Thursday, March 1, 2007

Antivirus Software Ratings Just Make Sense

By George Royal

Since a majority of people use the internet these days, it is wise to ensure that you have high-quality computer security software installed. This provides maximum protection of virus attacks on your computer. The market is filled with various antivirus software, anti spy ware software, and software and hardware firewalls. Since it is almost a parameter of sorts for computer users to use protection against virus, you may want to resort to antivirus software ratings and charts to understand market trends.

An antivirus software rating helps you analyze software that protects your computer from virus threats. These potentially damaging mediums can taint your computer or even make your computer drastically sluggish.

Antivirus software ratings help you understand which investments can protect your files from being damaged. A deeper awareness of the market allows you to realize that installing the right software can prevent damage to your hard drive, eliminate the need to reconfigure and reinstall your hard drive so that you could have things just the way they need to be.

Antivirus software ratings help you differentiate between the effective and dud software, and helps you finalize upon a brand that can work well for you.

When scanning through antivirus software ratings, make sure you read between the walls. This is vital because merely installing antivirus software is not really an absolute solution. Users need to constantly up date as everyday you need to have protection against new and novel anti virus epidemics. Hence users need to find a provider that permits you to upgrade your software programs let you update easily over the internet.

Antivirus software ratings discuss anti virus provider details. As such, you learn about damage causing virus. This includes dialers, spy ware, malware, Trojans, keystroke loggers, tracking cookies, and useless commercial software. Users need to be aware of their irreversible damage causing ability.

At all times, such data or recordings need to be deleted and wiped. This leaves no room for error or compromise. Antivirus software ratings help find a program that can guard your identity against dodgy people, scams, breakdowns and fraudsters.

Antivirus software ratings help compare and evaluate various computer firewalls. This refers to the multiple software programs and/or hardware gadgets that permit only authorised users to access your computer system. Apart from this, they prevent illicit users from gaining admission to your computer through the internet or a network. Whether one should use a software or hardware protection has long been debated. However, there is an established school of thoughts that prefers hardware.

So, in case you do not have such a choice, be happy, and invest in a program that is affordable. Prior to making a final decision, make sure u check all other available options. When you choose to refer to ratings and other measuring tools, make sure you are looking at reliable data. This is important because an incorrect database can cause potential losses, as you would never be able to pick the right stuff. Make sure you gather your information from sources that are genuine.

Security of USB Ports and Flash Drives: Problems and Solutions

By David Hefley

Over the last few years, computers have started shipping with more and more USB connections – it’s that little rectangular plug usually found on the back (and now front and even sides) of your PC, used to connect all sorts of devices to your computer - keyboards, mice, scanners, cameras, MP3 players, and a myriad of others. In fact, it is now impossible to get a computer without one. One of the most popular uses is to connect small thumb drives (also known as pen drives or USB drives) in order to back up, store, and transport data. In such a fashion, these are quickly becoming the de facto replacement for both write-able CD-ROMS and floppy disks. Typically, these are either dedicated storage devices or integrated as part of portable music players (such as the ever popular iPod) and can hold anywhere from 128 megabytes to 80 gigabytes (enough for most companies ENTIRE record set).

What, exactly, is the problem with this? A standard, high-speed, easy to use connection for almost every device sounds like a great advantage for computer users.

Unfortunately, there are some very serious security implications associated with USB and its ease of use. The worst of these deals with letting data get into the wrong hands. There are several ways that someone interested in your data might leverage USB to get your sensitive information and take over your computer resources. Even worse, as these devices grow in capacity, the danger they pose also increases.

The root of the problem stems from the way Microsoft’s Windows® operating system handles plug and play devices (which is what USB devices are). As you may have noticed, whenever you plug anything into a USB port, nine times out of ten, Windows® will automagically recognize and configure that device for use. If it is a USB drive, it even gets a drive letter. If Windows® detects that the device isn’t classified as “removable”, it will automatically run certain files found on that drive. (This is known as auto-run and is enabled by default in Windows®.) While many of the drives on the market today are considered by Windows® as “removable”, certain USB drive vendors actually configure their drives so Windows® detects them as “permanent”, thus making them capable of “auto-running” these files.

Someone trying to get your information could use one of these devices with a specially crafted auto-run program. When it is inserted into a computer, Windows® will happily launch this program without even asking the user and very likely not even letting the user know something is happening.

This approach can be used in several ways to compromise your data and computers. An attacker could come to your location posing as a legitimate customer and manufacture some excuse to be alone with your computer for a few minutes (how many times have you left your computer unattended even for a few minutes to check on something or get a print out on a printer?) while they insert one of the small devices into the computer. Within a few seconds or minutes, hundreds of files could be copied to the USB drive (the new term for this is called “pod slurping”). They then unplug the drive and walk out of your business with data they can sell or otherwise use.

Another scenario involves an attacker at a trade show offering “free” USB drives –a very popular item. They might easily distribute hundreds of these if the convention is large enough. Anytime someone inserts one of these drives, it quickly goes about its job of finding sensitive data and emailing or uploading it someplace on the internet. Even worse, it could be used to install a virus, worms, or other malware onto the computer and allow the attacker to connect to the computer whenever they are ready, potentially by-passing any forms of firewalls, virus scanners, and other security measures.

However, this type of threat isn’t only limited to outside attacks. With the size of these drives and the power of readily available software, a disgruntled employee could easily and very quickly copy thousands of files and walk out the door without raising any suspicions even from the most carefully monitored network (Sound far fetched? There have been several reported cases of this.).

Even worse, the danger might not even be directly the cause of disgruntled employees or malicious attackers. Many people use these devices to keep a copy of their files as they travel or take them home to work on them after-hours. With the capacity and small physical size, a lot of data is kept in a way that can be easily lost or stolen. It’s easy to spot someone running away with your laptop bag, but if they slip the USB drive into a pocket, they become impossible to find. More dangerous is the doubting of theft: was it stolen or did you just happen to lose it? This leads to delayed reporting of the loss and potentially greater damage if it was indeed stolen.

Finally, if an employee does use these drives to take work home, is there any guarantee that the home computer is as well protected as the corporate one? Too many times have there been stories about malware making their way into a corporate setting because someone brought a USB drive from home that was infected. Since Windows® configures these drives on the fly, its possible that the anti-virus program could be by-passed since they may be only set to scan previously existing drives, allowing the virus to gain access to your company network.

So what can you do?

Thankfully, there are quite a few strategies that can help mitigate the risk of USB drives in your environment. Naturally, the strength of your solution will need to be tailored to the sensitivity of your data, the potential for harm, and the potential for attack. A bank will have much different exposure from this threat than would a cash-only craft’s store, although both should take care to protect their customer’s data.

Although it seems everyone jumps to the technical solutions first, one of the best ways to combat this problem is through a strong, well enforced policy regarding USB drives. If possible and applicable, USB drives should be prohibited. This includes everyone (even the IT staff and system administrators who are some of the most likely to want to use them, but also the most likely to go to conferences that offer them as free gifts!). This means anyone seeing a USB drive will know instantly that it shouldn’t be there and can report the incident immediately.

If this isn’t possible, their use should be permitted on a use-by-use basis to employees that have been made aware of the risk. Any drives of unknown origin (from vendors, gifts, etc) should be connected to an isolated machine to be scanned for viruses and wiped clean before use.

Once a good policy has been established, technical measures can be put into place to enforce it. One of the easiest and cheapest of these is to disable the use of USB ports from the BIOS. The BIOS controls many of the hardware settings of your computer and is typically accessed at the very onset of the boot up process – often a black screen with the manufactures logo on it.

Unfortunately, this means that ALL USB devices will be non-operational. With the spreading use of USB, this solution is impractical on newer machines since they don’t allow for traditionally connected keyboards and mice, only USB connected.

That leaves a software solution. Growing awareness of this problem has seen the introduction of software that allows you to control what kind of devices Windows® will allow to be connected and used. For example, keyboards and mice could be o.k., but any type of storage would be denied. Ultimately, this is the most flexible technical solution. Even better, as these products mature, they are allowing for centralized management. This means if John in accounting gets a scanner to digitize receipts, you could authorize its use from anywhere on the network.

Finally, if USB drives are an integral part of your business, and the use outweighs the risk, then all data should be encrypted on them. This keeps data from being readable should the drive get stolen or lost. There are many products out there that make this process simple and mostly transparent, and offer excellent levels of protection.

Three other strategies can also help mitigate the risk of USB drives if their use is a must in your company. These three are not directly related to USB concerns, but are good network security practices in general. First, special care should be taken to ensure that your users only have access to files and information that is commensurate with their job titles – don’t let the new hire have access to the president’s files! Second, don’t let your users run as full administrators of their own workstations – many viruses and Trojans rely on this for successful attacks. And finally, keep customers away from your computers if possible. Keep them behind a counter or out of sight. Using these three strategies help limit the amount of data accessible by hackers or disgruntled employees.

Many organizations have no need to allow these devices on all computers and should take steps to ensure they are not used. Those that do feel a need to use these devices should work on training their users and taking the appropriate actions to protect their data, both on their computers and while on the USB drives.

In fact, each company will likely need to investigate and adopt a blend of these strategies to meet their needs and still protect their data.

USB drives really do offer a vast improvement over floppy disks and CD-ROMs. They are fast, portable, and easily re-writeable, making them ideal for certain applications. Unfortunately, the things that make them so convenient can also make them very dangerous and their use must be tempered with knowledge of that danger and the risks weighed against the benefits.

David Hefley operates Meridian Consulting, an information technology firm based out of Lincoln, NE.

Copyright 2007 David Hefley

Article Source: http://EzineArticles.com/?expert=David_Hefley

The Advancement of the Keylogger

By Carmel Whittle

A keylogger is a program that runs in your computer’s background secretly recording all your keystrokes. Once your keystrokes are logged, they are hidden away for later retrieval by the attacker. The attacker then carefully reviews the information in hopes of finding passwords or other information that would prove useful to them. For example, a keylogger can easily obtain confidential emails and reveal them to any interested outside party willing to pay for the information.

Keyloggers can be either software or hardware based. Software-based keyloggers are easy to distribute and infect, but at the same time are more easily detectable. Hardware-based keyloggers are more complex and harder to detect. For all that you know, your keyboard could have a keylogger chip attached and anything being typed is recorded into a flash memory sitting inside your keyboard. Keyloggers have become one of the most powerful applications used for gathering information in a world where encrypted traffic is becoming more and more common.

As keyloggers become more advanced, the ability to detect them becomes more difficult. They can violate a user’s privacy for months, or even years, without being noticed. During that time frame, a keylogger can collect a lot of information about the user it is monitoring. A keylogger can potential obtain not only passwords and log-in names, but credit card numbers, bank account details, contacts, interests, web browsing habits, and much more. All this collected information can be used to steal user’s personal documents, money, or even their identity.

A keylogger might be as simple as an .exe and a .dll that is placed in a computer and activated upon boot up via an entry in the registry. Or, the more sophisticated keyloggers, such as the Perfect Keylogger or ProBot Activity Monitor have developed a full line of nasty abilities including:

• Undetectable in the process list and invisible in operation

• A kernel keylogger driver that captures keystrokes even when the user is logged off

• A remote deployment wizard

• The ability to create text snapshots of active applications

• The ability to capture http post data (including log-ins/passwords)

• The ability to timestamp record workstation usage

• HTML and text log file export

• Automatic e-mail log file delivery

All keyloggers are not used for illegal purposes. A variety of other uses have surfaced. Keyloggers have been used to monitor web sites visited as a means of parental control over children. They have been actively used to prevent child pornography and avoid children coming in contact with dangerous elements on the web. Additionally, in December, 2001, a federal court ruled that the FBI did not need a special wiretap order to place a keystroke logging device on a suspect’s computer. The judge allowed the FBI to keep details of its key logging device secret (citing national security concerns). The defendant in the case, Nicodemo Scarfo Jr., indicted for gambling and loan-sharking, used encryption to protect a file on his computer. The FBI used the keystroke logging device to capture Scarfo’s password and gain access to the needed file.

Carmel Whittle Internet Safety Advocate For More Information Security News Bulletins

Advancements in Antivirus Software Suites Best of Breed

Article Source: http://EzineArticles.com/?expert=Carmel_Whittle

Online Banking: Tips for Doing It Safely

By Michael Russell Platinum Quality Author

With the increasing popularity of the Internet as a virtual marketplace, consumers and criminals alike have capitalized on this growing community. As a result the issue of Internet security has become one of great importance, especially when it comes to online banking. However, safe banking online is not as difficult as it may seem. It simply involves making the right choices. This article will provide some tips that will help ensure a safe banking experience on the Internet.

First, make sure that the bank you choose is legitimate. If they do not have a branch you can visit locally, then you won't have the convenience of checking them out in person. In such cases, it is advisable to read pertinent information about the bank on its site. Most financial institutions will have an "About Us" tab where you can read more information about the bank and its history. You should even be able to the find name and address for the bank's headquarters along with a toll free number you can use to speak with a live person.

Second, be aware of criminals who put up fraudulent websites under a name or web address similar to that of a credible bank. Unfortunately, theses undesirables have caused some trepidation when it comes to online banking. However, they can be fairly easy to spot and avoid. These sites are designed to trick you into entering their website and providing your personal information (i.e., social security number, account number, password). Be sure you have typed the appropriate web address for your bank before accessing your account online. This can be easily ensured by "book marking" your bank's site or adding it to your "favorites" in your web browser. Doing this virtually guarantees you will visit the correct site in the future.

Third, safeguard your private information. Thieves would love to get a hold of your credit card numbers, banking info, social security number and other private data. Review your bank's security practices. This information is usually available on their website, but you should also be able contact the bank directly if necessary.

A secure online banking site will provide encryption. In this process, private information is scrambled in order to prevent the wrong eyes from seeing it. Some web browsers will show an icon at the bottom of your screen that looks like a key or a lock. This icon indicates that your transaction is secure and your private information has been encrypted.

A secure online bank will also provide a password or PIN (Personal Identification Number). These security measures will be unique to you and, in most cases, you should be able to choose your own. Your password or PIN should be something unique and regularly changed. If you use a birthday, then others could easily guess it. Try to use a combination that is easy for you to remember but unknown to others.

It should be clear that safe online banking is not an impossible task. It simply involves being well informed and making the right decisions. Use the tips mentioned in this article to help secure a safe banking experience on the Internet every time. If you seem to get stuck, then it is always best to contact your bank and discuss your security concerns with them.

Michael Russell

Your Independent guide to Online Banking

Article Source: http://EzineArticles.com/?expert=Michael_Russell

Michael Russell - EzineArticles Expert Author

Internet Identity Theft Prevention

By Rudy Dhondt

You may not realize it, but while you are surfing on the internet it is possible that identity thieves try to capture data from your computer.

Your hard disk may be stuffed with, names, addresses, logins and passwords and even credit card numbers. Every time you connect to the internet you create a certain internet history. Webmasters and online companies store cookies on your computer to make logging in easier for you, but if you are not careful enough this information might also reach the wrong people.

People who are full of eagerness to use your data to their own advantage. There are several ways in which the identity thieves try to capture your data. It all happens when you do not use a secure internet connection. Most of the time they try to install spyware on your computer to collect the personal data and this information is automatically sent back to them.

The data may consist of temporary internet files, such as log ins and passwords, names and addresses, browser history and these can be used to reconstruct your internet behaviour.

What can you do to avoid identity theft?

A good start if you are not yet equipped with an internet security software package is deletion of internet history and the cookies in your browser. These can be set in the internet options of your browser to do the job automatically everyday.

But these are only basic precautions. The best protection is offered by the huge range of internet security packages. A good internet security software protects your computer from identity theft by the means of a firewall, which makes your computer invisible for the internet. This is the most important part of the internet security software.

A webfilter will avoid phishing sites from trying to get into your computer and collect passwords and log ins and even credit card numbers. Phishing sites send emails and act as if they are big companies like eBay or Paypal.

An anti-spam filter may be another addition to the package, but it is up to the user of the software to use it or not. Chances are that important emails end up in the spam folder.

Another way that thieves use to steel your information on the internet is by offering free software. There may be hidden files in the software that settle on your hard disk to collect important data and send these back to the sender as described above, better known as spyware.

And of course your internet security package wil provide a good anti-virus program which should be updated on a regular basis.

Is it wrong to do credit card payments on the internet?

It is not wrong to do credit card transactions on the internet, provided that your computer is equipped with internet security and that you keep an eye on your browser. During secure payments there must be a padlock visible in the right hand corner at the bottom of your browser. This means that the data you type in will be scrambled with code to make it impossible for identity thieves to capture your credit card numbers and security code.

If you apply all of the above given advice you will not have to worry about identity theft and have a good night sleep.

Rudy Dhondt is the webmaster of the website Identity Safety. If you want to learn more about Identity Theft, please visit

http://www.identity-safety.com

Article Source: http://EzineArticles.com/?expert=Rudy_Dhondt