PC Security World

Google Thumbnail previews Search enhancement

2010-11-07T10:57:00.001-08:00

I was surprised to see a thumbnail previews of websites in my Google search results this morning. It's worth sharing that Google has added one more nice search enhancement after Instant. Google users will now be able to see a larger thumbnail preview of pages they're going to visit beforehand in the right hand side. They can then decide right there whether to visit the page or not. Needless to mention, Bing has been having somewhat similar feature right from the start. See how a query on PC Security keyword shows up in results now. This may not go favorably for Google sponsored results since the thumbnail may overshadow sponsored results of the right hand side completely. I'm not sure if sponsored results will also get thumbnail previews. Last checked, they were not displaying any for such results.

How to secure firefox for safer browsing

2010-10-17T12:48:00.001-07:00

We all are accustomed to using firefox. But, have you been giving any thoughts to browsing safely using firefox. Just keeping it updated will not secure your browsing. To achieve a good degree of pc security, you need to know how to secure your brower. This is not going to be a comprehensive post about firefox, I'm sure a lot would be left unsaid, still, I'll help cover the basics. Using the points described, you'll be able to secure your firefox to a good extent. Let's go...

Things to notice

The default firefox installation. There are few things to tweak right in the default firefox installation. Like, if you have been storing a lot of passwords, it is a good idea to set a master password to prevent other users from accessing your passwords easily. The other users could be your friends, officemates, brother or anyone else you'd not like to disclose your passwords.

Other things to take note of are history, cookies and saved form information. Firefox by default saves form information and history and cookies also (sadly you can't eat these cookies, they're just for the browser to relish!). If you feel the need, you can delete your browsing tracks, cookies and other information from Tools -> clear recent history. This comes very handy if you're using a friends' computer or accessing internet from outside in an internet cafe etc. Although if you're continuously using internet from a machine other than users, I will strongly suggest you activate the built in 'Private browsing' mode from Tools menu.

Firefox with addtional addons for security and privacy

Now, lets put some addons to increase our pc security and privacy.

Prefbar Let's start with Pref bar which comes very handy when you have to change firefox settings on the fly. This is the one I always install with my installation of firefox. With pref bar, you get the power to control and change firefox options on the fly. You can disable or enable popups, cookies, referer, fonts, colors, javascript, java, images, flash and a lot more. Do not miss this. While browsing, just make sure you avoid java, flash unless absolutely necessary. You could also try turning referer unchecked for a little more security. Although, you'd be needing it on some sites.

NoScript - Next comes noscript which has been around for years and one of the main addons for safer browsing. As the developer says, The best security you can get in a web browser!
It'll allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. You can enable and disable script on per site basis with this. That means you can selectively allow which sites can run scripts. The other ones could then be blacklisted.

Adblock plus - Looking to block adds and those nasty popup and popups and all types of flash and stupid image banners that you don't like seeing. Adblock comes to the rescue.
A very handy and effective tool to block advertisements and other online nuisances. Install Adblock Plus now to regain control of the internet and change the way that you view the web. The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains. Although it has been found to leave some trail as some sites are found to be identifying that adblock is installed on the browser and request users to switch it off before allowing access.

Needless to say, with a very little effort by installing above addons and modifying firefox settings a little, you'll be able to attain a good level of browsing security. And, safer browsing means better pc security.

Ccleaner Enhancer for Ccleaner makes PC cleaning even better

2010-10-15T13:30:00.001-07:00

You may very well be acquainted with the nice little ccleaner utility which helps clean up junk residing in your pc and helps in pc optimization and privacy. It frees up disk space by removing unused / unneeded files and makes your computer run better. Now, the problem with Ccleaner is little number of programs it supports (though they are enough for most of the pc users). Did you know there is another nice tool available that enhances ccleaners' power and makes it one of the most comprehensive pc cleaning tool available. Meet Ccleaner Enhancer, This small tool adds support for over 270 new programs into CCleaner which is more than sufficient for any serious junk file removal.

Download ccleaner enhancer and install over your already installed Ccleaner and it'll automatically integrate itself to the application expanding its cleaning capabilities manifold. Now, next time you think of removing crap from your pc, you know where to turn to. :)

Secure your Windows XP in 5 minutes

2010-10-11T13:19:00.001-07:00

I know what you're thinking, the world is moving to Windows 7 and I am still blabbering about Windows XP. While the world is busy moving to a supposedly better, faster, stable next generation Windows 7 platform, there are a many of us who are still sticking to Windows XP and I think there is a reason for that as well. We love Win Xp!

Its' a great operating system if you ask me and it's been with me for all these years. So here's quick trick to make it faster, safer to use. No, we'll not be manually hacking and tweaking registry settings here. We'll be using a fantastic software SafeXP to increase pc performance and pc security. Beginners and Experts alike, both will love it. With SafeXP, you can...

Disable unnecessary Windows services.
Prevent Internet attacks.
Remove Microsoft Windows Messenger (MSN) application completely.
Disable tracking of your document history.
Disable Messenger antispam, spyware-like data traffic of System, Internet Explorer, Media Player, Error Reporting and much more functions into a single easy to use software.

and do much more...Lets' first download it from here:- http://www.theorica.net/download.htm

Run the program and click recommended settings button and you're done. You can ofcourse do more if you wish to, just make sure you do not disable any windows service that you've been relying on. Many keep windows update enabled and that's a good thing, so just keep an eye on it in the general column.

Now tell me, did it take more than 5 minutes? I bet. :)

How to remove CSRCS.exe virus

2010-03-23T12:15:00.000-07:00

Is your pc infected with CSRCS.exe virus? Finding it difficult to completely remove this virus? PC Security Forum has here some good information & steps to Remove csrcs.exe virus.

All you have to do is:-

Open Task Manager, locate csrcs.exe (not csrss.exe) under the processes tab and kill the process.
Click start -> run and type msconfig in the Run box, and then go to startup tab. Locate this exe file, if any, and then remove it from there to prevent it from starting up.
Open windows explorer, click tools -> folder options -> view and check the radio box "show hidden files and folders" also uncheck "hide protected operating system files (recommended)"
Go to your system 32 folder by start -> run -> and typing "system32" without quotes. Locate csrcs.exe and shift delete the file. Alternately, you can search the file using windows search in all the drives. Delete all the csrcs.exe instances you find.

For complete details, head over to pc security forum link given above.
Later on, don't forget to run a full system scan using your antivirus and antispyware software and you're good to go.

All new Opera 10.51 gets better, faster and more Secure

2010-03-21T13:44:00.000-07:00

I have been using Opera from a long time. However, earlier I occasionally ran into few problems while accessing my Gmail account or working on Google Docs. Sometimes some download links wouldn't just work, working on a spreadsheet in Google docs would prove cumbersome. I preferred chrome or firefox more while working on Docs. But, now, things are changing with the all new opera 10.50 plus series. The new opera is faster & better than ever. Opera software claims it the fastest browser on Earth. See here:- http://my.opera.com/portalnews/blog/2010/03/22/opera-10-51-released-the-fastest-browser-just-got-faster

Opera is also termed as the most secure browser with tons of innovating features like site specific blocking, private browsing mode in tabs or new windows, integrated pop up blocking, quick preferences to enable and disable certain features and lots more.
As a pleasant surprise, the new version has got faster javascript rendering engine, Google docs run smoother than ever. Websites load up faster. The browser itself starts up very fast in comparison to other browsers around and is not a memory hog. It makes use of available system resources efficiently. Opera has a number of great features just out of the box which other browsers lack like integrated Mail, Download resume support, Opera Unite, Opera Link, Opera Turbo, built-in Torrent support. It is the most aesthetically pleasing also out of the lot. All in all, Opera browser is a great piece of software and offers great feature set just out of the box. What's more? You can download it for your favorite Operating system be it Windows, Linux or Mac. PCSecurityworld heartily recommends Opera browser for its innovating feature set.

Download new version below and turbo charge your web browsing experience.

Top 6 PC Security Myths

2010-03-21T13:23:00.000-07:00

Top 6 PC Security Myths

Myths are prevalent everywhere, no wonder they also find a place among users in the PC Security World.
Kenneth van Wyk from Computerworld has written on some interesting security myths popular among computer users. Take a look.

I can't stop thinking about my experience last month when I had to reload Windows XP for a friend. It makes me think we need to reconsider how we in the security world have failed the consumer. Should it really be necessary for a consumer to be a security expert to safely use a computer?

That seems to be our message. "You should have known not to click that link," we say. "Why would you Artwork: Chip Taylor

trust that that e-mail actually came Artwork: Chip Taylor from your mother?" We get disgusted that users keep falling for old tricks. But what are we doing to actually help these people?

Here's the Myths

If an e-mail looks authentic, it is safe.
This e-mail came from someone I know, so I know it's safe.
If a friend on Facebook or Twitter posts a link, it's safe.
If I merely view a message, without clicking on any attachments or links, I'm safe
If I go to the URL, but don't do anything while I'm there, I'm OK
If my browser displays the locked padlock, then the site is secure.

Read complete story here

Bad BitDefender Antivirus Update Crashes Windows again

2010-03-21T12:24:00.000-07:00

Bad BitDefender Antivirus Update Crashes Windows based PCs

BitDefender Antivirus is deemed as one of the best antivirus products. However, it is not immune to flaws. My previous experiences with bitdefender haven't been very good. It crashed my Windows xp thrice after updating. Few of my friends reported it slowing down windows systems, therefore they had to switch to something lighter. Here BitDefender is in the news again.

Users of the BitDefender antivirus software started flooding the company's support forums recently, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working.

The company acknowledged the issue in a note explaining the problem, posted Saturday. "Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5," the company said.

The acknowledgement came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems.

"EVERY file that is trying to run is getting quarantined," one user, identified as lhmathys, reported. "Windows Explorer and even Bitdefender update itself is being quarantined. Someone really screwed this one up."

"We are in a really terrible position now," wrote another user, identified as ufitec. "We have 150 business clients and most of the pcs [on] which BitDefender thinks everything is virus does not boot any more!!!!"

In its note on the issue, posted around 4 pm Pacific Time, the company said it had issued a fix for the problem and offered instructions on how to repair the damage, saying that customers should remove files from quarantine and reboot.

Users who can't do that are advised to either use Windows' Last Known Good Configuration restore or System Restore options. The company has asked its users to disable BitDefender update module until new update is released to fix this.

Read more here:- Yahoo News.

Links

2010-03-12T11:43:00.000-08:00

PC Security World recommend the following resources for more information on computer and internet security topics.

Internet Security News

http://clicksafe.kensington.com

Computer memory vulnerable to hacking

2008-02-24T06:47:00.000-08:00

Want to break into a computer's encrypted hard drive? Just blast the machine's memory chip with a burst of cold air.
That's the conclusion of new research out of Princeton University demonstrating a novel, low-tech way hackers can access even the most well-protected computers, provided they have physical access to the machines.
The Princeton report shows how encryption, long considered a vital shield against hacker attacks, can be defeated by manipulating the way memory chips work. The researchers say the ease of their attack raises fears about the security of laptop computers increasingly used to store sensitive information, from personal banking data, to company trade secrets, to national security documents.
Freezin a dynamic random access memory, or DRAM, chip, the most common type of memory chip in personal computers, causes it to retain data for minutes or even hours after the machine loses power, the report found. That data includes the keys to unlock encryption. Without freezing, the chip loses its contents within seconds.
Hackers can steal information stored in memory by rebooting the compromised machine with a simple program designed to copy the memory contents — before the computer has a chance to purge sensitive data, according to the study.
Laptops left in hibernation or sleep mode, or simply not turned off at all, are the most vulnerable to the new type of attack.
"These risks imply that disk encryption on laptops may do less good than widely believed," according to the report, which was published this week by researchers from Princeton, the Electronic Frontier Foundation digital rights group, and Wind River Systems software company. "Ultimately, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive confidential data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys."
Researchers have known since the 1970s that cooled DRAM chips can retain their contents long after power to them is extinguished, but the researchers said they believe their study is the first security paper to focus on the phenomenon. National security agencies may also have been aware that the types of breaches outlined in the study are possible, the researchers said, but added they weren't able to find evidence of that in any publications.
Complete article here.

'Friendly Worms' to help Spread Software Fixes Faster

2008-02-17T06:20:00.000-08:00

"Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."

A good idea, isn't it? (Though the concept is quite old) but still it is worth a consideration. Imagine infecting yourself purposely by a worm and feeling good about it. :)

The laptop repair that triggered a sex scandal

2008-02-17T06:03:00.000-08:00

There are some very good reasons why it's a sensible idea to back up the contents of your hard disk and either erase or encrypt all the stuff you won't want others to see when handing in a PC or laptop for repairs.

You never know if the system could end up getting lost as was the case with the hapless Raelyn Campbell who is now suing Best Buy for $54 million after it happened to her. Or worse still, it could end up getting posted on the Internet for all the world to see as with the even more hapless Edison Chen, a popular singer and actor in Hong Kong.

Chen, who is a relative unknown in the U.S., is scheduled to appear in Christopher Nolan's "The Dark Knight", the next installment in the Batman series scheduled to be released later this year. He has been making headlines in Hong Kong recently after a series of racy pictures of himself in the company of several other Hong King celebrities were published all over the Web (yes, including on YouTube). The photos, about 1300 of them actually, came from the hard disk of a computer belonging to Chen that was handed in for some sort of repairs.

While servicing the computer, the technicians apparently stumbled on to a cache of photos of the star in some rather compromising situations. But instead of just leaving them there, which would of course have been the polite thing to do (OK, maybe after a peek or two), the folks at the service center decided to post them on the Net.

I've never been to Hong Kong, so I don't know if the people there are really as ravenous for this sort of news, as media reports insist they are. But apparently, l'affaire Chen has become the hugest sex scandal to have hit Hong Kong's celebrity circuit in a while, with photos of the star's dalliances with other celebrities being splashed all over the place. Apparently it has reduced Chen's carefully cultivated "nice guy" image to a shambles. It has also tarnished the reputations of about six other celebrities including actress Cecilia Chung and singer Gillian Chung, according to reports.

IndiaTimes.com Visitors Risk High Exposure To Malware

2007-11-11T05:24:00.000-08:00

Malware infection risk to Indiatimes visitors

:- Visitors to IndiaTimes.com, a major English-language Indian news site, risk infecting their computers with a deluge of malware, according to Mary Landesman, senior security researcher at ScanSafe.

"It's an entire cocktail of downloader Trojans and dropper Trojans," Landesman said Friday, putting the number of malicious files involved at 434. This includes scripts, binaries, cookies, and images.

Landesman characterized the size of the malicious payload as unusually large. She also noted that the attack involved a large number of Web sites. Analyzing just two of the binaries, she said that ScanSafe had identified at least 18 different IP addresses involved in the attack.

"Only certain pages of the IndiaTimes.com are infected," ScanSafe said in its Nov. 9 Threat Alert. "The impacted pages contain a script which points to a remote site containing iframes pointing to two additional sites. One of the sites included cookie scripts and an iframe pointing to a non-active site. The other iframe pointed to an encrypted script which exploits multiple vulnerabilities in an attempt to download malicious software onto susceptible systems of users visiting indiatimes.com."

"It appears that the Metasploit Framework was the framework used to facilitate these attacks," Landesman said. The Metasploit Framework is a security testing tool that can also be used maliciously.

Landesman decline to elaborate on the specifics of the exploit other than to say it involved cross-site scripting and that it could turn the victim's computer into a site for malware distribution. "We have reason to believe these are zero-day vulnerabilities," she said. "What we don't want to do is irresponsibly lead people to those exploit pages."

ScanSafe's Nov. 9 Threat Alert identifies one of the vulnerabilities as the MDAC vulnerability described in Microsoft Security Bulletin MS06-014.

Warning that much of current antivirus software misses this exploit, Landesman said that "a person even with up-to-date antivirus software is going to be susceptible to this. In the normal course of using this service, you'd arrive at this page and you'd be silently infected."

Malware Planted on MySpace Once Again

2007-11-11T05:22:00.000-08:00

Attackers are piggybacking on the fame of R&B recording artist Alicia Keys to spread their malware over the Web. Keys' MySpace page has been infected with malicious software.

Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack.

"When a visitor visits the infected page, they're first hit by an exploit which installs malware in the background if they're not fully patched against the latest security vulnerabilities, and next they're presented with a fake codec which tells them they need to install a codec to view the video," said Roger Thompson, CTO at Exploit Prevention Labs. "So even if they're patched, they can fall victim to the exploit."

One Hack After Another
Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on YouTube.

The hack has some interesting characteristics, Thompson explained. "Perhaps most interesting, the bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink," he said. "We tested it and even the ads were affected."

MySpace officials could not immediately be reached for comment, but Thompson reported that the popular social-networking site fixed the pages in question within hours of the discovery. However, yet another hack was discovered just a few hours later, and a new image code has appeared that Thompson warned could be coming online soon.

Online Privacy Policies Don't Do Their Job, Critics Say

2007-11-11T05:19:00.000-08:00

Online privacy policies need to be easier to understand and more conspicuous because few people now actually read them, said panelists at a U.S. Federal Trade Commission workshop on targeted online advertising.

While privacy policies can help users understand what personal information is being collected, they often need "college-level reading skills" to understand them, said Lorrie Faith Cranor, a Carnegie Mellon University computer science professor who's done research on privacy policies.

Cranor suggested FTC action may be necessary to help standardize privacy notices online. "We should look at the whole picture and think, 'Do we need nutrition labels for privacy?'" she said during the second day of an FTC workshop examining concerns about targeted online advertising.

Representatives of Microsoft, Google and Yahoo told audience members they're working to make privacy policies easier to understand and notices about data collection more immediate.

Representatives of eBay and Yahoo said their companies are experimenting with small question-mark shaped links on targeted ads that explain why a customer was shown the ad.

Microsoft tries to provide frequent links to its privacy policy, and makes it available every time customers sign up for a service, said Peter Cullen, chief privacy strategist at Microsoft. "Now, do we make sure they have to scroll through the short-form [privacy] notice?" he said. "No, because in all honesty, our customers have said that's overdoing it."

But Esther Dyson, Internet policy commentator and founder of EDventure.com, called on online advertising companies to use the same "brilliance" they have for delivering targeted ads to deliver targeted privacy policies and data-collection warnings to individual Web users.

Static privacy polices have limited appeal, she said. "I don't think you can force consumers to look at this stuff," Dyson said. "If they're interested, they do click. The problem is what they can find when they click, which is mostly incomprehensible."

She called on Web sites to tell individuals specifically what information is collected about them.

But "just-in-time" privacy notices take up space, said some panelists. "Every pixel fights for its life," Cullen said.

Joel Winston, associate director of the FTC's Division of Privacy and Identity Protection, opened the second day of the e-behavioral workshop by asking whether privacy notices could be made better, or whether they just don't work.

Part of the problem is that many privacy policies change without warning, and users have to go back to the policy to see the changes, said Carlos Jensen, a computer science professor at Oregon State University. "Reading a privacy policy that could change five seconds after you read it means I'm not going to bother," he said.

More standardization of privacy notices is needed, Jensen said. Web users don't want to wade through multiple Web sites with different privacy notices in different locations, he said.

But Web sites are still experimenting with the best ways to deliver privacy notices, said Colin O'Malley, director of strategic business at Truste. Web sites should still be allowed to figure the best approach before the FTC gets involved, he said.

"We don't want to lead with a prescription," he said.

A better system is needed, and Web sites need to give more detailed information about the personal data they collect, said Jeffrey Chester, executive director of the Center for Digital Democracy and a critic of targeted advertising practices.

"There has to be a simple, unified way to tell the individual exactly what is going on," he said. "Why can't you say you're collecting and targeting and profiling this information? Why can't you say [to users] what you tell your clients?"

Aladdin eSafe Secure Web Gateway Blocks 100 percent of Anonymous Proxies

2007-09-03T23:31:00.000-07:00

Anonymous proxies, or anonymizers, are Web sites that allow Internet users to connect to the Web through an external Web site, thereby bypassing any restrictions typically enforced on the local network.

This bypass mechanism, though originally designed for safe, anonymous Web surfing, proves extremely dangerous for businesses, schools and other organizations. It opens any computer to all malware that is usually filtered out by a gateway device, and malware is now free to enter the computer and the network – facing only traditional security measures that have proven ineffective against the new waves of malware threats.

Many using anonymous proxies simply want to access MySpace, YouTube and other restricted sites while at work and are completely unaware of the threat proxies pose to the organization. In a recent SearchSecurity.com poll, 27 percent of respondents said they would consider using anonymous proxies and 9 percent said they are already using them.

Since proxy servers frequently change URL addresses, it is impossible for URL filters to keep up with elusive proxy servers. The eSafe Anti-Anonymizer goes beyond traditional filtering methods to also proactively block anonymous proxies based on their site code and communications behavior – even if encrypted by SSL protocols. eSafe prevents users from leaving the protected network at any time, maintaining network integrity and increasing productivity, as well as ensuring regulatory compliance that is extremely important for government, healthcare, education and other industries. Existing eSafe customers were automatically updated to include the new anti-anonymizer technology in their eSafe product and add-on modules.

Spammers and PDF spam

2007-08-29T14:02:00.000-07:00

Is PDF spam simply not working for the spammers?:

Sophos has reported a dramatic decrease in the amount of spam emails using PDF file attachments to spread their unwanted messages. According to research compiled by SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, levels of PDF spam have dropped from a high of close to 30 percent of all spam earlier this month, to virtually zero.

"If PDF spam email messages have all but disappeared, there can only be one reason - they're not working," said Graham Cluley, senior technology consultant for Sophos. "Spammers wouldn't turn away from PDF spam if it was an effective way to fill their pockets with cash and direct consumers to their websites, dodgy goods or dodgy investment opportunities. This drop indicates that the spammers are finding it hard to fool the public into reading marketing messages distributed in this way."

Levels of PDF spam spiked on 7 August 2007 when a single campaign, designed to manipulate stock prices of Prime Time Group Inc, accounted for a 30 percent increase in overall junk email levels. Since then, however, PDF spam has shown a sharp decline.

"Of course, it's too early to say that this is the last we will see of PDF spam. There could still be more campaigns to come, but its dramatic fall may be a sign that we are witnessing its demise," continued Cluley. "Our advice remains the same to all internet users - it make sense to ensure that your email inbox is properly defended with a product which can defend against the threats of spam and malware."

Sophos experts point to a number of disadvantages for spammers who try and use PDFs in their spam campaigns which may explain its decline.

"PDF spam simply isn't as immediate a way of communicating with your intended audience as an instant glimpse of the marketing message in your victim's email preview pane," explained Cluley. "Furthermore, have you tried opening a PDF file? Adobe Acrobat chugs into action, taking a fair while to load before it can show you the contents of the PDF. Consumers learn pretty quickly that it's a waste of time to open every unsolicited PDF they receive, which means the spammer's message doesn't get read, and the cybercriminals don't make any money."

Cross-site scripting and Firefox 3

2007-08-29T13:56:00.000-07:00

Mozilla Aims At Cross-Site Scripting With FF3

Web 2.0 has enabled a broad array of Websites to be more engaging for users. It has also enabled a new and now very common attack, namely cross site scripting, commonly referred to as XSS attacks.

Mozilla is aiming to put an end to XSS attacks in its upcoming Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data.

New ESET Online Scanner

2007-08-29T13:50:00.000-07:00

Scan and disinfect viruses with ESET online scanner

This new online scanning service allows users to scan and disinfect systems and emails without uninstalling existing antivirus solution.

ESET has announced the availability of a new online scanning service that allows users to scan and disinfect systems, hard disks, compressed files and email - without uninstalling their existing antivirus solution.

Powered by ESET NOD32 Antivirus software, the ESET Online Scanner is a free Web-based service that allows non-ESET users to identify hidden threats, get a "second opinion" on the health status of their computers and determine the strength of their current malware solution.

Based on ESET's heuristic detection technology, ThreatSense, the ESET Online Scanner provides a comprehensive analysis of a computer's malware infection status. It not only detects both known and unknown forms of malware, including viruses, worms, Trojans, phishing and spyware, residing on a computer, but it also cleans the system and allows the end-user to troubleshoot and repair many malware-related problems.

Additional ESET Online Scanner Benefits:

Fast and Easy-to-Use: The scanner is installed and activated by a single button
Always Up-to-Date: Uses the most current threat signatures and heuristic detection algorithms available from the ESET Threat Lab
Deep Scans: Scans inside archive files, runtime packed executables and email messages
Anonymity: The Online Scanner can be used anonymously as contact information is not required to use the service.

"Not all antivirus and anti-malware products are as effective as they should be and users are starting to understand that the AV solutions that come with their computers may not catch existing malware or protect them from emerging threats," said Paul Brook, Managing Director of ESET UK.

"Despite this realisation, users still rely on these limited solutions for protection, which may lead to potential disaster for them if they become infected and misery for others if their machine is used to distribute malware. Our new online scanner allows any computer user to see very quickly if they have a problem and in many cases help them rectify it too," added Paul Brook.

The ESET Online Scanner is available now.

New Norton Antivirus and Norton Internet Security

2007-08-29T13:28:00.000-07:00

Norton Internet Security - Norton Antivirus 2008 Launches:

Symantec has added new shields against malware and Web vulnerabilities in the latest versions of Norton Internet Security and Norton AntiVirus software.
The 2008 versions of the products include a feature called Browser Defender, a behavioral-based technology that defends against drive-by downloads and other threats targeting vulnerabilities in Internet Explorer.
"The notion behind the technology was there's thousands of exploits and the exploits change on a daily basis, but there's only a handful of vulnerabilities—for IE there's 39 vulnerabilities," said Rowan Trollope, senior vice president of consumer products at Symantec.
Other enhancements include Norton Identity Safe, which is aimed at protecting personal information when a user is buying, banking or browsing online. It enables users to control which information is shared with Web sites, and it fills in passwords automatically to thwart keylogging software, company officials said.

Read more here

Firefox Security and Privacy Extensions

2007-08-25T21:12:00.000-07:00

Extend Firefox for better security & privacy:

In the last few years Firefox gained a massive support from surfers worldwide. This is mainly because Internet Explorer, still the biggest player on the market, has proved to be hopelessly insecure.

Besides offering more security than IE by default, what users appreciate is the fact that Firefox can be expanded with add-ons that offer a variety of functions not integrated in the browser upon install. This article will explore useful security and privacy extensions that will add to your browsing experience. These are:-

Spamavert
ShowIP
Greasemonkey

Go get your firefox tightened up for better security and more privacy.

New Crimeware targeting companies

2007-08-25T21:04:00.000-07:00

New crimeware targeting companies

The new variant, “Prg”, researched by Finjan’s Malicious Code Research Center (MCRC) and also noted by Don Jackson of managed security specialist SecureWorks, relays sensitive data collected during employees’ online activity to hacker websites, using SSL-encrypted format. Finjan’s MCRC found criminals’ servers in Panama.

Jackson's research suggests that the crimeware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port. These commands allow the hacker to gain remote control of the compromised system. Jackson’s analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs, as noted in his report.

"This trend highlights the alarming growth of crimeware toolkits being sold to criminals by hackers. Such crimeware is focusing on stealing sensitive business data and sending it back to criminals’ servers over encrypted communication channels like SSL, in order to go undetected", said Yuval Ben-Itzhak, the CTO of Finjan.

Elcomsoft System Recovery for Windows

2007-08-25T20:51:00.000-07:00

Elcomsoft System Recovery helps when you get locked out of Windows:

Elcomsoft has released the Basic version of Elcomsoft System Recovery, an easy-to-use boot-disk application that makes it simple to access your Windows computer if you've been locked out because of password problems. Unlike the Standard and Professional versions of Elcomsoft System Recovery, which are designed for network administrators and power-users, the Basic version give business owners and home users a foolproof solution to system recovery. Purchase the program online, download the software, burn it to a CD-ROM, boot your computer, and reset the Administrator's password.

Under a special agreement with Microsoft, Elcomsoft System Recovery is based upon Microsoft Windows Preinstallation Environment (Windows PE), a hardware-independent minimal Windows system that replaces the antique DOS boot disk that was used to set up new computer systems.

Elcomsoft System Recovery is completely self-contained, allowing you to access each of your desktops and workstations (but not servers), without the need for third-party or proprietary software. Simply insert the CD, and boot your computer.

Why PCI isn’t enough to ensure data security today?

2007-08-25T20:37:00.000-07:00

Ounce Labs thinks it’s critical for consumers to know that, in many instances, their credit card data is still not secure:

Compliance statistics are miserable with less than 50% of merchants able to meet the minimum standards of PCI DSS.
Even when merchants do comply, some portions of the standard are worded in ways that are open to interpretation.
Published reports have appeared that some unscrupulous auditors are taking advantage of non-compliant merchants by forcing them to utilize the auditors compliance services in order to pass – a blatant conflict of interest that compromises the integrity of the PCI audit process.

Security Vendors Challenge Antivirus Tests

2007-06-29T12:06:00.001-07:00

Security Vendors Challenge Antivirus Tests

Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.

The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.

Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to give consumers a more accurate view of how different products compare.

"I don't think anyone believes the tests as they are run now... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec Corp.

Representatives of Symantec, F-Secure Corp. and Panda Software SA agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.

A preliminary plan should be drawn up by September, Kennedy said.

One of the most common tests involves running a set of malicious software samples through a product's antivirus engine. The antivirus engine contains indicators, called signatures, that enable it to identify harmful software.

But antivirus products have changed over the last couple years, and "now many products have other ways of detecting and blocking malware," said Toralv Dirron, security lead system engineer for McAfee Inc.

Signature-based detection is important, but an explosion in the number of unique malicious software programs created by hackers is threatening its effectiveness. As a result, vendors have added overlapping defenses to catch malware.

Vendors are employing behavioral detection technology, which may identify a malicious program if it undertakes a suspicious action on a machine. A user may unwittingly download a malicious software program that is not detected through signatures. But if the program starts sending spam, the activity can be identified and halted.