Instant Messaging Safety – Sensible Guidelines

I’m always amazed when I see my younger friends communicating with each other using instant messaging applications. Their use of instant messaging for rapid communication, as opposed to voice contact, is a phenomenon that I must admit has never appealed to me.

I excuse myself on this one by convincing myself that I’m an ancient fossil; after all my computing experience goes all the way back to the dark ages of MS-DOS 1. Not quite the days of the Dinosaurs; but close.

My comfort zone in communications is a telephone used the old fashioned way for immediacy, or email where immediacy is not an issue. The reality is however, that programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications are extremely popular with the tech savvy younger generation, like my younger friends, who want real-time contact with each other.

Regrettably, from a security perspective these applications can present considerable risks. Generally, this security risk takes place when these programs are used to share files, folders, or in some cases even entire drives. Instant messaging, unfortunately, is a primary channel used by cyber criminals to distribute malware.

As Don Montgomery, VP of Marketing at Akonix Systems, Inc. a leading provider of IM Security Appliances explained recently, “For the past six years, we’ve tracked malicious IM activity, and we see that hackers continue to attack this increasingly popular collaboration tool.”

As Wikipedia explains it, hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL that connects him or her to a website that then downloads malicious code. Viruses, worms, and Trojans typically propagate by sending themselves rapidly through the infected user’s buddy list.

Follow these tips to ensure you are protected when using instant messaging.

• Don’t click on links or download files from unknown sources
• Check with your contacts to ensure links or files originated with them
• Use secure passwords comprised of letters and numbers using upper and lower case characters
• Protect personal/confidential information when using IM

If you’re curious about the latest instant messenger hoaxes checkout Doshelp.com

Free Serif 3DPlus 2 Design Software – Simple/Wizard Driven

As I’ve mentioned before on this Blog, SerifSoftware entices you in an unusual way to buy, or upgrade, to their latest software offerings. They will give you, free of charge, an older version of any of their software packages. An interesting twist on the usual “try it for free for 30 days” we are all pretty familiar with.

Having used and tested, Serif’s free editions for 10+ years now, and I find that even their older software is more than up to the tasks I set.

Sure, the applications may be older than the current versions, but in terms of functionality and features, generally you are not missing much. Most software today, tends to be overblown and bloated with features that many users have little or no need of. So, in these older free versions there are not as many tools as one might find with more recent products, but those that are there tend to be the ones that are most used by typical users.

Despite the slightly dated appearance of Serif’s 3DPlus 2, this is not an ‘old’ program that’s been revived just for give-away. 3DPlus 2 is a very functional and easy-to-use tool, capable of producing great 3D graphics, logos, headlines and 3D animations.

Serif keeps things simple by offering template-based wizards for still and animated graphics, combined with preset controls and 3D content. The gallery of ready-made objects, from basic shapes to clothes, household appliances, sports equipment and more, is designed to save you time. As well, 3D Quickshapes gives you an easy shortcut to stars, arrows, speech bubbles and other basic shapes.

It won’t take you long to become familiar with keying in text, extruding it to create a 3D object, adding texture and lighting, dropping in a background image, adding other 3D objects from the library and changing the camera position to get a better view from above, below or behind.

There’s something pretty neat about being able to build a solid 3D object, move it around and view it from every angle. Serif 3DPlus 2 lets you do just that, without anything getting in the way of the fun.

Quick Facts:

Easy-to-Use Interface

• With its simple interface and intuitive tools, 3DPlus makes creating any 3D design a breeze. The new Wizard interface and convenient tabbed Studio Bar mean it’s easier than ever to get exactly the 3D effects you need.

Automated Wizards

• Get the precise result you need with 3DPlus 2’s collection of over 300 automatic Wizards. From designer logos and Web buttons to animated greetings, 3DPlus has a Wizard for every occasion.

Bevels and Extrusions

• Add a new dimension to your text and designs. Choose from a range of customizable bevels, apply to your objects and watch as 3DPlus creates professional quality effects.

Web Impact

• 3DPlus is the perfect tool for creating 3D logos, banners, Web graphics and animations. With 3DPlus you can add a 3D look that will really make your site stand out.

Automatic Animation

• With 3DPlus, 3D animated graphics are easy Object and lighting effects can be applied with a single click and easy-to-use yet powerful 3D animation tools and instant special effects allow you to create animations in seconds. Export your work as an animated GIF to your Web site or presentation.

Camera Control

• View your scene from any angle with six preset camera positions and freeform orbiting.

Lighting Effects

• With full control over the lighting of your scene and a gallery of preset schemes, 3DPlus allows you to add drama or subtlety to your scene with a single click. You can create and save your favorite lighting schemes for future use.

Models/Materials Gallery

• Personalize your work. Choose from over 600 3D Models and over 500 backgrounds, textures and fills, all easily accessible from 3DPlus’s easy-to-use gallery.

Text and Effects

• Add text and apply textures, bevels and shadows to create effects. Whether you need a new logo for your company, product or club, or a new graphic for your Web site, 3DPlus makes it easy to get the look you want.

3D Objects and Materials

• Creating 3D Objects is easy with 3DPlus. The materials, patterns and textures in the 3DPlus Library provide all the power and flexibility you need to create 3D elements, 3D worlds, scenes, and animations.

3D QuickShapes

• Can’t draw? 3D QuickShapes work like intelligent clipart, no need to draw at all, just select and customize.

System Requirements: Windows 95/ 98/ 2000/ XP

Download at: SerifSoftware

Online Banking Security – Be Safe – Know the Rules!

As use of the Internet continues to expand, banks and other financial institutions are using the Internet to offer products and services, or otherwise enhance communications with consumers.

The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices; decisions that will help you avoid costly surprises, or scams.

You are your own best protection. So learn about and take advantage of security features offered by your financial institution.

Some examples:

Encryption is the process of scrambling private information to prevent unauthorized access. To show that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

· Never leave your computer unattended once you have signed in to online banking.

· After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.

· Keep your password and card number safe.

· Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information.

· Do not save your bank card number or password on a publicly accessed computer.

· If using a public access computer such as an Internet café or public library, change your password after completing your session by calling your bank’s telephone banking number.

· When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Don’t use:

· A password you use for any other service.

· Your name or a close relative’s name.

· Your birth date, telephone number or address, or those of a close relative.

· Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. Giving your password answers to another person or company places your finances and privacy at risk.

Scan Your Computer With Panda Security’s ActiveScan 2.0 – You Could Win an iPod!

From Panda Security:

A study carried out by PandaLabs of more than 1.5 million users revealed that 72% of companies with an up-to-date security solution installed had malware on their networks. In end-user environments, the study confirmed that 23% of home computers were infected. Current data indicates that the situation has not improved.

The underlying reason is that traditional security solutions are no longer enough to protect users’ computers from the increasing number of malware samples that appear every day. This means that many users are infected without realizing.

In order to make people aware of this problem, Panda Security has launched the Infected or Not campaign (http://www.infectedornot.com). Through this initiative, both users and companies will have the possibility to run free security assessment on their PCs and networks, using the largest analyzed programs database in the world with more than 11 million malware samples and, as a result, improve the security of their computers. The first ten companies that demonstrate that they are not infected will win €5.000.

“Many users and IT managers believe that all security solutions are the same, and that simply having a traditional antivirus installed provides sufficient protection, yet the truth is quite different. Due to the evolution of malware, a user of a traditional antivirus solution is still significantly exposed”, explains Matthieu Brignone, CMO at Panda Security. “This could result in confidential data being stolen, identity theft and ultimately, people’s credit cards, bank accounts, etc. being raided.”

The reason why Panda can detect malware that has evaded other solutions is “Collective Intelligence”. Through the Infected or Not campaign, Panda Security aims to prove that this innovative technology is providing much better protection than the competition and that it therefore represents a significant advantage over other security solutions.

“Collective Intelligence” is an innovative security model based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. As the knowledge is accumulated on Panda servers and not on customers’ computers, “Collective Intelligence” maximizes the detection capacity of Panda Security solutions while reducing clients’ bandwidth usage and resource consumption. This not only provides far greater security but also simplifies the protection process.

Currently, Panda Security’s Collective Intelligence network comprises 4 million computers. The knowledge accumulated in the system is composed of more than 11 million malware samples, and over 100 million analyzed programs. In 2007, more than 94% of all new threats that reached PandaLabs were detected through Collective Intelligence. At present, the system has a malware knowledge base of more than 100 million bytes.

“This model ensures that Panda solutions detect more than other security products, and if we fail to find a threat on a user’s computer they could win an iPod Nano, or €5,000 in the case of companies” says Matthieu Brignone.

Challenge Rules

• Terms and conditions of the prize drawing organized by Panda Security, S.L. (1 iPod a day)
• Panda Security S.L. located in C/ Buenos Aires 12, 48001 Bilbao, Spain and its local representatives, has organized a prize drawing for 1 iPod Nano 4 GB a day to promote the new technology called “Collective Intelligence” and the products included in the campaign “Infected or Not?”.
• The prize drawing will start on April 7, 2008, and will end on June 30, 2008.
• The prize drawing is open to all persons who, at the time of the drawing, are active clients of Panda Security or have scanned their computers with AS 2.0 and no infection was detected. Each participant will be able to scan his computer as many times as he wants, counting each one of them like a participation in the drawing.

Take the challenge

Contest rules

Free DriverMax – Backup Device and System Drivers

So, the last time you had to do a full re-install of Windows, (if you haven’t yet you will), you discovered that the most frustrating part of the process was the installation of all those device drivers.

Most of us tend not to think about device drivers until the time comes when we end up searching high and low for the original install CD’s following an operating system re-install, or worse, spending hours on the Internet tracking down those hard to pin down drivers.

Well, help is at hand. DriverMax is a free register ware program that makes it easy to backup and reinstall all your Windows drivers. Using DriverMax, you simply export all of your current drivers to a folder or a compressed file of your choice.

After reinstalling Windows the Import Drivers wizard helps you install the drivers that you exported earlier. The entire operation can usually be done in 5-10 minutes, as opposed to the hours that the alternative requires.

All you need to do then is restart your computer and all those drivers will be automatically reinstalled.

Quick Facts:

• Wizard based user interface
• Export drivers based on filtering
• Export drivers to a folder or to a compressed folder
• Fast exporting and importing of drivers
• Free registration code required within 30 days

This is a great little application that should be part of your recovery toolbox.

Requirements: Windows XP/2003 Server/Vista

Download at: Download.com

AVG Anti-Virus Free 8.0 Released – Now With Anti-Spyware Protection!

AVG Anti-Virus Free 8.0, for personal use only, which now incorporates protection against spy ware through a new combined anti-virus and anti-spy ware engine has just been released and this latest version of the popular free anti-virus tool is now available for download.

According to the developer AVG Free provides basic protection against viruses and spy ware as well as a “safe-searching component” which has been incorporated into the new AVG Internet Security Toolbar.

It’s important to note however, that the free product does not include the proactive safe-surfing (“drive-by download” protection) of the full LinkScanner module, nor protection against hackers, keyloggers, spam, phishing attacks, and malicious file downloads that is included in the commercial AVG product.

Karel Obluk, chief technology officer at AVG Technologies states “With the release of AVG Free 8.0, we are underscoring our belief that all computer users, regardless of their computer usage needs, have the right to a safe and worry-free computing experience.”

Noble sentiments perhaps, but the downside to the release of AVG Anti-Virus Free 8.0 is AVG’s free standalone Anti-Spyware and Anti-Rootkit applications are being discontinued; bad news for those of us who prefer standalone solutions rather than prepackaged suites.

Since it is too early to provide a definitive, comprehensive review of the strengths and weaknesses of this product, various user forums have been polled in order to get a relative feel for the opinions of early adopters. On balance the results have been mixed, with the most common complaint being mediocre detection rates and slow on demand scan times. On the upside, most users seem to like the newly designed GUI.

For those users who rely on AVG’s free products for basic system protection, this new version is likely to continue to meet your basic needs.

Requirements: Windows 2000, XP or Vista.

Download at: Download.com

Free Port Analyzers – Defeat Spyware/Botware

Windows XP has a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine, as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

If you are unfamiliar with, or uncomfortable with using the command structure, there are a number of free real-time port analyzers available for download.

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

Quick Facts:

· View currently running processes along with the full path and file which started it

· View the active TCP Listeners and the processes using them

· View the active TCP and UDP connections along with Process ID

· Double click on a process to view the list of DLL’s

Download at: Download.com

CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Quick Facts:

· View current active ports and there starting applications

· Close selected connections and processes

· Save a text/ HTML report

· Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Every Good Story Needs a Villain!

This is a guest post by Paul Eckstrom, a technology wizard and the owner of Aplus Computer Aid in Menlo Park, California.

Paul adds a nice humorous touch to serious computer technology issues. Why not pay a visit to his Blog Tech–for Everyone.

This story opens gently enough. It begins with a friendly and helpful Comment posted on a friendly and helpful blog.

Someone had written to share “the results of their work”, which he said “solved his security problems.” He was talking about viruses and spyware, and other malware, and he said his method “covers 99.8%! of all known threats.” He posted his advice/Comment on an article about How To prevent the dangers posed by spyware (and also warns about “rogue” anti-spyware programs). He signed himself “Spycrasher”.

So far, this all sounds pretty good, doesn’t it? 99.8% effective certainly sounds good.

As you have probably deduced, Dear Reader, the “friendly and helpful blog” in question was this one. Tech–for Everyone, like most blogs, provides readers the opportunity to respond, ask a question, or just “put in their two cents”, simply by clicking on “Comments” at the bottom of the article. And also like most blogs, I have the ability to “moderate” which comments get posted and which don’t– for instance, Comments containing offensive language will not be published. Spycrasher’s 99.8%- effective security solution will NOT be seen here.

But.. maybe you’re a little curious as to what it was. And.. maybe, why I deleted it. (Take another peek at today’s title..) “Spycrasher’s” comment said to use three particular anti-spyware programs– in tandem– and he provided download links. (This, alone, triggers red flags.) He mentioned two tools I was not familiar with, and one rather well-known program.

* Hyperlinks are always suspicious (and blocked as a matter of policy), and the first thing I checked was, did the links point to legitimate websites..? Or would clicking on them take you to a poisoned webpage (which could infect your machine) or a pharming site.

No problem there. The links he provided did indeed point to real websites.

* The next thing was to check out the unknown programs themselves. No self-respecting and legitimate tech writer will advocate something they have not used, and tested, themselves. Period.

In my initial research of the first program (XoftSpy-SE), I found a wide range of reviews and comments.. from “this is rogue” to “this is the best thing since sliced bread”, and I learned that the program was “for pay”.
I don’t promote “for pay” software here (but do provide a daily free download), nor, even potentially rogue app’s; and so I stopped right there. I would not allow Spycrasher’s Comment.

· Being the gentleman that I am, I decided to write Spycrasher and thank him for his submission, and explain why I had moderated it. But before I did, I wanted to get a feel for where he was coming from.. so I ran a Whois on his IP…

Now, I gotta tell you.. it is very rare for ARIN to come back with a “no match found”. Very, very strange.

So I traced him.

New York >London >Amsterdam >Berlin >Warsaw…

And then he disappears into a virtual private network somewhere in the Ukraine.

Odd.

* So I used a search engine to find instances of the word “Spycrasher”… and he came up a lot. Spycrasher likes to post in various forums. Quite a few of them, actually. Like, practically all of them.
And he posts a lot of Comments there.
* Guess what? They are all identical to the the one he posted (I should say “pasted”) on mine.. right down to the ‘wink’ smiley ;-).

Very.. odd.

Tip of the day: Be very leery of hyperlinks, folks.. and please understand: not every innocent looking thing you see on the Internet is in fact “friendly and helpful”. There are people whose full-time job it is to try to trick you, and seduce you into doing something you normally wouldn’t.
I am very sad to say.

[note to bloggers/forum moderators/webmasters: you may want to search your published pages for instances of “Spycrasher”, and delete this guy.]

Today’s free link: I am going to repost a program here today, because I have it on every single one of my (Windows) machines, and I think you should too. ThreatFire (originally named “CyberHawk”) is a free, behavior-based anti-malware application. I use it as a supplement to my antivirus and other anti-spyware tools. Heuristic tools like ThreatFire are your only defense against “zero day” exploits.

Copyright 2007-8 © Tech Paul. All rights reserved*

Stay Safe/ Anonymous on Public Computers – Two Free USB Applications

There are numerous reasons why someone would want to surf anonymously: to ensure protection from snooping web sites, annoying advertisers, employers, or curious family members.

More obvious reasons for anonymous surfing include, surfing in internet cafes, public terminals in libraries, or hotel business centers. In fact, you may want to surf anonymously on any PC where you don’t want to leave traces of your private surfing activities.

Most typical PC users are shocked at the amount of information their browser leaks to web sites they visit. For example, the information below is presented to every web site I visit. I have X’d out certain parameters for privacy purposes only.

· Your computer is connecting to the internet at xxxxxxx, xxxx, in the xxxx, with an IP address of 24.xxx.xxx.xxx

· Your User Agent is being reported as: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

· Your Referrer is being reported as:

· http://www.google.ca/search?hl=en&client= ient=firefox-a&rls=org.mozilla:en

· Your IP Address is 24.xxx.xxx.xxx

· Your Host Name is d235- xxx.xxx.xxx.cable.net

· A trace to your phone comes back with an area code of: 0

The objective of anonymous surfing then, is to conceal this information from web sites and other computers, and typically you would use an anonymous proxy server between you and the web site to accomplish this.

When surfing anonymously, your web browser talks to the proxy server; the proxy server talks to the web site. In actual fact this means, the web site does not know you; it knows only the anonymous proxy server.

You have Choices

You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!

More reliable and safer, in my view, is to download and install a client application which manages the details of anonymous surfing for you.

One such application is OperaTor, a free utility that includes the Opera browser, the Privoxy Web proxy , and The Onion Router, which is a method used for anonymous Internet communication. All components launch simultaneously.

OperaTor, and the component pieces, does not require an installer and the utility can be installed and launched from a USB flash drive. This makes it ideal for surfing at public computers.

Download at: Download.com

A second free utility is XeroBank Browser, a special version of Firefox that runs in conjunction with the free Tor anonymizer service; and that can also run directly from a USB flash drive. Just plug in your USB stick to any PC with a USB port and Firefox V2 is automatically launched, set up for secure and private surfing.

TorPark creates a secure encrypted connection between the PC you are using and the first Tor server. This allows you to safely transmit information without fear of local interception. This makes it ideal for surfing on open Wi-Fi networks.

Download at: Download.com

Share this post :

XnView – Free and Easy Photo Tool

XnView is a free utility for viewing graphic files and the simple and easy conversion of those files. With XnView installed on your system you can resize, crop, correct red eye, flip, rotate, and carry out a wide variety of image adjustments, including brightness, contrast, and gamma.

With XnView you can import more than 400 graphic file formats then convert them to other formats such as GIF, BMP, JPG, PNG, multi page TIFF. As well, you can export more than 50 graphic file formats.

The Image viewer (Browser) resembles the very familiar Windows Explorer. You simply navigate the directory structure and any image files found in a directory, are displayed in miniature (Thumbnails). This gives you an overview of the images available and at the same time lets you rapidly view and select specific images.

XnView doesn’t stop there however; it also provides you with more advanced features such as Web page creation, contact prints, multiple conversion (format and transformation), slide shows, screen capturing and twain support for scanners and digital cameras.

Quick facts:

· Import over 400 graphic file formats

· Export over 50 graphic file formats

· Multipage TIFF, Animated GIF, Animated ICO support

· IPTC, EXIF

· Resize

· Copy/Cut/Crop

· Adjust brightness, contrast…

· Modify number of colors

· Apply filters (blur, average, emboss …)

· Apply effects (lens, wave …)

· Full screen mode

· Slide show

· Picture browser

· Batch convert

· Thumbnail create

· Screen capture

· Contact Sheet create

· Multi-page file create (TIFF, DCX, LDF)

· TWAIN support

· Print support

· Drag & Drop support

· 44 languages support

System requirements: Windows XP/2003 Server/Vista

Download at: Download.com

Share this post :