Under the Web

Some interesting things in life and internet

Archive for the ‘Security’ Category

Virus and Spyware Hackers Target Legitimate Websites

Posted by Jackie R. on May 9, 2007

Malicious software on the Internet has more than doubled in the last year and it’s expected to continue to increase as hackers become more and more sophisticated in the techniques they use to deliver viruses, spyware, worms, Trojans and adware to the Internet.

According to a recent report by Sophos, this growth in malware on the web is due to a new movement whereby hackers place malware on websites rather than using email attachments. Sophos estimates an average of 5,000 new infected web pages are unleashed onto the Internet everyday.

These are not hacker websites. The majority of them, 70% or more are legitimate sites that have been hacked and infected by cybercriminals. Three recent examples of this trend show how popular sites can become powerful spyware targets for hackers:

1. In November of 2006, hackers uploaded an article to the German edition of Wikipedia including a link to fix what the hackers called a new version of the “Blaster worm”. However, this fix was actually malicious code. Wikipedia removed the page as soon as they discovered the security issue. But, the hackers used this code to send spam pointing to the archived Wikipedia page and continued infecting users’ computers.

2. In December of 2006, hackers used the Myspace social networking site to infect hundreds of user profiles with a worm. This malware replaced legitimate links in the users’ profiles with links to phishing sites, where Myspace users were asked to submit their usernames and passwords. The phishing worm also embedded itself into the Myspace victims’ user profiles.

3. The most recent and famous incident occurred in February before the Super Bowl this year, when hackers connected the Dolphin Stadium website to a server in China to gain access codes to the popular online role-playing game, “World of Warcraft”.

Even websites using privacy certificates are no longer safe. A recent study by Internet Security expert, Ben Edelman alleges that cites featuring the TRUSTe security certificate are actually twice as likely to contain viruses, spyware, and adware as non-certified sites.

Many adware providers, like Direct-revenue and Webhancer are even using these certificates in an attempt to seem more trustworthy than they actually are, according to Edelman.

There is a transition in the Internet community toward a new web platform called Web 2.0. This term refers to a second-generation of Web based communities and hosted services (like Myspace, Facebook and Yahoo 360) that facilitate collaboration and sharing between users. The transition to Web 2.0 make websites an even easier target for hackers, as users of these social networking sites tend to be young people less concerned with computer security than with swapping and trading files with their friends. The term Web 2.0 was first coined by the O’reilly Media Group.

Hackers will undoubtedly continue to target websites for delivering their virus, spyware, adware, Trojans and other malware. With this new development, any website on the Internet has the potential to be infected. Therefore, protecting your computer is essential.

To protect your computer, it is vital that you use a powerful antivirus and antispyware scanner like StopSign, update your virus definitions daily, scan your computer once a day for infections and keep all of your software patched and up-to-date.

Jason Dick is an Internet Security Specialist. Mr. Dick is a Tier-3 certified antivirus technician with extensive experience creating customized antivirus solutions for new and resistant spyware and virus infections. In addition, he has spent several years consulting with the average home computer user helping them get the most from their Internet Security Software. He is currently writing a number of articles regarding responsible computer use, internet security, spyware and virus trends and other pertinent technology news to share his knowledge and expertise.To read more of Jason’s articles visit:http://home.stopsign.com


Posted in Security | Leave a Comment »

Security of USB Ports and Flash Drives: Problems and Solutions

Posted by Jackie R. on March 1, 2007

Over the last few years, computers have started shipping with more and more USB connections – it’s that little rectangular plug usually found on the back (and now front and even sides) of your PC, used to connect all sorts of devices to your computer – keyboards, mice, scanners, cameras, MP3 players, and a myriad of others. In fact, it is now impossible to get a computer without one. One of the most popular uses is to connect small thumb drives (also known as pen drives or USB drives) in order to back up, store, and transport data. In such a fashion, these are quickly becoming the de facto replacement for both write-able CD-ROMS and floppy disks. Typically, these are either dedicated storage devices or integrated as part of portable music players (such as the ever popular iPod) and can hold anywhere from 128 megabytes to 80 gigabytes (enough for most companies ENTIRE record set).

What, exactly, is the problem with this? A standard, high-speed, easy to use connection for almost every device sounds like a great advantage for computer users.

Unfortunately, there are some very serious security implications associated with USB and its ease of use. The worst of these deals with letting data get into the wrong hands. There are several ways that someone interested in your data might leverage USB to get your sensitive information and take over your computer resources. Even worse, as these devices grow in capacity, the danger they pose also increases.

The root of the problem stems from the way Microsoft’s Windows® operating system handles plug and play devices (which is what USB devices are). As you may have noticed, whenever you plug anything into a USB port, nine times out of ten, Windows® will automagically recognize and configure that device for use. If it is a USB drive, it even gets a drive letter. If Windows® detects that the device isn’t classified as “removable”, it will automatically run certain files found on that drive. (This is known as auto-run and is enabled by default in Windows®.) While many of the drives on the market today are considered by Windows® as “removable”, certain USB drive vendors actually configure their drives so Windows® detects them as “permanent”, thus making them capable of “auto-running” these files.

Someone trying to get your information could use one of these devices with a specially crafted auto-run program. When it is inserted into a computer, Windows® will happily launch this program without even asking the user and very likely not even letting the user know something is happening.

This approach can be used in several ways to compromise your data and computers. An attacker could come to your location posing as a legitimate customer and manufacture some excuse to be alone with your computer for a few minutes (how many times have you left your computer unattended even for a few minutes to check on something or get a print out on a printer?) while they insert one of the small devices into the computer. Within a few seconds or minutes, hundreds of files could be copied to the USB drive (the new term for this is called “pod slurping”). They then unplug the drive and walk out of your business with data they can sell or otherwise use.

Another scenario involves an attacker at a trade show offering “free” USB drives –a very popular item. They might easily distribute hundreds of these if the convention is large enough. Anytime someone inserts one of these drives, it quickly goes about its job of finding sensitive data and emailing or uploading it someplace on the internet. Even worse, it could be used to install a virus, worms, or other malware onto the computer and allow the attacker to connect to the computer whenever they are ready, potentially by-passing any forms of firewalls, virus scanners, and other security measures.

However, this type of threat isn’t only limited to outside attacks. With the size of these drives and the power of readily available software, a disgruntled employee could easily and very quickly copy thousands of files and walk out the door without raising any suspicions even from the most carefully monitored network (Sound far fetched? There have been several reported cases of this.).

Even worse, the danger might not even be directly the cause of disgruntled employees or malicious attackers. Many people use these devices to keep a copy of their files as they travel or take them home to work on them after-hours. With the capacity and small physical size, a lot of data is kept in a way that can be easily lost or stolen. It’s easy to spot someone running away with your laptop bag, but if they slip the USB drive into a pocket, they become impossible to find. More dangerous is the doubting of theft: was it stolen or did you just happen to lose it? This leads to delayed reporting of the loss and potentially greater damage if it was indeed stolen.

Finally, if an employee does use these drives to take work home, is there any guarantee that the home computer is as well protected as the corporate one? Too many times have there been stories about malware making their way into a corporate setting because someone brought a USB drive from home that was infected. Since Windows® configures these drives on the fly, its possible that the anti-virus program could be by-passed since they may be only set to scan previously existing drives, allowing the virus to gain access to your company network.

So what can you do?

Thankfully, there are quite a few strategies that can help mitigate the risk of USB drives in your environment. Naturally, the strength of your solution will need to be tailored to the sensitivity of your data, the potential for harm, and the potential for attack. A bank will have much different exposure from this threat than would a cash-only craft’s store, although both should take care to protect their customer’s data.

Although it seems everyone jumps to the technical solutions first, one of the best ways to combat this problem is through a strong, well enforced policy regarding USB drives. If possible and applicable, USB drives should be prohibited. This includes everyone (even the IT staff and system administrators who are some of the most likely to want to use them, but also the most likely to go to conferences that offer them as free gifts!). This means anyone seeing a USB drive will know instantly that it shouldn’t be there and can report the incident immediately.

If this isn’t possible, their use should be permitted on a use-by-use basis to employees that have been made aware of the risk. Any drives of unknown origin (from vendors, gifts, etc) should be connected to an isolated machine to be scanned for viruses and wiped clean before use.

Once a good policy has been established, technical measures can be put into place to enforce it. One of the easiest and cheapest of these is to disable the use of USB ports from the BIOS. The BIOS controls many of the hardware settings of your computer and is typically accessed at the very onset of the boot up process – often a black screen with the manufactures logo on it.

Unfortunately, this means that ALL USB devices will be non-operational. With the spreading use of USB, this solution is impractical on newer machines since they don’t allow for traditionally connected keyboards and mice, only USB connected.

That leaves a software solution. Growing awareness of this problem has seen the introduction of software that allows you to control what kind of devices Windows® will allow to be connected and used. For example, keyboards and mice could be o.k., but any type of storage would be denied. Ultimately, this is the most flexible technical solution. Even better, as these products mature, they are allowing for centralized management. This means if John in accounting gets a scanner to digitize receipts, you could authorize its use from anywhere on the network.

Finally, if USB drives are an integral part of your business, and the use outweighs the risk, then all data should be encrypted on them. This keeps data from being readable should the drive get stolen or lost. There are many products out there that make this process simple and mostly transparent, and offer excellent levels of protection.

Three other strategies can also help mitigate the risk of USB drives if their use is a must in your company. These three are not directly related to USB concerns, but are good network security practices in general. First, special care should be taken to ensure that your users only have access to files and information that is commensurate with their job titles – don’t let the new hire have access to the president’s files! Second, don’t let your users run as full administrators of their own workstations – many viruses and Trojans rely on this for successful attacks. And finally, keep customers away from your computers if possible. Keep them behind a counter or out of sight. Using these three strategies help limit the amount of data accessible by hackers or disgruntled employees.

Many organizations have no need to allow these devices on all computers and should take steps to ensure they are not used. Those that do feel a need to use these devices should work on training their users and taking the appropriate actions to protect their data, both on their computers and while on the USB drives.

In fact, each company will likely need to investigate and adopt a blend of these strategies to meet their needs and still protect their data.

USB drives really do offer a vast improvement over floppy disks and CD-ROMs. They are fast, portable, and easily re-writeable, making them ideal for certain applications. Unfortunately, the things that make them so convenient can also make them very dangerous and their use must be tempered with knowledge of that danger and the risks weighed against the benefits.

David Hefley operates Meridian Consulting, an information technology firm based out of Lincoln, NE.

Copyright 2007 David Hefley

Posted in Security | 1 Comment »

E-Gold security – how you can do it better and safer

Posted by Jackie R. on February 3, 2007

Right folks, I have not been writing much about ‘security’ topics recently. Today I thought I should share with you guys how to safely protect your E-Gold account as what I’ve been doing. Some of you may have known these steps but I thought I should recap a bit. This is a very common topic but nowadays I still come across many cases of e-gold being hacked stories.

It always takes a big mistake to learn or do what you should be doing, and this mindset happens because many people assume unfortunate things won’t happen to them. Just to share, in December 2005, I was robbed of nearly $5,000 of 12DailyPro money (when 12DP was using e-gold and in pink of health) that was paid to my e-gold, within 1 hour of payment. I didn’t even have a chance to see this number in my e-gold balance except at the history page showing to who it was paid to! Everything was done sneakily and stealthily. When it happened, my mind was a whirlpool because this just happened and it gatecrashed my dreams. E-Gold can’t help you to recover the money as one of the terms you agree when you sign up for account there states that spends once done are not recoverable whatsoever. It is precisely due to this loophole that E-gold is such a haven for cyber criminals. I think this happened because I clicked on an email link unknowingly

I’ve learned, here how to secure my e-gold account:

1. Use Linux if you can as chances of malware getting there is simply too low due to it’s architecture and comparatively lower number of users. I am using Unbuntu Linux 6.10 sometimes for online e-gold transactions.

If you are using Windows, I mean XP and below, here what I recommend:

1. Use Firefox browser with NoScript extension installed. Clear your cache and cookies after each browsing session.
2. Always update your anti virus and malware detectors with latest patterns. Scan your computer regularly.
3. It is advisable to install a firewall to further protect your computer.
4. Use IP URL to access e-gold, meaning use instead of http://www.e-gold.com.
5. Key in your password using the SRK feature instead of using keystrokes.
6. Use Roboform to generate complex long password for your e-gold and save it using Roboform. So you just need to use the ‘Fill’ feature of Roboform instead of using SRK.
7. Set AccSent’s “Detect IP Address Change Sensitivity” to ‘High’.
8. Sign up for a new email account just for e-gold purpose of receiving the AccSent pins. Never reveal this email to anyone. I recommend using Gmail.
9. If possible, install another non IE-based browser like Opera just for the single purpose of accessing e-gold.
10. Open another e-gold account for storage purpose if you plan to keep the money there for some time. Never reveal this e-gold number to anyone or in any website.

The best is of course, register for a CEP Trust account as a replacement for your e-gold money as CEP Trust does not have price fluctuations so you won’t suffer any paper loss for your money. Lastly, do not ever click any links in an unknown email or spams or even emails purportedly from e-gold. This applies to even chain mails sent to you from your best pals.

These are the steps I take to secure my e-gold. These steps are very troublesome I know but it’s better to be safe to yourself than waking up in the morning to discover your e-gold account’s been hijacked.

Posted in Security | 4 Comments »

The Top 10 Culprits Causing Malware Infections

Posted by Jackie R. on January 13, 2007

I think it is safe to assume that the places you visit on the Internet will determine which programs are installed on your PC. Let me put it this way, the software installed on your computer will have some relevance to the sites you often visit. Lets take a few examples, when you are using Gmail, chances are good that you will have Gmail Notifier or GoogleTalk installed on your PC. When you often visit Yahoo.com or take part in their social networks, chances are good that you will have Yahoo! Toolbar or Yahoo! Messenger installed on your PC. Lets take a more practical example, users visiting Microsoft.com most probably have packages like Microsoft Office and Microsoft Windows XP installed on their computers. It is likely for supporters of the Open Source Initiative to hang out on sites like OpenSource.org, OpenOffice.com, Linux.org or SpreadFirefox.com. So your software preferences play a huge role in the type of web sites you visit and vice versa.

But what has this to do with malware infections? To be honest, everything! Let me show you what the top culprits of malware infections are and it will soon be clear to you what the connection is between the web sites you visit and the malware found on your PC.

Top culprit number 1: Pornographic web sites
Download Spyware Blaster by JavaCool Software and have a look at all the porn related web sites blocked by this program. It is also remarkable to see how many computers with traces of pornographic web sites in their browser history, are often infected with spyware and trojan horses. Unfortunately you will have innocent victims of malware infections, also with traces of pornographic web sites in their browser history, but only because the malware redirected them to these sites. However, people with pornographic material on their computers are not that innocent in this case, pornography does not go out looking for people, people go out looking for pornography.

Top culprit number 2: Illegal music (MP3) and movie downloading sites
These sites normally force you to install special downloading software on your computer so that you can download files from them. These download managers are often bundled with spyware and are trojan horses themselves, downloading tons of other spyware programs while you cheerfully download your illegal MP3’s. They sometimes place tracking cookies on your PC to monitor your browsing habits and hijack your browser to make sure you return to their site or a site of a partner.

Top culprit number 3: Software Piracy web sites
If you love using illegal software, cracks, serial numbers or license key generators (keygens) then you most probably had to remove some malware infections in the past after visiting one of these sites. Most of the people using these cracks are normally technical wizards and know how to disinfect their computers. Many of these sites do not only contain harmful scripts but also fake cracks and key generators, which are nothing else but malware. Some crack developers create a working crack but distribute it with spyware or a trojan horse to make your PC their slave.

Top culprit number 4: Peer-to-peer file sharing programs and networks
The file sharing community is loaded with pornography, pirated software, music and movies. Is it not amazing that everywhere these guys make their appearance you also find spyware, viruses, trojan horses and all kinds of malware? The client software is also often bundled with spyware (or adware as they call it).

The culprits discussed so far are those connected with illegal and indecent activities. People visiting these sites and using these services deserve getting infected with malware. These culprits are also some of the biggest sources of malware epidemics. What flows from the mouth, comes from within the heart. The same rule applies to your computer, those nasty little programs crawling inside your computer is, in the case of culprits 1 to 4, the direct result of your own sinful actions and activities.

The next couple of culprits are caused by negligence and a lack of knowledge about how malware are distributed.

Top culprit number 5: Pop-up and pop-under advertisements
Another culprit that wants to caught you off guard. A pop-up window may appear out of the blue or a concealed pop-under window my load in the background without you even knowing it. These windows can start downloading malicious programs and install them on your computer. They can appear on any web site, not just illegal and other bad web sites. You can prevent these windows from opening by using a secure browser like Firefox with a built-in pop-up blocker.

Top culprit number 6: Fake anti-virus and anti-spyware tools
You visit a legitimate looking web site and suddenly a banner appears telling you that your computer is infected with spyware. You can scan your computer with all the anti-spyware software in the world, over and over again until you are blue in the face, but that banner will keep telling you that your computer is infected with spyware. This is because it is a plain image banner. The site never does a scan of your computer, it is a fixed message that will display on any computer, no matter how clean it is. Simply put, it is a blatant lie! They want you to believe that your computer is infected and that only their software can remove this spyware. If you download and install their software you will only find that it is spyware itself. You may end up infecting a completely clean system with a dirty program, trying to remove the so-called spyware.

A system scan is not a three second process, it takes time, so no scanner can tell you instantaneously that your system is infected with spyware. I do not believe in online scanners, rather use software with a good reputation, a local scan is much more faster. Most online scanners are no online scanners at all, you actually download the whole scanning engine and end up doing a local scan anyway. A real scanner will tell you the name of the malware and its location on your hard drive, if it does not give you this information, then it is fake. Even if it gives you this information, it still does not mean that the software is legitimate. Do not trust everything you see online and stick to well known anti-malware brands.

Top culprit number 7: Free games, screen savers, media players, etc.
No, not every free program comes bundled with spyware, but spyware (once again the developers prefer to call it adware, but it is still the same thing) is often the price you have to pay for the free software. It is normally a ploy to monitor your use of the program, to send the creators statistical data or to collect data about your online behaviour in order to send you targeted ads. If you try to remove the spyware you normally render the main application useless. Read the EULA (End User Licence Agreement) very carefully before installing the application. But everyone knows that nobody reads those tedious, long licence agreements, so use EULAlyzer by JavaCool Software to check for specific keywords and phrases that might reveal any spyware programs being installed or privacy breaching practices that may occur if you install the free software.

Top culprit number 8: Malicious web pages with harmful scripts
But you already mentioned this one in culprits 1 to 3. No, culprits 1 to 3 often have harmless web sites and it is the content you download from the sites that is harmful. But you also get web pages containing malicious scripts, totally innocent looking web sites, like a site donating money for cancer. You go to their homepage and suddenly a script virus strikes your computer. This is what an anti-virus shield was made for, that unexpected attack. Firefox is also designed to prevent harmful scripts and browser hijackers from accessing the system and taking advantage of flaws and weak spots in your operating system.

Top culprit number 9: E-mail
Virus worms spread themselves by forwarding a copy of the virus to all the contacts in your address book. Those contacts that are unaware of these worms will most likely open the e-mail and the file attached to it. But when you open a strange infected e-mail from an unknown sender, then you are guilty of double negligence. For the virus to be activated you need to open the e-mail and in most cases you need to deliberately open the file attachment too. By using a little common sense you will know that strange e-mails from unknown senders are dangerous, especially when they have executable attachments with file names ending with the “exe”, “com”, “bat” or “scr” extensions. Even dangerous e-mails from known, trustworthy contacts can easily be identified if the contents of the e-mail seems strange and out of character. By being careful and responsible when opening your e-mails, you will not only prevent your own computer from getting infected, but you will also prevent the worm from spreading any further.

Top culprit number 10: You the Internet user
What? Me? How on earth can I be a culprit? Well, you are an accomplice in the spread of malware if you do not have an active and updated anti-virus package installed on your computer, if you do not scan your computer for viruses and spyware on a regular basis, if you do not use shields like the TeaTimer tool from SpyBot (which is free by the way), the Ad-Watch shield of Ad-Aware or the resident shield of AVG Anti-spyware (all of which you have to pay for, unfortunately), if you spend your time browsing pornographic and illegal web sites and take part in the sharing of pirated software and copyrighted material (culprits 1 to 4), if you fail to be responsible with the software you install on your PC and the e-mails you open (culprits 6, 7 and 9) and if you refuse to use a secure web browser (like Firefox) built to prevent malware infections (culprits 5 and 8). Yes, I will go so far to say, that if you stay away from culprits 1 to 7 and 9, you probably won’t need any virus and spyware protection at all. Culprit 8 is the only reason why you should have anti-virus and anti-spyware protection, for those unexpected attacks, over which you have no control.

Culprits 1 to 8 are the main sources of malware. Infections caused by them led to the creation of culprits 9 and 10, which distribute the malware even further. Do not turn your computer into a malware paradise or a malware distribution centre. Take responsibility, protect your computer against these threats and prevent the spread of malware.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software. Visit our Malicious Software Removal Assistance page for advice and personal assistance with the removal of stubborn and unknown malware infections.

Posted in Security | 1 Comment »

Flaw found in Adobe Acrobat PDF format Allows attacks on personal computers through trusted Web links

Posted by Jackie R. on January 6, 2007

Computer security experts have found a loophole in Adobe Acrobat Reader program that allows hackers or malicious to harm your computers. As pdf files are everywhere in many servers and are trusted by many, hackers can make use of this to carry out their operations by manipulating the weblinks that exist within the pdf files and initiate harmful scripts when you launch the pdf from within your browser.

The flaw appears to target Internet Explorer 6.0 or earlier versions of it and Firefox browser. It is recommended users protect themselves by upgrading IE to latest version or by changing Firefox’s option so that the browser does not use the Acrobat plug-in but launch the pdf file from the native Acrobat Reader in your program list.

Here is the full link of this report: http://www.msnbc.msn.com/id/16464910/ 

Ok, here is how you change the setting for Firefox:

Firefox 2: Go to Tools / Options “Content / File Types” and click the “Manage…” button. Select “PDF” from the list of extensions, or use the ‘Search’ function if you can’t find. Click the “Change Action” button and change the action to “Open them with the Default Application” (Adobe Reader).

Firefox 1.5:: Go to “Downloads / Download Actions” and click the “View & Edit Actions” button. Select “PDF” from the list of extensions or use Search, click the “Change Action” button and change the action to “Open them with the Default Application” (Adobe Reader).

Firefox 1.0.x: Go to “Downloads” and click the “Plugins” button. Uncheck “PDF” from the list of extensions. Next time you click a .pdf file link in Firefox, you will get an “Opening….” dialog box asking what you would like to do with the .pdf file. Choose the option to open with the default application and check the box to do that automatically from now on.

Posted in Security | 2 Comments »

A Square Expires!

Posted by Jackie R. on January 6, 2007

My reliable and trusted malware detector ‘a-square Anti Malware‘ is expiring and I do not hesitate to renew for another years subscription at a 50% discount. This is one of the best malware software out there in the market in my opinion and it saves my computer from a number of intrusion cookies and some trojans last year.

Posted in Security | Leave a Comment »

Online anonymity – Using TOR networks

Posted by Jackie R. on December 27, 2006

Do you know that when you surf a particular website , sensitive information like your IP address, your location, type of operating system used, type of browser used, duration of stay and others may be recorded by the webmaster? Through the use of scripts or third party web stats monitoring service, cyber activities of yours can be easily tracked and monitored.

If you are concerned about this issue, let me recommend to you a network called TOR that will ease such worries from your mind. I do not know what TOR stands for but it is able to help you remain anonymous for your web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol.

It is basically a worldwide distributed network of computers operated mostly by private individuals (some .edus and non-profit orgs also do so). But because no one person/company own/ have access to the entire network – a common pitfall of so-called “anonymous proxies” – they cannot store all details about you – even if they want to.

TOR will continually hops and cycles through thousands of IP addresses in its network before exiting your data stream through hundreds possible exit nodes. So unless you’re being watched and timed at both entry and exit nodes, no one knows where you came from nor where you’re going.

If you want to try out TOR, go to http://tor.eff.org/index.html.en  and download TOR. You may want to download the pack that contains Vidalia (a software the controls and monitors TOR sessions) , TOR and Privoxy (a filter add-on). Once you’ve got it running go to http://cmyip.com/ to verify that your IP is indeed masked.

I would also recommend that you use Firefox browser from http://www.mozilla.com/en-US/firefox/ because there is a Firefox add-on that allows you to enable or disable TOR sessions from Firefox.

The disadvantage of TOR now is that it may be slow sometime. Remember those nodes in the network are all individual’s personal computers donated to add to the network bandwidth, so if more TOR users donate their bandwidth, the faster the network will be but it will not slow down their connection speed, just that you require to set the computer as a server and that maybe require some learning which not everyone will be keen to delve into.

In conclusion, use TOR if you are worried about your online information being exposed and picked up by someone in the process. Remember, everyone deserves some security and privacy when using Internet. The tradeoff, of course, will be some slow down in surfing speed.

Happy TORing. 🙂

Posted in Security, Web | Leave a Comment »

Spyware, Antivirus Software Alone Isn’t Enough

Posted by Jackie R. on December 25, 2006

When people buy a home computer or when companies get set up for their online presence for advertising or e-commerce, most people’s IT shopping list is extensive and includes things such as hardware and software such as an operating system, a word processor and internet browser such as Internet Explorer, Netscape or Mozilla’s FireFox. Most people realize that they need to protect or shield themselves against potential computer viruses, which can be debilitating. What many fail to do, though, is protect themselves from Spyware.

Spyware is created to spy on you. Spyware is also known as Adware. Adware fills your screen with advertisements. There are also malicious types of Spyware that report your computer activities to a third party. This problem is running rampant throughout the intricate web that is the Internet.

Installing Spyware software is as important in protecting your computer as Antivirus. Even more so, Spyware protects your privacy and your online habits. Leaving yourself exposed to spyware is like leaving your window coverings opened to potential peeping Toms who look in your window to see: a- What you are doing b- What they can steal from you.

Spyware can reveal every private detail that is either stored on your computer in files or that is typed by you when you believe that no one else can see what you are doing. This could create huge problems for you.

But Spyware can be stopped. You can install Spyware fighting software along with Antivirus on your computer. Programs will not only erase spyware from individuals who are unfortunate enough to be infected but will also shield you from future threats. New threats are peppered throughout the Internet hiding in Trojan horses like toolbars, music downloads, free screensavers and so on. You need an intelligent program that has updated definitions on an ongoing basis to protect your computer or your company’s computer against the potential threats that exist all over the Internet.

Antivirus protects you from malicious viruses and Spyware protects you from malicious people that want your secret information such as passwords, pictures, chat transcripts, customer mailing lists, credit card numbers or personal identification numbers. .

Personal information needs to remain personal. Companies need to safeguard their databases and people need to safeguard their hard drive from malicious individuals who would steal from you.

You need to protect yourself otherwise the consequences are great for both people and corporations.

About the Author
Total Innovations, Inc. specializes in award winning software programs designed to solve computer users needs. The spyware removal software, emailspy.com & folderhider.com are a few of the most recent. See full details at: http://www.spyblaster.com

Posted in Security | 1 Comment »

How to effectively guard against malware

Posted by Jackie R. on December 21, 2006

Being much involved in the internet marketing business myself, I know the chances of being infected with some of the malware are rather high. This is especially so for someone who gets complacent because such mishaps have never happened before, thinking such stuff will never happen because I have the latest anti-virus software. Remember, a single moment of carelessness is enough to haunt you for a long time, and very often, just having anti-virus software is not enough to protect you.

Nowadays, site admins or webmasters can easily program some codes into their websites and when you visit these websites, your computer may be infected unknowingly with malware. Or someone sends spams to your POP mail box and you download those spams to your computer and unknowingly launch some programs that come with it. These are usually spyware, trojans or keyloggers. Also you don’t want your computer to be part of the zombie network that launches DDOS attacks on other websites. This problem is more acute if you are heavily involved in autosurfs, HYIPs or traffic exchanges because you need to surf or click many stranger sites everyday in your routine. Also HYIP arena is a place full of sleazy thieves who are very capable of stealing money right under your noses. Everyday there are reports of people being stolen of E-Golds and such thing happened to me before too. It’s scary, isn’t it? So how to prevent such things from happening?

1. Throw away your Windows operating systems
Due to the prevalence of Windows operating systems, in fact I think more than 80% of world use Windows, thieves prefer to design malware specially for such big group of users. Call it economy of greater returns, a viral effect could spread out in very short time to harm millions of computers world-wide. In fact, switch to alternatives like Linux operating systems whose architecture is built not to propagate malware even if it were hit and also chances of being hit are extremely low. An excellent Linux distro to recommend is Ubuntu.

2. Throw away Internet Explorer.
If you prefer to stick to Windows, at least do yourself a favour by using alternative browsers like Firefox or Opera and for mail client, switch to something like Thunderbird. For Firefox, you may want to install No-Script add-on for added security.

3. Install a good firewall software
Firewalls are programs that constantly monitor your internet’s inbound and outbound traffics. It can warn you in the event your computer’s malware attempt to connect to the outside thus letting you have idea of what programs are using your connections. It can block unknown outside traffic packets from reaching your computers too.

4. Use a real time Malware scanner
Having an anti-virus protecting you real time is no longer enough because anti-virus software is not able to guard you against spyware, trojans or worms. Often it is this category of malware that harm you the most so you got to install a real time malware scanner. Currently I am using an excellent real time malware scanner called a-square anti-malware from Emsisoft for more than 1 year and I really find it a great choice to recommend it to all.

5. Use Gmail as your online email
Face it, your Yahoo or hotmail email accounts are not as secure as Gmail so it is good that you switch to Gmail for some of the more confidential online accounts you have. Also a good practice is to delete all the welcome emails from the sites that you are members because these emails usually contain your login passwords which can be tampered with if there’s an unlawful access.

6. Use complicated passwords
Use password generators to generate complex passwords for you. Most importantly, do you use a same password for all the sites you registered with. Use different and complex passwords for each of your accounts. You can use an excellent password manager like Roboform to manager and generate complex passwords for you.

Those are the few main points to have a safe online experience. Remember, online security is a must now.

Posted in Security | Leave a Comment »

Dangers of Spam Emails

Posted by Jackie R. on December 12, 2006

I have a business email address from a local ISP that is used for online correspondence with other business traders and that email address is only printed on my business cards. It is safe from those atrocious spams, I thought.

However, in not more than half a year, unsolicited emails begin to trickle into my computer inbox whenever I log in to check daily emails. It is frustrating and a definite concern because those spams may contain links that will install spywares like key loggers, trojans, viruses unknowingly when you click on them. In its true nature, these spams are just pure blatant product solicitations but with the gaining popularity of electronic transactions, you can no longer simply turn a blind eye to these electronic trashes thinking online mishaps will not happen to you. Personally, one of my online accounts was hacked into just because of one moment of carelessness and that is for clicking on one of the graphic images.

Some reasons why spams must be stopped:
* Risks of online security,
* Risks of receiving undesired emails,
* Hogging of precious online bandwidth, and,
* Wasted time to clear and delete the spams and junks.

Having a strategy to deal with email spam is essential for any online events. Here are some of the things that you should practise.

* Extra email addresses If you need to sign up for any online accounts, always sign up with an email address that is meant for this purpose. You will never know whether your email addresses will be sold to spammers or not. Also, spammers may be able to use web bots to comb through internet for emails and please do not leave your email address on your website.

* Do not click on any links in spam emails Spam emails have been professionally tuned to increase its chances of being opened by recipients by using attractive email subjects. Even if you open the email, it is still safe but please try not to click on any of the links inside that email. You are really jeopardising yourself as malware will be insidiouly installed in your computer and this makes it a zombie terminal that can be controlled by spammers and hackers. Many harmful activities can happen when these parasites get into your computer. It is therefore important that you have a good online malware scanner working at all times.

* Do not ever reply to spams There is always an innocent looking ‘remove me’ link at the bottom of the spam emails. DO NOT CLICK ON THAT. This is because spammers may be testing out which email addresses are still active and through this, you are exposing your email to the ‘active’ list of the spammers.

* Install anti-spam software or online security programs In the market, there are a few good anti-spam software that allows you to block, filter or kill spams from going to your inbox. What this does is that it will scan your incoming emails for the spam keywords that you have added and if the software detects that your incoming mails have these keywords, they will be deemed as spams and blocked. Total online security suites are even better as anti-virus, anti-spyware, anti-spamming right up to firewall are built in for you so that you have a complete peace of mind. Remember to always update these software regularly for new security signatures.

If you put the above suggestions into practice, you should be well shielded from the ill effects of spams.

Posted in Security | Leave a Comment »