Terry Bollinger online resources
Email me at terry at terrybollinger dot com,
or if work-related, terry at mitre dot org

Disclaimer: I am speaking only for myself for anything that I say on this web site.

Terry Bollinger hereby releases all of the HTML text on this web site into the pubic domain with one restriction:
If you sell the text as part of a money-making endeavor, you must indicate that it was authored by Terry Bollinger.
For government and all forms of non-profit use, attribution of authorship is greatly appreciated, but not required.
Please note that the above release of rights does not apply to downloadable documents with separate copyrights.
Please check the internal copyrights of such documents to determine what rights apply to them.

Last updated on 2007-04-02

For Free and Open Source Software (FOSS) resources, click here.

Having trouble with your Windows PC or laptop? Here are some downloads that can help:
1. Mozilla Firefox browser (plus Adobe's Macromedia FlashPlayer) for safer browsing.
2. ToniSoft EasyCleaner cleans out dangerous hidden surprises in Temporary Internet Files.
3. Trend Micro's CWShredder removes troublesome CWS malware. If it finds CWS, you should
    also deinstall Microsoft Java and replace it with Sun Java to help prevent new infections.
4. Sygate Personal Firewall is excellent and free. Alas, Symantec bought it and discontinued it.
5. SpywareBlaster closes down lots of holes, and only needs to be run occasionally.
6. Microsoft's Windows Defender (not for 98 or ME) is free, but expect an ownership check.
7. Webroot Spy Sweeper has a trial version that is great for initial cleanup, and for purchase.
8. Spybot Search & Destroy was one of the first spyware detectors. It is very good and free.
9. Lavasoft Ad-Aware is an outstanding spyware detector, and is free for home use.
10. Belarc Advisor tells you how good your updates have really been. Always update!
11. Sysinternals RootkitRevealer (experts only!) helps identify NT/2000/XP/2003 rootkits.
(Or: If you want everything at once and don't mind somewhat older versions, go here.)

Some Q&A about the above applications:

Q1: Why do you suggest multiple spyware scanners? Isn't one good scanner enough?
A1: You cannot remove all spyware by using just one scanner. Each scanner finds different
       types of dangerous and not-so-dangerous spyware. More importantly, any one malware
       scanner can be targeted specifically by malware to make it ineffective. Hitting such malware
       from multiple directions with a variety of tools thus provides better overall protection.

Q2: How good is Microsoft Defender?
A2: Microsoft Defender was previously called Microsoft AntiSpyware, which in turn was based
       on an very good small-company product called GIANT AntiSpyware. Towards the end of
       the Microsoft AntiSpyware name, the product had fallen noticeably behind all the other
       detectors listed here. I have heard that Defender is an improvement. I only run Defender
       after the other tools listed here, and those provide sufficiently good coverage that so far
       I have not picked up anything major using Defender. Also, please be fully aware that like
       many Microsoft downloads these days, you will be asked to let a scanner program look
       over all of your hardware and software before the Microsoft site lets you download the
       Defender product. That usually works fine unless you have done major surgery on your
       computer, such as replacing the motherboard. If you fall into that category, please be aware
       if you should fail the prerequisite download scan, your will system will be permanently
       banned from receiving critically important security patches from Microsoft. Reinstalling
       Windows from disks can fix this, but unfortunately, most off-the-shelf Windows systems
       no longer include full installation disks. So: Some caution, please, if you are one of those
       who likes to do major hardware upgrades on Windows systems.

Q3: How important is the firewall?
A3: After a good initial cleaning, your next most important security task is to set up a solid
       firewall. Not putting up a good firewall after a thorough cleaning is like tossing out known
       criminals from your premises, then not bothering to put up any doors or walls to keep them
       from returning the first time your turn your back. My favorite firewall was Sygate Pro. Alas,
       in November 2005 Symantec bought Sygate Pro and -- sigh -- immediately discontinued it.
       (My thanks to S.K. for noticing that event.) What is particularly distressing I am not aware
       of any comparison that ranks the Symantec firewall product as highly as Sygate Pro. My
       own experiences back it 2004 tended to confirm that, since at that time the number of
       successful break-ins I saw dropped dramatically when I switched from Symantec's firewall
       to the Sygate Pro. The free home version of Sygate is still readily available and quite good,
       but it is not a powerful as the Pro version was. I am now testing others such as Armor2net.

Q4: Is running a good software firewall enough?
A4: No. While a software firewall is vital, it is not sufficient by itself to protect your computer.
       You will also need hardware-level assistance to help isolate your system better from the
       Internet. That it not all that difficult for most users, since if you have computers at home
       that talk to each other and share a single Internet connection, you probably already have
       the kind of hardware isolation needed. It is called a router -- more specifically, a Network
       Address Translator, or NAT router. A router helps protect your computer by functioning
       like a one-way mirror, one that keeps unknown Internet denizens from seeing your home
       systems unless you specifically request request information from them first. (Obviously,
       if you fall for a fake-email phishing scam and make just such a request, all bets are off.
       That is a large part of why phishing is becoming both more common and more tricky.)
       Many of the new generations of cable modems, DSL modems, and wireless access
       points have routers built in, so it is possible that you already have what you need. If you
       are absolutely sure you don't already have a router between your computers and the
       Internet, you should consider buying a stand-alone router even if you only have one PC.

Q5: I have a router and firewall... and teenage kids. Should I be worried?
A5: Yes! The average teenager these days attracts malware like a magnet attracts nails.
        Worse, once malware gets into your home network, the hidden-from-the-Internet kind
        of protection that your router hardware was providing simply evaporated. After all, it
        does not do much good to hid in a bank vault if the robber is already in there with you.
        One solution for network-savvy users is to add a second "cascaded" router to isolate
        your computer from the rest of your home network in much the same way that the first
        router hides you from the Internet. Setting up cascading routers can tricky, though, so
        don't try this strategy unless you are already familiar with how to set up such networks.

Q6: I have a wireless system that worked right out of the box. Should I be worried?
A6: Yes! The default settings for the average wireless system are nothing less than appalling
        from the viewpoint of keeping malware and attackers out of your system. At the very
        least, shut off the feature that broadcasts your network name. Instead, create a network
        name that is more like a long password -- cryptic and non-intuitive -- and hand-code it
        into your wireless access point and your computers. Enable encryption so that you are
        not broadcasting everything in the clear, preferably using the highest level available on
        your systems and access point (AES is good). Finally, use MAC filters to tell your
        wireless access point to allow only your computers to use it. You can still be broken
        into if someone spoofs (fakes) your MAC address, but at least you will make it a lot
        harder for them to get even to that point.

Q7: Should I run lots of security applications (and other applications) all the time?
A7: No. In fact, in general it's a really good idea to keep your execution "footprint" -- that
        is, the number of applications in memory and running at the same time -- down to the
        the smallest size possible. Why? Because every application that you run continuously
        represents another set of potential holes by which spyware and other forms of malware
        can potentially get in. Such attacks can be very worrisome, since no amount of updating
        your Windows operating system software can protect you from a really bad whole in a
        major application. Since security applications usually run in a privileged mode, they
        can actually become significant security risks in their own right when malware users
        know how to target them.

Q8: What are rootkits, and what can I do about them?
A8: Rootkits -- or, more specifically, malware applications  written using rootkits -- are
        forms of malware that undercut the most basic features of your operating system,
        such as the ability to see a file or write a certain word to the screen. They can be
        very nasty, and can irreversibly damage your operating system. A triad (my own
        term for a type of malware configuration I first encountered back in 2004) is an
        especially dangerous combination of three forms of malware: a keylogger that
        records everything you type, a remote terminal application that allows a remote
        user to access your computer as if your computer were his own, and a rootkit
        application programmed specifically to hide itself and the other two members of
        the triad from ordinary forms of inspection, including from spyware checkers. My
        first name for these hard-to-detect triads was shivas. The methods I describe
        here are intended to give ordinary users a fighting chance at detecting and
        removing triads, mostly by attacking them repeatedly from many different angles
        until something breaks and they become visible to removal tools.

Now on to other stuff...

Physics of Security: "On the Impossibility of Keeping Out Eavesdroppers Using Only Classical Physics," T. Bollinger, 23 Jan 2006
"How to Secure Windows PCs and Laptops" (or as PDF). An article for military software developers from the June 2005 issue of CrossTalk - The Journal of Defense Software Engineering.
Not sure if a spyware removal tool is legitimate? Check out this outstanding tracking site: Spyware Warrior at http://spywarewarrior.com/
Download this all-you-need spyware removal kit
 Spyware removal procedure
 Spyware FAQ
Shivas: The enemy within... your own scanners
 How to find a good firewall IEEE Software essay on Spyware
Essay: Why spyware is replacing viruses
 A dangerous duo: hacking and spyware

Software engineering links, papers, and resources:
Persistent Software Attributes (in IEEE Software)

Spyware FAQ
How bad is spyware? Almost certainly worse than you imagined. If you are reading this at home or from a small business, there is a surprisingly good chance someone is tracking everything you are doing, even if you use virus and spyware checkers. For Windows users with small business accounts, delicate negotiations, large financial transfers, trade secrets, patent research, or official-use-only government documents, the risks of such hidden spyware cannot easily be understated. This FAQ explains what spyware is and why it is so easy to underestimate the extent of this threat.

How to Remove Spyware From Windows Systems
A distressingly common strategy I've seen on home and small business PCs and laptops is the use of triads of hardcore spyware that work together as a team. A keylogger captures everything you type, including passwords; a remote access terminal gives a remote user the ability to take over your system at anytime; and finally, a custom designed rootkit application hides both itself and the other two members of the triad from ordinary forms of detection. Triads, which I also call shivas in earlier versions of these pages, also have a nasty habit of taking over and using your own virus and spyware checkers to fool users with bogus reports on whether any spyware is present. The main purpose of this detailed spyware removal procedure is to give ordinary home and small business users a fighting chance of catching and removing triads. It will simultaneously do a far more thorough job than any one spyware tool of removing the more mundane forms of spyware that typically bog down computers. You should be comfortable with installing and deinstalling your own software before attempting this procedure. Additionally, some familiarity with how Windows works and how to fix problems in it can be very helpful. For an earlier, easier-to-read version of this procedure, you might want to try Warren Harrison's "From the Editor" essay in the Nov/Dec 2004 issue of IEEE Software: http://www.computer.org/SOFTWARE/homepage/2004/nov-dec/eic.htm.

Spyware Removal Kit
Go here to download all or part of the anti-spyware tools needed for the spyware removal procedure.

Persistent Software Attributes: Building Software to Endure
How well do vital software properties such as security and maintainability endure in a world in which software is globally networked and constantly changing? The answer at present: Not very well. This special issue of IEEE Software, which includes articles by such software engineering luminaries as Dr Vic Basili of the University of Maryland, explores the premise that we must start building software differently to make it endure. A list of the magazine contents and several free articles can be found at http://www.computer.org/software/ until Jan 2005, and at http://csdl.computer.org/comp/mags/so/2004/06/s6toc.htm after January 2005.

Open Source Software resources


DoD Open Technology Development (OTD) Roadmap (by J.C. Herz, Mark Lucas, & John Scott, April 2006)
TTCP JSA: Security Implications of Using FOSS in Military Applications  (Apr 2005 in Ottawa, Canada)
Use of FOSS in the U.S. DoD (Jan 2003) Economics of Open Source Software (how FOSS is like a rural electric cooperative)
Official U.S. DoD Open Source Policy (Stenbit memo)
 Book Review: Succeeding with Open Source by Bernard Golden

Ever wonder what folks at the U.S. Department of Defense think about all those wild and woolly folks who write open source software? It's probably not what you thought. Check out the first report below if you would like to know more.

Also, have you ever thought it odd that open source developers "give away" all that software work for free? Take a look at the second report to understand what's really going on. The economic incentives for sharing code are actually surprisingly similar to the ones that led to the development of rural electric cooperatives back in the early 1900s.

Other resource below include where to find a book on how to assess the maturity of an open source development effort and its products, the relationship of open source to security, and a DoD policy memo on selection of open source and other private sector forms of software.

A.1 Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense
Author: Terry Bollinger
Version: v1.2.04
Date: January 2, 2003
Document: a. Web Pages for immediate browsing
b. PDF (1.5 MB) for download, viewing, and printing (no hyperlinks)
c. PDF (4.1 MB) for download and later browsing (fully hyperlinked)
d. Zipped HTML for local browsing or for use in creating derived web sites
e. Zipped Word for creating updated reports or derived documents


A.2 Software Cooperatives: Infrastructure in the Internet Era
Author: Terry Bollinger
Version: v1.1.04
Date: July 5, 2004
Document: a. Web Pages for immediate browsing. Includes table of contents, list of figures, index.
b. PDF (2.3 MB) for download, viewing, and printing (no hyperlinks)


A.3 Book by Bernard Golden: Succeeding with Open Source


A.4 The Software Industry and Economic Security
Author: Terry Bollinger
Version: v1.0
Date: April 27, 2004
Document: a. Web Pages for immediate browsing
b. PDF (0.3 MB) for download, viewing, and printing (no hyperlinks)


A.5 DoD Policy Memo: Open Source Software (OSS) in the Department of Defense
Author: John P. Stenbit
Version: (original memo)
Date: May 28, 2003
Document: a. Web Pages with links to references (best for research)
b. Image (PNG) for viewing original (like PDF, but faster)
c. Text (4 KB) for very fast download and email forwarding
d. PDF (61 KB) for download, viewing, and printing (no hyperlinks)
e. Copy of memo at a DoD site for authentication and research


A.6 DoD Open Techology Development (OTD) Roadmap
Prepared for: Ms. Sue C. Payton, Deputy Under Secretary of Defense,
Advanced Systems & Concepts. Ms. Payton is now
Assistant Secretary of the Air Force for Acquisition.
Prepared by:
 J.C. Herz, Mark Lucas, and John Scott
Version:
 3.1 (Final)
Date:
 April 2006. Cleared by DoD for open publication on June 7, 2006
Document:
 a. PDF (671 KB) from original DoD website