Today on Blogcritics
Home » Books » Book Reviews » Book Review: PC Pest Control by Preston Gralla

Book Review: PC Pest Control by Preston Gralla

Please Share...Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on LinkedIn0Pin on Pinterest0Share on TumblrShare on StumbleUpon0Share on Reddit0Email this to someone

Spyware is reporting on your Internet activities, keyloggers are recording your keystrokes, spam is clogging your Inbox&#8212and that’s just in the last 10 minutes.

Preston Gralla is an acknowledged maven on the topic of Internet security. In PC Pest Control, he organizes all that knowledge into a readable, imminently-usable book that provides everything you need to know to swat those pests. This is a book for the average computer user who just wants to surf the ‘Net in peace.

Gralla starts by explaining the scope of the problem. What can you lose? How prevalent is spyware, virus and phishing activity? The scary truth is there in Chapter 01, “Your PC Is Not Your Own.” 80% of home computers infected with spyware and 20% with active viruses is bad enough&#8212but 90% of those with infected computers had no idea they had been infested. Once he has your attention with this catalog of bugs and invaders, Gralla proceeds to tell “Where You’re Vulnerable” and how to prevent, monitor and kill these pests. (A helpful list of “selected pest filenames” is found side-by-side with an even more useful list of “selected legitimate filenames” in Chapter 03.)

Once he gets down to specifics, Gralla’s first recommendation is to-the-point: “Throw Internet Explorer Out the Window.” The most popular browser is a target of convenience for pests for several reasons, and Gralla cites them all. He recommends several alternate browsers, but stresses that it’s important to switch if you want to avoid the largest single source of infection. For those who cannot (or simply will not) switch, Gralla provides steps to reduce the vulnerability of the IE browser to attack.

Chapter 06 addresses the pest-potential of “AdWare, Spyware, and Home-Page Hijackers.” Gralla pulls together the information on anti-adware and -spyware programs here, and tells us the strongest reason to use more than one such program on your PC: few of them remove even half of the malicious programs once they arrive at your PC. Sometimes, these malware fighters are also a problem. For example, Gralla notes that Microsoft’s anti-homepage-hijacking software does block other hijackers from replacing your home page setting with theirs&#8212but it restores the setting, not to your favorite home URL, but to the MSN home page. “One might argue that’s a form of home page hijacking,” Gralla says.

Chapter 07 provides the skinny on “Viruses, Trojans and Bots,” not only defining them in accessible language, but showing how they manage to do their damage. I loved the graphics (used liberally throughout the book), and they really contributed to the explanations in this chapter. (Marching bots creep into the back of the computer, signal “I’m here” and spew eMail. These pictures are worth more than a thousand words.)

In Chapter 08, Gralla describes “Email, Worms and Instant Messaging” pests, and tells us the best ways to avoid becoming infected by them. Here, I found the sidebar notes fascinating. Did you realize that in 2004, one person (a 17-year-old from Germany) wrote the pesky programs that infected almost 70% of infested computers? He wrote (among others) the Sasser worm that infected Gralla’s daughter’s computer at college.

I’ve always had good virus protection, so I was baffled when my computer started acting strangely during my freshman year in college. I would be in the middle of doing something&#8212I was writing a school paper, Dad… really&#8212and my computer would slow down and suddenly restart without warning… I discovered that the virus spread through our campus network…

“Spam is, without a doubt, the most prevalent pest on the Internet today.” Gralla opens Chapter 09, “Spam, Spam and Spam,” with that flat statement. I don’t think anyone with an eMail program would disagree&#8212spam costs time and effort, certainly. But then Gralla spells out the hidden costs of spam (up to $2000 per employee for companies whose employees use eMail), not to mention phishing attacks, drive-by downloads and pop-up ads. His information about avoiding spam is revealing&#8212did you realize that some crawlers (harvesting bots that search for eMail addresses) can now read an email address written out like “myname AT myisp DOT com”? Gralla provides two alternatives that still can hide your address in plain sight.

Phishing and a new attack called “pharming” have their own chapter, “Protecting Your Identity and Kids Online.” Both of these pests work by diverting you to a Web site where your passwords, credit card numbers, Social Security number, or other identity information can be stolen. Phishing sends you to a site that looks like a safe place to enter your identity information&#8212your online bank, for example, or your PayPal account screen&#8212but is instead a hacker’s site where your information goes straight to the identity thief. You can guard against phishing by reading a link before you click. If the link purports to go to “www.mybank.com” but reads “www.rnybank.ru.com,” you can be sure it’s a phishing expedition.

Pharming is far more insidious, because your browser and protection software don’t realize the site has been “spoofed.” Your browser will report the link address as what you expected&#8212but your system (or worse, the Web’s Dynamic Name Service [DNS]) is spoofed into translating it to a different IP address. Gralla recommends using Spoofstick, Netcraft or ScamBlocker to protect against pharming attacks. All three support Windows IE and Firefox for Windows.

Providing your children with a safer way to use the Internet is a valid concern for parents. Gralla focuses on using the tools that are already available in services like AOL, search engines like Google and Yahoo, and Internet chat software, to shield the kids as they learn to use the computer.

Gralla closes with Chapter 11, on “Wireless and Home Networking Dangers.” He covers obvious dangers as well as more-subtle ones. “Would you like a pest with your latt√©?” points out some of the problems with using public WiFi “hot spots” for your computing. “Hide Your SSID” teaches the step-by-step method to protect your wireless computer from war drivers, hackers who literally drive around looking for private, unsecured wireless networks. With the default SSID setting, Gralla tells us, your wireless laptop or PDA is vulnerable to hosting criminal content (like child pornography) without your knowledge.

An appendix brings the definitions into one convenient place, and lists comon varieties of pests, along with what they do. There’s a substantial Index to make tracking back to a solution simple and easy. And don’t miss sidebars titled “Is Gov. Schwarenegger a Spyware Girly-Man or Terminator?” and “Congress Passes an Anti-Spam Law&#8212Do You Feel Safe Now?”

There is scarcely a page of this book that doesn’t have some informative, enlightening, or downright terrifying information to offer. I recommend it highly.

Powered by

About DrPat

  • http://victorplenty.blogspot.com Victor Plenty

    Excellent review, DrPat. One thing, though. Does the author mention the increasingly frequent problem of unsecured home computers being taken over by hostile programs and turned into “zombies” which are then used to send out more spam and viruses?

    These captured home computers can also be assembled into vast zombie armies which can take down large commercial sites using a “distributed denial of service” (DDOS) attack. Hundreds, and sometimes even thousands of zombie computers barrage the target site with repeated requests for information, overloading the servers and shutting down the site. Even a site as huge as Google can be significantly slowed by such an attack.

    After gaining control of a zombie army, malicious software authors often use the mere threat of a DDOS to extort protection money from commercial web sites. We would all be wise to cut down on their power to do this, by better securing our own computers so they don’t turn into zombies.

  • http://paperfrigate.blogspot.com DrPat

    The author warns of this “zombie swarm” scenario in dicussing bots, and the damage they can do.

    Since the book is aimed at the average home-computer user rather than the corporate IT guy, Gralla approaches this more from the consequences to the user of hosting a bot. So DDOS attacks are not discussed specifically. Instead, Gralla notes that hosting a bot means you may experience a drastic slowdown, and get lots of “unable to deliver” eMail notices — and that the bot may lie dormant while its controller seeks payment to activate it.

  • http://url.nl anonymous

    First of, look at the definition of wardriving.

    Wardriving does NOT involve connecting to any networks. Connecting to networks without permission is a flelony in the united states.

  • http://paperfrigate.blogspot.com DrPat

    Yes, although the majority of wardrivers do not access (connect to) the local WiFi networks they find, hackers do use wardriving techniques and tools to connect illegally to networks.

    Wikipedia (your link) even notes:

    The legality of wardriving in the U.S. is not clearly defined. There has never been any conviction for wardriving, and there is the untested argument that the 802.11 and DHCP protocols operate on behalf of the owner giving consent to use the network, but not if the user has other reason to know that there is no consent. [Emphasis mine.]

    Also:

    Some argue that those who set up access points without adding security measures are offering their connection, sometimes unintentionally, to the community. Others argue that this reasoning is akin to stating that people who leave their doors unlocked are asking people to take what they like.

    What Gralla has suggested is that computer users ought to lock their doors, lest the “innocent wardriver” who reads their access info turn out to be a thief.