Friday, October 20, 2006

Phishing For Your Identity

Who hasn't received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you've conducted business with in the past. So, you click on the convenient "take me there" link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been "phished".

Phishing (pronounced as "fishing") is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.

It is not at easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company's website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the "From Field" can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information.
A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

Tuesday, October 10, 2006

Get Into the Zone

Malware. An odd sounding word created to lump all malicious software programs, including viruses, worms, trojans, spyware, adware, and other malevolent codes into one cause-your-computer-serious-hurt category.

In 2005, Computer Economics released a report on malware. The good news was that for the first time since 2002, the total worldwide financial losses from malware actually declined to a mere $14.2 billion. The bad news was that the nature of malware was changing from overt threats to more focused, covert attacks. This definitely is not great news for the average computer user just trying to keep up with the hundreds of malware programs that bombard us daily.

It’s not an easy task keeping malware out of your computer system. In order to accomplish this, you need a strong antivirus program. One such program that can deliver the goods is ZoneAlarm Internet Security Suite from Zone Labs. Zone Labs is one of the most trusted brands in Internet Security for good reason. Their product, simply put, kicks serious malware gluteus maximus.

ZoneAlarm has received more review recommendations that any other Internet-security software suite because of its superb firewall and antivirus protection. It blocks pop-up ads, protects against identify theft and provides adequate spam filters that are flexible. It even beats the market leader, Norton Internet Security, which is often criticized for excessive system drag.

Its newest version includes these additional features:

· Triple Defense Firewall to prevent spyware from sending your information across the Internet. It also makes your computer invisible to anyone on the Net.

· Smart Defense Advisor which can automatically adjust your security settings for maximum protection against the latest virus and spyware outbreaks.

· Advanced Identify and Privacy Protection to prevent your personal data from leaving your computer without your approval.

The bonus for the average user who cringes at the idea of setting-up one of these systems is that the interface is easier to understand and use in comparison to most if its competitors. If you choose to venture beyond the out-of-the-box default settings, and install a more elaborate filtering, know that this will require some additional time to set up on your part.

Overall, ZoneAlarm Internet Security Suite is a user-friendly, comprehensive security solution that will have your computer safe from Internet hazards and cyber criminals within minutes of installation.

ZoneAlarm FREE Download



Saturday, October 07, 2006

Spyware And Adware


Spyware is becoming an increasingly prevalent tool that is used by internet marketing companies and others to gather information about computer users' activities on the internet. It is also widely reported that some spyware is also being used to obtain personal information about visitors to the internet in order to facilitate identity theft or worse.

What is it and how did I get it?

In its most basic sense, spyware can be defined as "any software program that aids in gathering information about a person or organization without their knowledge, and can relay this information back to an unauthorized third party." This definition was proposed by a industry trade group and probably enjoys general consensus in the industry. While there are many ways these software programs can be delivered, they usually end up on a user's computer by being surreptitiously downloaded in the background while the user is visiting a participating website. Once the code is inserted into the appropriate places in the user's browser, it can collect information such as passwords, credit card numbers, and social security numbers, or it can monitor and report behavioral information such as the user's favorite websites or internet purchasing habits.

Adware - Spyware's nicer cousin

Spyware is often grouped together with Adware, although there are some significant differences between the two. While the main purpose of spyware is to obtain information about a user, the main purpose of adware is to advertise. Usually, this advertisement is accomplished through pop-up ads, but recently, adware manufacturers have gotten more clever and have figured out ways to, for example, cause the user's browser to display search results determined by the advertisers instead of the search site. While some adware programs may use tactics that are similar to spyware, they claim to do so with the knowledge and consent of the user -- although this claim is often disputed by the user who is sick of pop-up ads. Typically, adware finds its way onto the user's computer by being "bundled" with other applications that the user actually wants. One of the main issues with adware is the fact that the user often does not know that they are downloading the adware code along with the desired application.

Many adware companies currently argue that their software is only downloaded with the consent of the user. What they do not tell you is that consent is often given by way of a long, complex and burdensome notice agreement. The typical user, which practically every computer user has been guilty of this at some point, will instead of reading the entire 40 or 50 page pop-up consent regarding what is being downloaded, will simply click "OK" in order to download the program they want. What they miss by not reading that long notice is that bundled along with the software the user wanted, there is a spyware or adware program.

Tuesday, October 03, 2006

E-Mail Security


HTML E-Mail

Disable HTML for e-mail or choose to view all messages as plain text if your e-mail client has such options - the better ones do; or use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Today's cleverly-coded e-mail worms can execute just by viewing HTML-formatted e-mail.


E-Mail Attachments

  • Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived from a trusted sender.
  • Never open e-mail attachments from strangers.
  • Use encryption software for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard.
  • Never, ever use e-mail to send confidential information such as credit card numbers, bank account numbers, or your Social Security number.
  • Never respond to e-mail asking for confidential information. Any e-mail you receive requesting your credit card numbers, bank account numbers, or Social Security number either via e-mail or a web site link is surely an identity theft or phishing scam.

Friday, September 29, 2006

2006 Security Watch - What is this year going to have in store for us?

There is a lot going on in the information security space. 2006 looks to be an interesting year in these regards. Below are some things to watch for in 2006, some of them are good and, unfortunately, some aren't.


First the good news:

  • We are getting a lot more serious about our security. This has a lot of reasons behind it. For example, new privacy laws are mandating organizations to tighten their security. Look to see more consumer privacy laws passed in the coming year and more tightening of security systems.
  • Authentication requirements are increasing. This is closing in large security holes. Corporations are requiring a great deal more of authentication to get into secure systems (this also is on the bad news side)
  • There is a plethora of sophisticated programs to help us be more secure and they will continue to get better. Competition right now is strong in the security industry sparking a lot of innovation.
  • ISPs are now taking on the responsibility to help us with our security. Take AOL's recent commercials as a good sign that others will follow the trend.

Now the bad news:

  • Securing our networks is costing us. Most companies are globalizing their organizations and making them secure costs a lot of money. It will get worse before it gets better.
  • Authentication requirements are increasing. This is getting claustrophobic. Corporations are requiring a great deal more authentication to get into secure systems (This is also on the good news side) Unfortunately, for the end user, it is one more thing to be unhappy about, not unlike airport security lines.
  • Hackers are getting more sophisticated. For example, Botnets are becoming more complex and harder and harder to catch and stop. Do a search on botnets on the Internet. They really are causing a whole lot of problems, but it does not stop there. The number of viruses and malware out there is staggering.
  • Spammers keep finding more creative ways to fill our email boxes. Don't look for this trend to stop anytime soon.

Tuesday, September 26, 2006

Protect Your Privacy

Cookies

Companies try to personalize web site experiences for their visitors. Some remember your login name and password for your convenience upon subsequent visits. Others offer news, stock quotes, and weather tailored to people's interests and location. This is done with a cookie, a small file created by the site, that collects specific information about your preferences or web browsing activities and stores it on your PC. Allowing all cookies, however, is unacceptable for those who care about privacy.

Tracking networks such as DoubleClick and MSN LinkExchange use cookies to monitor which site you were on when you clicked a particular banner ad and what you did once you got to the advertiser's site. They can put cookies on your PC and then read them across many sites - tracking your surfing habits and building a profile about your preferences.

Though this can be alarming, you are not left without the option to take control of the cookies that are used to invade your privacy. You can completely close this privacy gap as long as you apply basic cookie management techniques. Cookie filters will allow you to accept or deny each cookie upon arrival. Cookie filters can also be instructed to always deny "third-party" cookies - those that do not directly originate from the site you are currently visiting. Third-party cookies are most often used by advertisers and marketers.


Handling Spam

Take advantage of the built-in junk mail filters inside your e-mail client. In addition, configure your own filters to automatically trash or delete incoming e-mail that contains certain keywords. By using a combination of various filters you can noticeably reduce the amount of spam reaching your inbox.

You can set up as many filters as you like in your e-mail client. It is always wise, though, not to automatically delete the filtered mail until you are certain the filter is properly configured. You can always change it later.


ActiveX and Java Class

Never accept and run an "ActiveX Control" or "Java Class" unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. If you are using Internet Explorer, these settings are located under Control Panel - Internet Options - Security - Internet, Custom Level. Mozilla, Opera, and Netscape users are prompted by default.
Install on Demand
Disable "Install on Demand" if you are using Internet Explorer so your browser will be forced to prompt you if additional components are needed in order to display certain content. This setting is located under Control Panel - Internet Options - Advanced.


Use a Personal Firewall

Use a good bi-directional firewall that will monitor all incoming and outgoing traffic and will alert you for access permission if such traffic is detected. It also has the ability to hide your presence from intruders by completely blocking access to the ports that are used for the transfer of information. Select the highest security level for your Internet zone and set all programs to prompt you for access - even those you use frequently. When in doubt, deny access of a program until you know for sure its identity.

It also has the ability to hide your presence from intruders by completely blocking access to the ports that are used for the transfer of information. A firewall plus anti-virus protection are rule number 1 to Internet security. For Windows XP users, be aware that although its Internet Connection Firewall (ICF) will detect inbound traffic, it is useless for detecting outbound traffic - you need a bi-directional firewall - one that will detect both.


Use Anti-Virus software

Use a virus scanner (anti-virus), keep the virus data files current (check for updates at least once a week), enable the "Heuristics" or "Bloodhound" feature (for detection of virus-like activity of yet-to-be discovered viruses), and set it to scan all downloads and e-mail attachments - before they are opened. Let it quarantine and destroy anything suspicious. If it has settings for scanning ActiveX Controls and Java Classes for potentially harmful content, use that too. For even greater protection and a wider range of configuration options, combine the use of a virus scanner with a trojan scanner.
Installing an anti-virus or anti-virus/anti-trojan program on your system is probably the easiest of all security measures you'll find. Upon detection of a virus, the program will move the infected file to a quarantine area for disinfection or removal before it has the opportunity to make contact with you or any other program. Configuration is simple and detection is reliable as long as you keep the virus data files or rulesets up to date (check at least once a week), and apply all updates and program or scan engine patches as they are released.


Trojan Scanners

Trojans, or often referred to as Trojan Horses, are disguised as innocent programs and most often arrive hidden inside e-mail attachments or programs that are downloaded from the Internet. Upon execution, they place sets of instructions in various places then wait silently until you restart your computer to begin their nasty deeds.

Some anti-virus programs will also detect trojans, yet the use of a separate anti-trojan program is a popular and recommended option that provides you with a wider range of configurations and more extensive Trojan Horse protection. These programs are meant to be used in conjunction with your anti-virus program.


Peer-to-Peer Security

Be extremely careful when using any P2P (peer-to-peer) network service like Kazaa, Gnutella for sharing/swapping files across the Internet. Be sure you are not exposing any drive folder other than the one designated for access by these services, and keep your virus scanner active at all times.


Instant Messenger Security

Secure your IMs (Instant Messengers). It is wise to use an IM encryption utility to secure your AIM, ICQ, MSN, or Yahoo! Messages, but be aware that the encryption will only be effective if the utility is used on both ends.

Disable file transfers in IM programs, as this feature, if configured incorrectly, can enable the sharing of more than you intend. AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, use e-mail to verify that the request is legitimate.


Protect Your Registry

Use a registry guard to protect your registry, startup directories, and startup files from malicious programs. Incoming Trojans can go undetected. They will place a specific set of instructions in the registry or other system files and will activate the next time you shutdown/restart your computer. A registry guard will alert you before the damage is done. It is also a useful tool for alerting you of changes when installing new software.

Saturday, September 23, 2006

Home Computer Security

A personal computer connected to the Internet without a firewall can be hijacked in just a few minutes by automated hacker ''Bots''. The only way to make your computer 100% secure is to turn it off or disconnect it from the Internet. The real issue is how to make your computer 99% secure when it is connected. Not having protection is like leaving your car running with the doors unlocked and the keys in it which a thief might interpret as "please steal me". Stated another way, when was the last time you handed a stranger your wallet and encouraged them to take your social security card, drivers license, cash and credit cards? Locking a car, using a "club" or installing a security system makes stealing a car more difficult. Internet security and privacy products provide adequate protection by making it difficult for "outlaws" to find and take control of your computer.

A layered approach is best to protect your security and privacy:

  • Use personal firewall, anti-spyware, anti-virus, anti-Trojan, anti-spam, anti-phishing, and privacy software on your desktop computer.
  • Update and tighten Windows before installing new security software.
  • To avoid conflicts, do not use two software firewalls or two anti-virus products at the same time. Completely uninstall one before installing another.
  • After installing any security software, immediately check for updates at the vendor's website.


Friday, September 22, 2006

Spyware: What It Is

What is Spyware?

Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users.

Do I have Spyware on my machine?

If you've ever gone on the internet with your computer, mostly YES, you have spyware on your machine. You can get it by installing certain software or just by surfing the internet.

Why is it called "Spyware"?

While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mothership". While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about you and your surfing habits to a remote location.....

Are all Adware products "Spyware"?

No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system. These products are not indexed in our database. Adware isn't necessarily spyware. Registered shareware without ads may be spyware. Purchased out-of-the-box software may contain adware and may also be spyware. Updates may change a previously ad-free version into an adware product. All this makes for a confusing mess and users need to be on guard when installing any type of software.

Is Spyware illegal?

Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background.

The Bottom Line:

Avoid adware. If you're broke and can't buy a clean shareware product, find an ad-free, non-spying equivalent of the program you need. Avoid spyware at all costs. Install a firewall and pay attention to what is asking for permission to connect online.

Quick List for Virus Protection

  1. Don't open email from someone you don't know.
  2. Don't open unexpected email from someone you know that has an attachment and a subject that seems strange to you.
  3. Make sure your virus protection is up to date
  4. Make sure your software is up to date
  5. If in doubt call technical support
  6. Keep updated on the latest threats:

Thursday, September 21, 2006

What are the symptoms of spyware

Spyware can affect a PC or network in various ways. Here is a list of common symptoms to help you decide whether or not you have spyware installed on your machine.

For Consumers

  • Slower PC Performance. One of spyware's many effects is the significant slowdown of the performance of your PC. Your computer may seem sluggish, take longer to start when you turn it on, or take longer to get to the Internet. For example, a computer with as little as two adware applications could take more than 14 minutes to boot.
  • New Toolbars. Certain types of spyware such as hijackers can add new toolbars to your Internet Explorer that you did not knowingly install.
  • New Desktop Shortcuts. Some spyware may add new shortcuts on your desktop.
  • New Default Homepage. Browser hijackers change your default homepage to a different default homepage. Some homepage hijackers may prevent you from changing your browser's homepage back to its original default or prohibit you from visiting certain websites.
  • New Search Results. Hijackers can also change the results of a web search and point you to designated websites that you did not request in your search.
  • New Error Pages. Error hijackers will display a new error page when a requested url is not found. Excessive Full-Page and Pop-Up Ads: Adware can inundate your computer with targeted ads based on web surfing habits that have been tracked. Adware can slow down your PC to a crawl.

For the Enterprise

All of the above and the following:

  • Slow Network Performance. Spyware robs your network of speed and Internet access efficiency. For example, a computer with as little as two adware applications could take more than 14 minutes to boot. This can significantly affect employee productivity.
  • Congested Network Traffic. Spyware transmits and receives information across a network causing significant overhead and therefore bandwidth waste.
  • Modified or Deleted Files. If you notice that files have been modified or deleted for an unknown reason, this could be the result of spyware.
  • Lost Control of PC. Certain types of spyware such as RATs can take control of a PC or an entire network.

Monday, September 18, 2006

Securing Your Computer System

Today, more and more people are using their computers for everything from communication to online banking and investing to shopping. As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Below are a few easy, cost-effective steps you can take to make your computer more secure.
  1. Always make backups of important information and store in a safe place separate from your computer.
  2. Update and patch your operating system, web browser and software frequently. If you have a Windows operating system, start by going to www.windowsupdate.microsoft.com and running the update wizard. This program will help you find the latest patches for your Windows computer. Also go to www.officeupdate.microsoft.com to locate possible patches for your Office programs.
  3. Install a firewall. Without a good firewall, viruses, worms, Trojans, malware and adware can all easily access your computer from the Internet. Consideration should be given to the benefits and differences between hardware and software based firewall programs.
  4. Review your browser and email settings for optimum security. Why should you do this? Active-X and JavaScript are often used by hackers to plant malicious programs into your computers. While cookies are relatively harmless in terms of security concerns, they do still track your movements on the Internet to build a profile of you. At a minimum set your security setting for the "internet zone" to High, and your "trusted sites zone" to Medium Low.
  5. Install antivirus software and set for automatic updates so that you receive the most current versions.
  6. Do not open unknown email attachments. It is simply not enough that you may recognize the address from which it originates because many viruses can spread from a familiar address.
  7. Do not run programs from unknown origins. Also, do not send these types of programs to friends and coworkers because they contain funny or amusing stories or jokes. They may contain a Trojans horse waiting to infect a computer.
  8. Disable hidden filename extensions. By default, the Windows operating system is set to "hide file extensions for known file types". Disable this option so that file extensions display in Windows. Some file extensions will, by default, continue to remain hidden, but you are more likely to see any unusual file extensions that do not belong.
  9. Turn off your computer and disconnect from the network when not using the computer. A hacker can not attack your computer when you are disconnected from the network or the computer is off.
  10. Consider making a boot disk on a floppy disk in case your computer is damaged or compromised by a malicious program. Obviously, you need to take this step before you experience a hostile breach of your system.