Why is my computer whirring?

I have installed Norton Security and the computer is whirring away continuously like it's about to have a nervous breakdown. It's very annoying. Does it matter? Can I get rid of it?


A home PC will normally spend most of its time idling along, without using much of the processor's power or accessing the hard drive. It shouldn't "whirr away" for very long, unless it's working hard. Unexplained whirring is usually due to excessive use of the central processing unit (CPU), which creates heat and noise, and slows down or even stops any programs that you actually want to run. It's therefore a good idea to find the cause and eliminate it. To do this yourself means delving into Windows' internal processes, but it's useful to know how. You can use the same approach with any program, not just Norton. Otherwise, if this answer seems hard going, skip to the last paragraph.

Of course, you should expect Norton to make heavy demands on your system when it is checking your hard drive for malware, but it shouldn't be doing that while you're around. Recent versions of Norton Internet Security (from about 2009 onwards) are only supposed to kick into action during "system idle time", when your PC is not in use. You can adjust this value in Norton by clicking on CPU usage, so you could try setting a longer time interval, but I wouldn't expect this to solve the problem.

Before we start, however, you should get your PC up-to-date, because you may be trying to solve a problem that has already been fixed. Go to the Windows Update site (there's a link near the top of the Start menu) and make sure you have all the critical updates installed. Next, open Norton, click on Support, and select New Version Check. Install the 2011 version if you don't have it, plus any updates, then run a virus check using the latest signatures. Finally, reboot your PC to see if the whirring has gone away. If not, you'll at least be starting with a fresh system.

To find a CPU hog, download two free tools written by SysInternals: ; Process Explorer and Process Monitor. Microsoft liked SysInternals' tools so much it bought the company, so they are now available from Microsoft's site. Both downloads need to be unzipped but neither needs to be installed: you can run them from anywhere you like. It's a good idea to put copies of them along with HiJackThis, Malwarebytes and other useful tools on a "rescue" USB stick.

Process Explorer does the same job as the Windows Task Manager, but it's more advanced. Run it and it will list all the processes that are running in your PC. Look in the third column under CPU and it will tell you what's hogging the processor. It won't be hard to spot because almost all the other entries will be blank apart from System Idle Process. This should normally be at around 95% to 99%, which is what you want. If Norton is the culprit, it could be a process called ccsvchst.exe. Either way, each process should have an entry in the Company Name column.

In Process Explorer, click on View and then select Columns to bring up a tabbed properties sheet. You should be at the Process Image tab. Put a tick in the box next to the entry for Command Line and click OK. You will now have a column that tells you where to find the code for the malfunctioning process ("C:\Program files\" etc), so you can check its size and date stamp. If you search for the file name online, numerous websites will tell you if your file has the correct size and date, and some will hazard a guess as to whether it's likely to have a virus infection. Some virus writers like to disguise files by giving them the same names as system files, but they may be a different size or in a different directory. Either way, you can upload any file to Symantec or another other anti-virus site to get it checked.

Sometimes you may find two or more processes hogging the CPU. This can happen if two programs are operating at a low level, which is why it's not recommended to run two anti-virus programs at the same time. You might be running a child safety program or other monitoring software that Norton might reasonably suspect is doing malware-type things. You might have a program that kicks in to check mail in the background, and so on. The Microsoft Outlook Connector sometimes used to give Norton problems. See if you can update, reinstall or entirely remove whichever program appears to be causing the problem. This includes Norton.

To log any problem that you have found using Process Explorer, go to the File menu, select Save As, and save the text file (call the first one procexp.exe-01.txt) to your download directory or desktop. If you need to go to an online support forum or have any contact with Norton, it will be much easier to paste in all or part of this file than to try to remember or describe it.

Having found the process that is hogging the processor, you can now run Process Monitor to find out exactly what it's doing. I don't have a copy of Norton, but I did have a similar problem with MsMpEng.exe, which is the "engine" that drives the Microsoft Security Essentials anti-virus program. It was using 50% of my CPU, and might have used more if MSE had not been set to use a maximum of 50%. (The setting is at the bottom under the Settings tab.) I ran Process Monitor (Procmon.exe), then used the drop-down selections to create a filter where "Process Name" is "MsMpEng.exe". This told me what that process was doing.

As it turned out, MsMpEng.exe appeared to be obsessed with the entirely harmless psialog.txt file – the log kept by Secunia's free Personal Software Inspector 2.0. My quick-and-dirty solution was to open MSE, go to Settings, click "Excluded files & locations" and exclude the Secunia directory (C:\Program Files\Secunia) from "real-time protection". MsMpEng.exe's processor use promptly dropped to zero, the fan turned off, and the whirring stopped.

You might not be able to find such a simple solution to your PC's problem. However, you will have enough information to post a smart query on the Norton community support site. It's easier to answer a query that asks why ccsvchst.exe has a conflict with SpyBuddy, or whatever, than "why is my computer whirring?"

Finally, for those who find Process Explorer and Process Monitor induces brain-freeze, there is a simple Softonic program that "does what it says on the tin": What's my computer doing? This provides a continuous read-out of the three or four processes that are actively doing something – which includes accessing the hard drive – without listing the thousands that aren't. Clicking on any process gives you a good read-out of its details, including Known Problems with links to external solutions in, for example, Microsoft support documents. Even people who don't have a PC problem may find the readout of interest.

New computer security threats found

SAN FRANCISCO, Feb. 14 (UPI) -- More than 100 advanced evasion techniques used by hackers have been discovered and researched by Stonesoft, a California network security company.

Stonesoft, which originally reported the discovery of the 23 AETs last October, will detail its findings at this week's RSA information security conference in San Francisco.

"It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue," said Joona Airamo, chief information security officer at Stonesoft. "The discoveries made so far are only the tip of the iceberg."

Stonesoft said that since the discovery of AETs was first reported and confirmed by ICSA Labs, it has continued extensive research in the area and discovered 124 new threats to computer network security.
Stonesoft said that while many vendors claimed to have "fixed" product vulnerabilities disclosed in initial industry advisories, real-life testing in Stonesoft's research lab confirms that AETs are still able to penetrate many of these systems without detection.

In other cases, microscopic changes to an AET -- such as changing byte size and segmentation offset -- allow them to bypass the product's detection capabilities.

While there is no single solution to eliminating the threat of AETs, organizations can mitigate the risks and lessen their vulnerability, Stonesoft said in a news release. One such way is making sure the security devices they use do a proper multi-layer normalization process, working on all relevant protocol layers for each connection.

Centralized management is also critical as it enables constant updates and upgrades to be made deep within a network's security architecture. Unfortunately, fingerprinting and signature-based matching -- typical security responses for the actual exploits -- don't work with the constantly evolving nature of AETs.

Super Bowl cyber crimes: Your weekly ScamWatch

Here is a roundup of alleged cons, frauds and schemes to watch out for.


Super Bowl cyber attacks:
                                            For many people, Super Bowl Sunday is an opportunity to get together with friends, eat some good food and knock back a few cold ones. Computer security experts say it’s also a big day for cyber criminals, who will be targeting the millions of people using their home computers to keep up with the game, visit gambling websites and chat about television advertising. Internet security company PC Tools suggested in a news release that computer users be careful when visiting file-sharing websites that offer links to game or advertisement videos because these links can contain harmful malware. Users should also be sure that they change all passwords frequently and use software to protect their computers from viruses and other threats.

Bakersfield real estate:
                                       Ten people have been indicted on charges that they participated in a long-running mortgage fraud scheme that defrauded lenders out of more than $20 million between 2004 and 2007. The indictment focused on Bakersfield realtors David Marshall Crisp and Carlyle Lee Cole, who owned and operated Crisp & Cole Real Estate. With the help of eight other associates, Crisp and Cole allegedly obtained numerous real estate loans by making false statements about the borrowers’ income, assets, employment and intent to occupy homes they were borrowing against, prosecutors said. The case was investigated by the FBI and Department of Housing and Urban Development.

Tax preparer:
                        A federal judge has issued an order prohibiting the owner of an Upland tax service from preparing returns and other documents for clients. U.S. District Judge Otis D. Wright II issued the order against Guillermo B. Garcia at the request of federal prosecutors, who accused Garcia of making false statements on clients’ returns in order to obtain larger returns than they expected. The U.S. Attorney’s Office alleged that Garcia kept the extra money. Auditors with the Internal Revenue Service said Garcia filed at least 183 fraudulent returns in the past four years, understating the taxes his clients owed by $784,000.

Investment fraud:
                              Three brokers have pleaded guilty to charges that they defrauded investors in private placements by making false statements about how their money would be invested. Arn Wilson, Michael Passaro and Robert Grabowski had been accused of using investor money to enrich themselves, pay excessive, undisclosed fees to brokers and to repay some victims. They raised about $140 million between 1998 and 2006 through their companies, Sky Capital and the Thornwater Co., prosecutors said.

How Digital Rights Management Could Ensure Cloud Security

Yet another survey is indicating that security is a big issue for those intending to take up cloud computing. Network equipment manufacturer Ipswitch asked 1000 of its customers if they planned to invest in cloud technology in 2011.

The good news is that over two thirds of them reportedly said yes. The bad news is that most want either a private cloud setup (29 percent) or a mix of public and private clouds (21 percent).

Nobody entirely agrees what constitutes a private cloud, but there's some agreement that it's a method of offering cloud-like services using dedicated hardware entirely owned or managed by the company itself (or dedicated hardware managed on its behalf).


The whole point of the cloud is that it's supposed to do away with the need and cost of managing hardware, so this doesn't make a lot of sense. But it might be the first step of an evolutionary process for companies that will eventually embrace cloud computing in its purest form.

Encryption is one answer to cloud security worries. If a file is encrypted with 256-bit AES protection, for example, it doesn't matter if it ends up in the wrong hands because nobody will be able to decrypt it without the correct key. However, finding a system where file encryption can be used in a way that is transparent to users is a goal that arguably hasn't yet been met.

However, there might be a solution, and it's been around for years: Digital Rights Management (DRM).
Nobody likes DRM because when applied to movies, music and games, it creates a "them and us" situation: Rights holders impose unfair restrictions on end users, and there's a lack of trust between both parties.

However, I can't see any issues with a democratic DRM system, where everybody working for a particular company automatically enforces DRM on documents, and a certificate file needs to be installed on any computer or mobile device that requests to open or edit the file. We could call this Document DRM, or "DDRM."

Something similar already exists. Microsoft has been building what it calls Rights Management Services into its operating systems and office suites for years. The problem is that this uses a client-server model to protect files--which is to say, to open a document, a computer needs to be logged into a Microsoft server. No doubt Microsoft would argue that this is the best way of enforcing DRM, but cynics might suggest a client-server model was chosen to lock people into using Microsoft's technology.

What would be better is a simpler, standalone system based on encryption certificate files. If your computer has the correct certificate, then it can open or edit a document. Certificates would expire after, say, one week, meaning that the client computers would need to phone home periodically to refresh their certificates. But they wouldn't need to phone home every single time they accessed a file.

This proposed system isn't perfect. Hackers could steal certificate files and possibly decrypt documents, although certificates would ideally be generated using a specific hardware identifier, such as the computer's CPU serial number, making this more difficult.

But it's very unlikely there will ever be a perfect cloud security solution. Usability needs to be balanced with security, without too many trade-offs in either camp.

Ideally such a DDRM system would work at the file level within operating systems, and not at an application level. That's to say there'd be no need to build it into applications, and that would also mean old applications would be entirely compatible with DDRM. Instead, the operating system would take care of encryption, decryption and certificate management. The user would be largely unaware.

 DDRM should also need to be an open standard that anybody could implement on any operating system--proprietary or open source, mobile or desktop. Both Apple and Google claim to fully support open standards, and could easily build it into their iOS and Android mobile operating systems. Microsoft might be reluctant but it wouldn't matter if they didn't play ball; a file system driver would be all that's needed to implement DDRM. Files protected with DDRM could have an extra file attribute, or perhaps even something as simple as a different file extension (.docd rather than just .doc for a Word document, for example).

Sadly, it already might be too late for such a system. Assuming a company like Google took the initiative--which would require the audacity of such a giant--it would take a year or two to outline a system everybody was happy with, and then even longer for it to be incorporated into operating systems. By that point mobile operating systems will be fully mature, and adding in DDRM would be a matter of ugly retrofitting. Ideally, such a system should have been dreamed up a few years ago, so it would have become a feature in the nascent wave of mobile operating systems.

Additionally, I wouldn't be surprised if somebody has already thought of a system such as DDRM and patented it. That could create all kinds of problems and expenses.

So for the moment DDRM will have to remain a thought exercise, although a curious one that perhaps deserves more attention.

What Security Technology Will Be Hot at RSA 2011?

The annual RSA Conference, now in its 20th year, will be rocking this month as the security industry gathers in the weeklong extravaganza of product introductions and security experts arguing cloud and mobile computing security issues.


Industry executives stepping into the limelight at the show will include Scott Charney, Microsoft's corporate vice president for trustworthy computing. Charney will be posing the idea of a "collective defense for Internet health" that might involve a new type of computer check-up to detect botnet or other malware code, and what might be social and political implications. The Pentagon's deputy secretary of defense, William Lynn, is expected to speak about the Defense Department's cybersecurity strategy - and ask for assistance from industry to develop technologies against adversaries trying to get into sensitive networks.

Other keynote speakers will be Enrique Salem, president and CEO of Symantec; Bill Veghte, executive vice president, software and solutions, enterprise business at HP, expected to discuss what HP will be doing to innovate with its recent acquisitions of ArcSight and Fortify; and Tom Gillis, Cisco's vice president and general manager, security technology business unit, likely to discuss Cisco's security strategies in mobile and cloud computing.

MUCH MORE ON RSA: From cloud and mobile security to encryption, security concerns abound as RSA turns 20

But far from the hoopla, the RSA Conference - which began two decades ago as a modest gathering of cryptography experts invited to a conference of their peers organized by what was RSA Data Security (now part of EMC) - still remains a place to explore some of the latest thinking about public- and private-key encryption.

And this year a good place to start would be at the Oasis KMIP Interoperability Demonstration, where members of the industry group Organization for the Advancement of Structured Information Standards (OASIS) will be demonstrating secure communication of key-management information across vendor product boundaries using products based on the OASIS Key Management Interoperability Protocol v. 1.0.

KMIP is an industry specification developed by OASIS participants, including IBM, HP, EMC/RSA and nCipher (acquired by Thales), among others, for policy-based centralized control over "cryptographic material, public/private keys, certificates, all kinds of materials with cryptographic keys that need to be managed," says Robert Haas, manager of storage systems research at IBM's Zurich Research Lab.

Managing encryption keys, wherever used in storage and database systems, servers and hosts, or elsewhere, has always been hugely difficult - and the complexity has sometimes been called "the Achilles' heel of cryptography," Haas adds.

The KMIP v. 1.0 specification appears to be the best shot so far to create a standard for multivendor interoperability in key management, Haas points out. The demonstration at the RSA Conference will show how it's possible to do tasks such as generate keys, locate existing keys, and retrieve, register and delete keys across vendor client/server boundaries using products from SafeNet, Emulex, RSA/EMC, Cryptsoft, IBM, HP and High Density Devices.

The topic of interoperability in highly sensitive security environments will be taken up by Michael Denning, general manager, security customer solutions unit at CA Technologies, who will host a panel discussion with executive directors from Raytheon, EADS, and Northrop Grumman. The focus will be on use of data-sharing technologies developed by the Transglobal Secure Collaboration Program, the group of corporate and government participants fostering secure means to share sensitive information in the aerospace and defense organizations across international boundaries.

INDUSTRY TALK: What is an 'Advanced Persistent Threat,' anyway?

 

Meanwhile, a number of announcements related to mobile data security, next-generation firewalls and intrusion detection and prevention are expected, including what is said to be the first commercial implementation of the Suricata specification fostered by the Open Information Security Foundation, regarded as a competitor to open-source Snort, which is shepherded by Sourcefire.
Specifically under the OISF banner, the ThreatMeter 10 Gbps IDS/IPS appliance from nPulse will be showcased, based on rule-sets from company Emerging Threats as well as supporting technology from Napatech.

Other product demonstrations will include a joint demonstration of how the Tufin SecureTrack firewall-management audit and compliance product for the first time will support a next-generation firewall, in this case the NGFW line from Palo Alto Networks. This means that using the Tufin firewall-management tool could make it easier to migrate from a traditional port-based firewall to a next-generation firewall such as Palo Alto's, that can work based on application-level controls. Palo Alto and Tufin will be demonstrating how this works at both their booths at the show. CA Technologies will be showing how its SiteMinder Web-access control product gains expanded and advanced security authentication through integration with security-policy enforcement technology from Arcot, a company it acquired late last year.

Read more about wide area network in Network World's Wide Area Network section.

For more information about enterprise networking, go to NetworkWorld. Story copyright 2010 Network World Inc. All rights reserved.

Facebook HTTPS: False sense of security?

The rollout of Facebook's new Hypertext Transfer Protocol Secure encryption is about complete. (Elinor Mills described the feature in a post on her InSecurity Complex blog last week.) While encryption is a welcome addition to the social network, it is far from a Facebook security panacea.

To enable encryption in Facebook, click Account in the top-right corner and choose Account Settings. Select Change next to Account Security to view your current settings. Check the option under Security Browsing (https). You may also want to check "Send me an email" under "When a new computer or mobile device logs into this account" to be alerted to possible unauthorized access to your account.

 

Enable Facebook's encryption setting via the Account Security option on your Account Settings page.

(Credit: screenshot by Dennis O'Reilly/CNET)
 
It's great that Facebook is taking steps to protect its customers from scammers and ID thieves, but there's only so much that company or any Web service can do to thwart snoops and malware purveyors. In Facebook's case, the weak link may be games and other applications that remain unencrypted.

Earlier this week Sophos security researcher Graham Cluley wrote in his Naked Security blog about a Facebook flaw discovered by two students. According to Cluley, malware can imitate an app that has been granted permission to access your data and publish to your wall to launch phishing attacks and propagate viruses and Trojans.

The researcher was initially unable to duplicate the attack method because his Facebook security settings were "pretty rigid," but lowering the settings allowed him to gain access to his account via the scam app.
In August 2009 I described how to change the default Facebook security settings to make the service safer. The privacy options have changed somewhat since that time, but the steps for strengthening your Facebook security are about the same. Facebook's own Controlling How You Share page goes into greater detail on the service's security options.

Cluley reports that the students notified Facebook security officials of the flaw and it has been patched. But as the Sophos researcher points out, a complex system such as Facebook is sure to contain other flaws, some of which may be exploited by bad guys.

Facebook users targeted by phishers

As you might expect, Facebook's success has made it a favorite target of Internet scammers. Security vendor Panda Security recently reported on two new malware attacks that attempt to trick Facebook users into opening a bogus e-mail attachment and click a link in an instant message, respectively.

The e-mail warns users that their Facebook account is being used to send spam and their password has been changed. They are instructed to open the message's attachment, which includes a Microsoft Word icon, to find their new password and then to log in and change the password. The attachment opens Word to make users think it's legitimate, but it also opens all their system's ports and connects to mail services in an attempt to send spam, according to PandaLabs researchers.

The link in the fake IM downloads a worm that takes over the person's Facebook account and locks them out, displaying a message when they try to log in stating that the account has been suspended. To reactivate the account, the message instructs them to complete a questionnaire and even promises prizes for doing so.
The questionnaire even asks for the person's cell phone number to receive "data download credits" and a new password to be used to reactivate the account. This breaks several of the cardinal rules of safe computing:

• Don't click links in e-mails or IMs, even if you think you trust the sender. Phishers may have compromised the person's account for use in their nefarious schemes.

• Don't open e-mail attachments you're not expecting without verifying them with the sender beforehand.

• Don't volunteer personal information to any site you don't trust and that doesn't use encryption. Look for "https:" at the start of the URL and the lock icon, either near the address at the top of the screen or in the status bar at the bottom of the screen, depending on your browser.

There will certainly be new, craftier attempts to trick Facebook users into giving thieves and snoops access to their accounts. Protecting against them is every Facebook user's responsibility. It starts by knowing the bad guys are out there waiting for us to drop our guard.

Smartphones raise computer virus risk

Social networking and the explosive growth of mobile computing have created a new layer of risk for companies embracing web technology to boost the bottom line, data security experts said Tuesday.


Nick Galletto, a partner at Deloitte Security and Privacy Services in Toronto, said threats from malicious software are multiplying with the proliferation of mobile computing devices, including the iPhone and BlackBerry.


He said smartphones and tablet PCs are increasingly linked to corporate networks through unsecure connections. And users are often unaware of the need to provide password and encryption protection on phones that may store corporate as well as personal data.


The result is that deliberate breaches, along with careless behavior, are a mounting threat to business operations and individual privacy, he told a Toronto seminar on securing the mobile workforce.


Smartphones are embraced by government and individuals to conduct commerce and share information. But he said corporations, anxious to drive efficiencies and cost-savings from digital technology, “are the main source of data leakage.”


As such, Galletto said smartphones are a conduit for the spread of computer viruses and other malicious code between the mobile gadget and enterprise networks. He said the problem is made more acute by the blurring of the line between business and personal use of mobile digital technology.


“If you bring a smartphone with corporate data home, don’t be surprised if your tech savvy teenager can jailbreak the code,” he said.


And there are also new dangers from social networking sites that encourage users to link to web addresses that may not be secure, he said.


As well, there are the threats posed by the more than 250,000 applications available for mobile download from online stores operated by Apple Inc., Research In Motion Ltd. and others, said Daniel Hoffman, chief mobile security “evangelist” at data security firm Juniper Networks and a speaker at the seminar. He said a smartphone virus in Russia “stole money” by sending unauthorized texts to gain control over a bank account.


Hoffman also said that Google pulled dozens of unauthorized mobile-banking apps from its Android Market, adding that applications not vetted by store employees can secretly infect mobile gadgets with worms, Trojans, spyware, key loggers and other bugs that can disable a device, or even record users’ phone conversations.


And while Apple says it vets applications before they appear in its App Store, it has pulled hundreds of apps it said violated policies dealing with security and privacy.


As well, recent research from computer training firm SANS found that 85 per cent of users were not scanning their mobile devices for malicious programs running on the devices. Of the 15 per cent who were, 18 per cent found mobile malware, higher than the overall infection rate for PCs in North America.


Hoffman said mobile device users need to begin treating the technology like mobile desktop computers; installing anti-virus protection, securing passwords and enabling encryption. But he added that there is nor substitute for common sense.


“I think the biggest threat to the enterprise is not from external sources, but from users with a false sense of security.”

Computer Security: ZoneAlarm (antivirus)

Over the past few years, I build and repair computers from my house and unfortunately I'm sorry to say that most problems begin with the user. Well, maybe the producer, only for the installation of a test of any anti-virus program (usually about three months), then you are no longer able to update from there download server (if you buy there product) be very important in these days, it's anti-virus and spyware removal> Software installed and updated regularly "at least twice a week."


The two most recommended anti-virus programs are
 
Symantec (Norton AntiVirus) MacAfee

"Both versions are different", they can integrate Internet Security and Firewall, and I tried both problems with small problems and conflicts, so not only could I be.

I myself have always been a fan of Norton Antivirus was the extent to which "integrates activation" from there, to be used with ayear subscription for updates there. Then there are more updates after that year.

But there is an alternative to these two, as I used Zone Alarm Pro for many years, from about 1999 while I was searching for a copy of Norton AntiVirus, I came across Zone Alarm Pro with Antivirus, because I Trusted Zone Alarm Pro for so long and trust the program. And with a price difference of $ 20.oo. I decided to prove not only that you have a firewallin which the main program for many years, so, now with anti-virus software. I liked the idea because I really do not like the programs in conflict "that the two are known, but two in a package that makes it very more likely to learn two programs in one package seems to work to choke a lot.

Zone Alarm has offered a free version (with no expiration date) for the firewall program, unfortunately, and maybe ask a display, even in an updateduring

Services and is characterized by a strong anti-virus protection. Firewall network and program. Firewall Operating System (OS FirewallTM). Smart DefenseTM service. E-mail protection. Wireless PC Protection.

The anti-virus Zone Alarm Anti-Virus uses sophisticated logic to identify and remove viruses.
Zone Alarm Anti Virus System Requirements: Windows 2000 Pro / XP. Pentium III 450 MHz or higher. 50 MB free hard disk space. Internetaccess. Minimum system RAM: 64MB (2000 Pro), 128 MB (XP).