detect they are running
in a virtual computer. Virtual installations are used in honeypots to try
to find the command servers and lead back to the authors. To protect
themselves, they simply shut down and no longer present any danger. So
using a virtual installation gives added protection against the most
dangerous malware.
Finally, there are two things you can do to vastly increase your
protection against online theft. First, open another account at your
bank. When you do this, it will have the same profile as your current
accounts, and will have the same access rights on a ATM or online. But
have the bank add a block to the account, so the only way you can
transfer money in or out is by visiting the bank in person and having a
manager override the block.
Now you can put most of your money in the account except for what is
needed for miscellaneous purchases. This will keep the majority of your
funds out of the hands of criminals who would otherwise send it to Russia
with love.
The second trick is to change all the answers to the security questions
that the bank asks when you set up your online account, such as "What is
your favorite color", or "What city were you born in."
Instead of answering these questions with the correct information, give
completely nonsense answers such as "!My.Dog.Hass.3.Flees$"
Note the misspelling and punctuation between words. This prevents any
phrase search from finding the string.
This is simple enough that you do not have to write it down, so it will
not be detected by malware that scans the hard disk looking for text
strings.
Use the same answer for all the questions.
Most banks store the browser string from your computer and ask one of the
security questions if they detect a change.
Now, if a criminal somehow manages to get your logon information, they
will probably be logging on from a different computer and will trigger
the security question. But they will not be able to answer it and the
attack will fail.
There are many other attacks that can get through all these protections,
so you always have to be vigilant and keep monitoring your accounts for
unwanted transactions.
But these methods will give a vastly improved security over what you now
have.
Mike