Virus Alerts – Panda Security’s July 17, 2009 Report on Viruses and Intruders

Courtesy of Panda Security. Panda Security’s weekly report on viruses and intruders.

This week’s PandaLabs report looks at the MyDoom.HN and Sohanat.IM worms, and the PCSecurity2009 fake antivirus.

MyDoom.HN is a worm designed to launch Distributed Denial of Service attacks (DDos) to American and South Korean websites. Additionally, if the system date is later than July 10 it damages the affected computer’s hard disk, rendering it unusable. To do so, it overwrites the initial sectors of the hard disk with junk bytes. It also deletes the MBR (Master Boot Record).

This malicious code reaches users’ computers through emails with subjects related to July 4, Independence Day (United States).

PCSecurity2009 is a fake antivirus type of adware. When installed on the computer, this adware, like all of its kind, simulates a system scan, detecting dozens of malware samples which are really not on the computer. In this case, it also modifies the Windows Security Center so it indicates that the antivirus protection is disabled.

Once the scan is complete, it encourages users into registering the antivirus and purchasing a complete pay version to eliminate the non-existent threats. Its objective is to profit financially from those sales.

Finally, the Sohanat.IM worm spreads through external devices. Once it has infected a computer, this malicious code adds a copy of itself in several paths and removable drives.

Additionally, in order to run every time a session is started, it creates several entries in the Windows Registry.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can follow Panda Security’s activity online on Twitter, and the PandaLabs blog.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – July 17, 2009

10 dumb things users do that can mess up their computers – Users find plenty of ways to run into trouble, from gunking up their system with shareware to leaving it exposed to attackers. This list will help them avoid such problems.

Mozilla, Google plug high-risk browser holes – Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla’s security response team has rushed out a patch to protect users from code execution attacks. With Firefox 3.5.1, rated a “critical” update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.

Rescue Your Data Using VistaPE – Want to get your geek on? It takes patience and persistence to set up this utility, but the reward is a powerful tool for recovering data from a corrupt Windows system.

Cybercriminals Take Lessons From Business School – Online bad guys building specialized businesses along with sophisticated marketing and distribution strategies, Cisco study says.

Canadian Facebookers face privacy breach – The popular social networking site, which is used by 12 million Canadians and 200 million people worldwide, also keeps personal information indefinitely after users deactivate their accounts.

Google Launches ‘My Favorite Places’ for Maps – Google launched a personalized mapping service, My Favorite Places, at an event in San Francisco on Wednesday. The service works with Google Maps, and has something for both small businesses as well as consumers.

Twitter documents stolen from Google Apps: Theft raises cloud security concerns – A hacker has reportedly obtained and distributed more than 300 confidential documents pertaining to Twitter’s business affairs. The documents were reportedly stored on Google Apps.

Major Antivirus Engines Failing To Detect Malware – AV programs having trouble keeping up with email viruses, study says.

It’s Time We Talked About Netbooks – All Netbook users typically rely on online applications and services which do not require powerful hardware on the local computer (aka “cloud computing“), such as Google Docs and Calendar.

NiftyClicks: Loot, iFreelance, PlanetBargains, SideStep – It’s time for more NiftyClicks from our favorite marketing maverick, Andrew Lock. Check out his selection cool tools that can make your life a little bit easier.

Spam Not So Profitable? – Despite a huge rise in volume, many spammers don’t make as much money as you might think.

RFID passports: a tragedy waiting to happen – You’re strolling in the south of France when a van stops, men burst out and, in seconds, hustle you into the van. “American scum!” they hiss as they hood you. But wearing a Sorbonne t-shirt and no fanny pack, how did they know? Thank your government — and a bad storage choice.

One year from today Microsoft will retire support for Windows XP Service Pack 2 – Windows XP is not being retired, but support for Service Pack 2 is. It may be the case, and in fact I would guess it would be the case, that from them on you will have to have Service Pack 3 in order get support, including patches to subsequently disclosed vulnerabilities.

Off Topic:

Lifehacker: Recharge Your Car’s Air Conditioner – If you have a car that isn’t showroom fresh anymore, there’s also a good chance it’s lost a little of its air conditioning mojo. Get things icy cool again with this simple fix.

Positive Thinking Quotes – Thinking positively can change your life, let these inspirational quotes on inspire you to keep your thoughts in a positive way!

Dalai Lama’s 18 rules for living – At the start of the new millennium the Dalai Lama apparently issued eighteen rules for living. Since word travels slowly in the digital age these have only just reached me. Here they are.

Ten Things You Need to Know to Live on the Streets – For millions of Americans, the housing crisis began well before last year’s front-page collapse. Bigotry and criminalization by an unjust system of policing and incarceration, combined with economic privation, have kept even the meager privilege of a subprime mortgage or slumlord lease out of reach for many. As the crisis unfolds, the number of homeless will grow.

Today’s Free Downloads:

Ultimate Windows Tweaker – A freeware Tweak UI Utility for tweaking and optimizing Windows Vista, 32-bit & 64-bit.

Windows Movie Maker – With Movie Maker 2, you can create, edit, and share your home movies. You create movies with drag-and-drop commands, and you can edit your footage so you highlight only the best scenes. Then you can share your movie via the Web, e-mail, or CD; you can also save your movie back to the video tape in your camera to play back on a TV or on the camera itself.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

A Tech Discloses What’s Really Inside Your Mega Hard Drive

One of my favorite computer technicians, Dave Brooks, reveals what’s really inside that mega Hard Drive you were thinking of buying.

Numerous articles have appeared here on Bill’s blog about how important data backup is. This article will not discuss the why’s; it will discuss an issue which I feel is a trend in the external enclosure industry, a very bad trend, and not always disclosed in a products description.

When shopping for an external hard drive for backup purposes, you need to be aware of the following issue.

The average consumer would think that when buying a 1 or 2TB external hard drive,  the enclosure contains a 1 or 2 TB hard drive, but that isn’t so on some Lacie and some other manufacturers’ enclosures.

They may actually contain 2 physical hard drives, half the size of the total capacity, set up in a striped RAID array. With the electronics inside the enclosure controlling the drives, your system will see a 2TB drive, but the enclosure actually contains 2 1TB drives.

The problem with these is, if one of the 2 drives fail, all your data is lost if the electronics board in the enclosure fails all of your data is lost. In a normal single disk enclosure it’s usually possible to remove the drive from the enclosure to get data off of it, if the enclosure electronics or power supply fails.

This striped array method is absolutely the worst way to store important data, as it doubles the possibility of hard drive failure and data loss. Any IT person worth his salt will never recommend this setup for storing critical data (unless there is a backup of the backup done on a regular basis).

I’ve had 2 customers with Lacie enclosures set up this way. One had the electronics board in the enclosure fail, and data recovery was not possible via any methods I had -even going so far as to use a Linux box and data recovery software designed to reassemble RAID disks into a single image. The only option was to send the drives to a data recovery specialist at the cost of hundreds to even thousands of dollars.

The second customer had one of the drives fail (multiple bad blocks), and believe it or not, this is actually the better failure scenario, as I was able to repair the drive to get it working in the enclosure.

The recovery of almost 1Tb of data was successful – he got lucky, and saved a bunch of money as I don’t charge anywhere near what professional data recovery companies do, but they have techniques and equipment I can only dream about 🙂

The place for this type of RAID setup is when higher performance is desired. A striped array of two 500GB drives (that gives 1TB of useable storage) is faster than a single 1TB drive. I use this setup in my gaming PC, but it must be backed up on a regular basis.

Just keep this info in mind when shopping for that next external backup drive!

Guest Writer: This is a guest post by Dave Brooks a professional computer technician from New Hampshire, USA. Dave has become a regular guest writer, who’s articles are always a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – July 16, 2009

Patch now or build a bomb shelter – Microsoft today released six bulletins with fixes for at least nine documented security vulnerabilities in a range of products that put users at risk of malicious hacker attacks. At least two of the vulnerabilities are currently being attacked in the wild so it’s imperative that Windows users and administrators treat these patches with the highest possible priority.

Megan Fox sex tape warning – Security researchers are warning of a Megan Fox ‘sex tape’ hoax currently circulating on the web. A ‘sex tape’ allegedly showing Transformers star Megan Fox is currently being used as bait in an online scam.

Lifehacker: Google Voice Apps Land on Android and BlackBerry – Android/BlackBerry: – Google’s official Google Voice app for (two) mobile phones does pretty much what one would expect. It dials out using your Google Voice number, displays new voicemail transcripts and text messages, and simply makes Google Voice easier to use.

Firefox 3.5 flaw warning – Firefox Mozilla has recommended that anyone using the Firefox 3.5 browser should change configuration settings to guard against a vulnerability in the program. The flaw is in the way the browser handles JavaScript and could allow a hacker to take control of your PC remotely.

How do I… Change the Product Key in Windows XP? (Updated) – In 2003, TechRepublic first published the procedure for changing the Product Key in Microsoft Windows XP. Since then, Microsoft has made the process easier and safer by providing an applet for just that purpose.

Patch Tuesday Fixes Serious Zero-day Holes, Leaves Another Open – Microsoft today fixed a serious, under-attack flaw in a video ActiveX control, along with other critical flaws involving QuickTime files and fonts. But a critical zero-day hole in another ActiveX control remains unpatched.

How do I… Blog from the Windows desktop with Live Writer? – For many of us, part of our job requires keeping a blog. If you’re like me you have so many things to do, finding the time, in one sitting, to complete and publish a blog is a little difficult. With that in mind it’s nice to have the tools that allow you to work with your blog on the fly, and do it without having to have a network connection.

Koobface Dumping on Twitter – The most famous Facebook worm now spams malicious links to Twitter. Twitter is fighting back. The infamous Koobface worm, known for infecting Facebook users, is expanding its reach in social media.

How do I… Secure Microsoft Windows XP Professional? – Although there are dozens of steps you can take to secure your Windows XP system; these 14 reasonable steps are designed to give you the most bang for your security buck.

10 common issues you can fix with a registry hack – If you read any article that involves editing the registry, you will no doubt see ominous warnings telling you that you can destroy Windows and/or your applications if you edit the registry incorrectly, and that you should always make a full system backup before performing a registry modification. While these statements may be true, the fact remains that there are things that you can do by editing the registry that you simply cannot do with the GUI. In this article, I want to share with you 10 handy registry hacks for Windows XP and Vista.

Off Topic:

So you want to be a writer! – In the brave new world of all things digital, there’s more than one way to skin a cat – and more than one way to write and get published. WEbook is a community of writers who come together to write, give and get tough, honest feedback, and maybe make a few friends along the way. WEbook is transforming the landscape-one writer at a time.

Fast Food: Ads vs. Reality – Each item was purchased, taken home, and photographed immediately. Nothing was tampered with, run over by a car, or anything of the sort. It is an accurate representation in every case.

Does DNA Have ‘Telepathic’ Properties? – Experts Say “Yes” – DNA has been found to have a bizarre ability to assemble itself, even at a distance, when according to known science it shouldn’t be able to. Explanation: None, at least not yet.

Remembering Apollo 11 – 40 years ago, three human beings – with the help of many thousands of others – left our planet on a successful journey to our Moon, setting foot on another world for the first time. Tomorrow marks the 40th anniversary of the July 16, 1969 launch of Apollo 11, with astronauts Neil A. Armstrong, Michael Collins and Edwin E. “Buzz” Aldrin Jr. aboard.

Today’s Free Downloads:

LSN Password Safe – LSN Password Safe helps you keep track of your plethora of passwords with a free encrypted ‘safe’ on your PC.

NoScript – Javascript is a very useful type of Web programming, but many online attacks exploit it. Use this plug-in to block sites from running JavaScript in Firefox until you explicitly say it’s okay.

AbiWord – If your word processing chores are straightforward, you’ll want this freebie. AbiWord has a simple interface: What you need is right in front of you–simple icons and menus across the top of the page.

NoteTab Light – NoteTab Light is an excellent text editor with a variety of features. To start off, you can create and edit multiple files. Each file gets its own tab, so it’s easy to switch among them. This program, though, offers much more than just that; for example, it handles light HTML editing.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – July 15, 2009

Wireless Cyber-criminals Target Clueless Vacationers – Cyber-criminals are targeting travelers by creating phony Wi-Fi hot spots in airports, hotels, and airlines.

Google Discloses Plans For New Malware-Resistant OS – Chrome OS aimed at eradicating malware issues for desktops with lightweight platform and cloud-based application model.

Gmail adds anti-phishing feature – Google has added extra measures to prevent phishing attacks against users of its email service, Google Mail.

Firefox about:config hacks that can speed up and customize your browser – Firefox has a whole host of hidden settings that can fine-tune and potentially speed up your browsing experience.

Lifehacker: Google Gears Officially Updated for Firefox 3.5 – Google’s popular offline browser plug-in Google Gears has been broken ever since Firefox 3.5 was released weeks ago. Frustrated users created their own workarounds, but now Gears is officially back up and running with Firefox 3.5

SoliCall Provides Audio Quality Improvement to InterMedia Marketing Solutions 500 Seat Call Center – SoliCall, provider of noise reduction, echo cancellation and quality monitoring software, designed to improve voice quality, today announced that InterMedia Marketing Solutions will be implementing SoliCall’s PBXMate across its call center.

Would Your Users Take The Bait? – Military leaders would never send their troops into war without preparing them for the threats they’d be facing on the battleground. Likewise, you shouldn’t let your users go about their daily activities without educating them about the dangers they face when opening an e-mail or clicking on a link returned from a seemingly innocuous Google query.

Online Shoppers Still Don’t Get Security, Research Shows – People are increasingly dependent on e-commerce sites, but they do not have a good understanding of online security.

Cloud Computing: 10 Things You Probably Don’t Know About Cloud Storage and Computing – Cloud computing serves up computing power, data storage or applications from one data center location over a grid to thousands or millions of users on a subscription basis.

This Old PC: 5 Ways to Keep It Working – There’s still life left in that old PC you just replaced. Eric Geier shows you five different tasks designed to keep it productive and out of the landfill.

Zero-Day Attacks Keep Coming for Microsoft – No sooner does the software titan nail one dangerous bug than another one pops up.

How To Use Electrical Outlets And Cheap Lasers To Steal Data – Researchers at Black Hat will demonstrate how to tap into an electrical socket and using a laser, hack a nearby computer.

Off Topic:

Two Phrases That Destroyed American Culture – Every time I promise myself that I will work on controlling my temper, I always end up making a scene.

A proposal to classify happiness as a psychiatric disorder: Department of Clinical Psychology, Liverpool University – It is proposed that happiness be classified as a psychiatric disorder and be included in future editions of the major diagnostic manuals under the new name: major affective disorder, pleasant type.

100 Best First Lines from Novels

The Most Useful StumbleUpon Feature You May Not Have Known – Hidden in the obscure StumbleUpon toolbar settings is a feature that’ll change the way you stumble!

Crack/Keygen Sites That Are Safe To Use – Blindly searching the web for cracks & keygens is about as smart as using Limewire to search for antivirus software – something not well-advised. Undoubtedly and unfortunately, the number of crack sites with overtones of a malicious agenda heavily outweigh sites that just want to serve up the honest goods.

Online Tutoring and Help – Math, Science, English, and History Tutoring.

Today’s Free Downloads:

6 Transformation Packs for Windows XP – Want to transform the look of Windows XP to make it look like another operating system? Here are six packs that you can install on your computer to achieve this task.

Liveusb-creator – The liveusb-creator is a cross-platform tool for easily installing live operating systems on to USB flash drives.

Jing – capture anything you see on your computer screen and share it instantly…as an image or short movie.

218 HD Resolution Desktop Wallpapers for Nerds – Here are 218 HD resolution wallpapers. Nerds like you and me have big ass screens so ALL of these wallpapers are available in high resolutions of at least 1900×1200. Plus, each one has been hand picked for quality, not quantity.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If Malware Could Speak – What a Tale it Would Tell!

If malware could speak, you could have an illuminating conversation with one, or more, of the scourges that infest the Internet.

You might be surprised at what could be learned from such an imaginary conversation. It might go something like this –

I might be malware, but in most cases I’m pretty polite; I won’t infect your computer unless you invite me in. But I can count on lots of you doing just that.

Take my good buddy LOP, for example, he’s been away for awhile, but he recently came back from vacation and he’s now infecting unsuspecting computer users’ machines with renewed vigor.

He will accept your invitation, to infect your system if, for example, you download and install either of two rogue Peer to Peer (P2P) applications currently making the rounds on the Internet. BitRoll-5.0.0.0, and Torrent101-4.5.0, are two programs that are used to exchange P2P files that he likes to piggyback on. There are many more than that of course.

The people he works for (some might call them cyber-crooks – well, actually everyone calls them cyber-crooks), are experts at using false/rogue applications to install malicious code like LOP.

LOP is a pretty neat piece of malware (his employers are pretty smart fellows), since he’s been designed, amongst other things, to display ads from a range of advertisers through pop-up windows, banner ads and so on.

Oh, and he’ll automatically switch your Internet Explorer home page to his own search engine. One he particularly likes is http://www.mp3search.com. When searches are made with this engine, the results that you see will be advertising pages that LOP chooses to display.

(Sample misdirected search)

Just in case you decide that LOP is no longer welcome on your computer (that happens all the time), he will connect, every so often, to a web page from which new malware files will be downloaded  making it much more difficult to delete all of the active malicious files on your system.

I should tell you that LOP is extremely hard to get rid of, and just in case you try,you’ll have to deal with over 200+ changes to your Registry Keys. And in case that’s not enough bad news, you should know that LOP will invite lots of his other malware friends over, so that they can party on your system.

But LOP has even more tricks up his sleeve. He can  monitor your system’s processes, and can even play with your security applications making them ineffective.

Since he’s a sporty fellow, once he’s done that, he’ll launch a keylogger to capture your key strokes and just for fun, he’ll go on to scan your email address book so that he can bug your friends. Hmm, maybe they’ll become your ex friends.

LOP is definitely a hard worker (which is why his employers like him so much), so in his spare time he’s going to look around your operating system for vulnerabilities. You see, he knows that like most people, you probably haven’t installed the latest operating system updates, nor have you updated your security applications, like you’re supposed to.

Even if you have taken care of these critical areas, it’s almost certain you haven’t updated your installed productivity applications, and LOP knows just how vulnerable these applications can be.

So think carefully before you offer LOP, or any of his malware friends, that invitation. Once invited in, LOP will settle in for a long, long visit.

Thanks for the chat, but I have to get going. There are lots of unaware Internet users’ waiting to invite me into their computers. I know that many Internet users’ are kind of “click crazy”; so why should LOP be the only one to have some fun!

Oh, by the way, unless you paid attention to what I said, I’ll probably drop by your machine soon.

You have a good day now.

Elsewhere on this Blog you can read “The Best Free Spyware, Virus, and Browser Protection”, an article on free anti-malware programs, including anti-virus software, and you can download those that suit your needs.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – July 14, 2009

Just a few hours ago Secunia issued an advisory on a “Highly Critical” vulnerability in Firefox 3.5 – No patch is available from the vendor and an exploit has been posted online.

An early look at Office 2010 – Microsoft has released a Technical Preview of its Office 2010 Professional suite. Here are some of the new and improved features you can expect to see in it.

SMS botnet warning – Text Security experts are warning of the rise of a botnet of mobile phones, infecting other handsets via text message. Known as the Sexy Space or Sexy View worm, an SMS message promises the recipient ‘sexy’ pictures.

XP to Windows 7 Upgrade Scenario – Yes, it can be done via the Microsoft Deployment Toolkit 2010.

On the eve of Patch Tuesday, Microsoft is warning users about a flaw in Microsoft Office Web Components that is under attack – Microsoft is warning of limited attacks targeting a vulnerability in Microsoft Office Components. The warning comes the day before Patch Tuesday, which this month is slated to include fixes to a number of critical vulnerabilities.

DDoS Cyberwarfare Hurts Us All – A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government — with fingers pointed at North Korea. There are a few basic truths people forget when it comes to information warfare …

The Next Hacking Frontier: Your Brain? – Some scientists worry that when new technology enabling the use of thoughts to operate a computer or wheelchair goes wireless, it could become subject to “brain” hacking.

Survey: 60 Percent of Firms Will Skip Windows 7 – Six in 10 companies in a survey plan to skip the purchase of Microsoft Corp’s Windows 7 computer operating system, many of them to pinch pennies and others over concern about compatibility with their existing applications.

Research: A Day In the Life of A Spamming Bot – ESET researchers discover that a Waledac-infected bot spams out 150,000 messages a day.

Business licensees to get final Windows 7 release in July – Microsoft officials have said the company expects to release Windows 7 to manufacturing before the end of this month. But they have been less forthcoming about when users will be able to get their hands on the product.

Text Message Scammers Quietly Prey On Regional Banks – A new form of phishing sends regional bank members a text message pretending to be from their bank.

Chrome OS: It matters or it’s irrelevant – Google has finally announced its long-expected operating system, the Chrome OS. Here’s what we know about it, plus both why it matters and why it could turn out to be irrelevant.

How to Crack the Account Password on Any Operating System – Computer passwords are like locks on doors – they keep honest people honest. If someone wishes to gain access to your laptop or computer, a simple login password will not stop them.

Off Topic:

A Drug That Could Give You Perfect Visual Memory – Imagine if you could look at something once and remember it forever. You would never have to ask for directions again. Now a group of scientists has isolated a protein that mega-boosts your ability to remember what you see.

Could You Have Passed the 8th Grade in 1895? – Take a Look: This is the eighth-grade final exam from 1895 from Salina, KS. USA.

Free University Lectures – computer science.

5 Ways to Get Bigger and Stronger: Without Lifting a Weight – Few men believe it, but you don’t need barbells, dumbbells, or machines to build muscle; in fact, weight-training equipment often inhibits the process.

Genetic mutation makes those brown eyes blue – Scientists find that blue-eyed individuals have a single, common ancestor.

Today’s Free Downloads:

The Free GOOD Software List – If you want software that works, doesn’t cost an arm and a leg, contains no spyware and just plain doesn’t suck – you’re at the right place.

Defraggler is a free file defragmentation tool – It differs from other defrag tools on the market, by enabling you to quickly and simply defrag the files you want to, without having to process the whole drive.

The Best Free Apps for Your Windows Mobile Device – Despite the flurry of attention surrounding the iPhone and other new mobile phone platforms, Windows Mobile still has a widespread distribution and capacity for customization.

Convert for Windows – Convert is a free and easy to use unit conversion program that will convert the most popular units of distance, temperature, volume, time, speed, mass, power, density, pressure, energy and many others, including the ability to create custom conversions!

FreePrintable.net: Printable Medical Forms! Certificates on CD! – If you’re a fan of FreePrintableCertificates.net, you know what a great resource the site is for families, businesses, schools, and more.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spam and Botnets – Who’s Responsible?

A fairly recent survey on Internet security released by the National Cyber Security Alliance (NCSA), determined – “U.S. consumers don’t understand botnets; networks of compromised computers that have become one of the major methods for attacking computer systems”.

Pointedly, Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” people don’t know how to keep their computers secure.

The information gathered in this survey is not new to experienced computer users’, or to those of us involved in Internet and system security. It seems to me, that this is simply repackaged information that we have had access to, in some cases, for years. In fact, the statements in this survey can be applied to worldwide Internet users’ and are not restricted to just users’ in the U.S.

I think that one would have to have been on an extended vacation from both computers and cyber space, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time.

Consider this – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

So the question is, why is the average, or typical computer user, so lacking in knowledge when it comes to Internet security precautions; some might say even negligently so?

Problem solving this issue does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article, summed up this issue particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take Internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the (dryer) lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the root of this problem: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all, Internet users’.

We are long past the point where we need to stop just talking about this issue. We need to stop being part of the fear campaign and the feeling of helplessness that accompanies it, and develop appropriate solutions.

Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where little or no user interaction is required to maintain the security of the system. Microsoft’s soon to be released Windows 7 operating system, developed with security in mind, appears to be a step in that direction.

More to the point however, a massive change in Internet users’ attitudes and perceptions needs to take place. Users’ have to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem, but instead, are part of the solution.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser addon which takes security this one step further. The solicited opinions of users/members, on a web site’s safety, are incorporated into the overall site safety rating.

There are other solutions of course; some draconian, some less so, but unless we as computer users take responsibility for our own online safety, you can be sure that governments will eventually introduce measures that will be considered draconian.

We now live in the age of the “interconnectedness of all things”, in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists; and here we are, back to the concept of draconian government imposed Internet security measures.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and amongst other solutions, insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer. If you reduce your exposure to successful attacks on your machine, then downstream you are helping to protect my machine and those of others.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of.

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – July 13, 2009

How To Test Your Computers Security – I thought I’d put together a few ways of testing your systems security setup. These are not virus or malware scanners but various ways of testing your current security software.

Hacking Your Computer – Physical Access is Total Access.

Lifehacker: – Five Best Content Filtering Tools – Whether you want to keep your kids eyes away from inappropriate content or your employees from wasting time online, you’ll find a variety of great tools available for filtering internet access.

Does Google Know Too Much About You? – Do you trust Google? For some, Google is a wonderful company with a broad selection of useful online tools that make life easier, but for others Google is a looming, unregulated monster just waiting for the moment to drop the ‘don’t’ from the company’s unofficial motto, “Don’t be evil.”

Solve Start-up Error Messages – Tired of that weird pop-up that appears every time you start Windows? Here’s one way to troubleshoot it.

Off Topic:

The Cook’s Thesaurus is a cooking encyclopedia that covers thousands of ingredients and kitchen tools. Entries include pictures, descriptions, synonyms, pronunciations, and suggested substitutions.

Swearing can reduce the feeling of pain – It might be socially unacceptable, but an outburst of swearing after a DIY mishap or stubbing a toe can actually do some good.

How to Win Friends and Influence People – Excerpts from Dale Carnegie’s inspiring Book.

Ten Rules for Being Human by Cherie Carter-Scott

TOP 100 funniest one-liners on the internet!

Today’s Free Downloads:

85+ tools to manage projects – Events are indeed projects or at least they should be managed as such. Here is yet another free list that will help you to be more productive.

Open Source God – 480+ Open Source Applications.

Handbrake – Handbrake is a DVD ripping application, allowing you to convert a DVD to a video file.

Inkscape – Inkscape is an open-source vector graphics editor similar to Adobe Illustrator or Corel Draw.

Svchost Process Analyzer – Svchost.exe is the most mysterious process in Windows XP/Vista. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The authentic svchost.exe file is located in C:\Windows\System32, but numerous viruses and trojans use the same file and process name to hide their activities. The free Svchost Process Analyzer lists all svchost instances and checks the services they contain. This makes it easy to uncover Svchost worms like the infamous Conficker worm.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Guard Your Sensitive Files With My Lockbox Freeware

Rick Robinette at What’s On My PC, recently wrote a couple of intriguing articles on some esoteric ways cyber-criminals can gain access to the confidential information many of us keep on our computers.

If you think your confidential files are cyber-criminal proof, because you consider yourself an astute and savvy Internet user, and your machine is protected by the latest and greatest AV products – take a look at Atypical Ways of How Your Data Can Be Stolen, and Are Wireless Keyboards Secure?, on Rick’s site. You might be in for a surprise.

Reading these two articles has prompted me to republish the following article on how we can take advantage of the freeware program My Lockbox, to keep confidential files hidden from view.

You might wonder why you would need to conceal files on your computer in the first place; after all you have nothing to hide, right? Well if you’re like the rest of us, it’s almost certain that you do have something to hide.

At a minimum, it would be sensible to conceal files that contain financial data and other confidential information, that can easily be subject to intrusive viewing by others not authorized to do so.

Files that contain financial data and other confidential information continue to be targeted by hackers/information thieves, for the purpose of identity theft. The reality is; there is no such thing as a totally secured internet connected computer; all internet connected computers are subject to attack. Masking these files then, seems like a sensible precaution.

Confidentially of course, may not be the only reason you may have to conceal files. On a shared computer for example, it may be prudent to conceal particular files to ensure that they are not subject to accidental erasure. In fact, you may have lots of personal reasons to mask special files on your machine.

My Lockbox is a freeware software application that allows you to conceal files, and then password protect those files on your computer. Other users will not have access to these files, nor will they be able to accidentally, or otherwise, view them or manipulate them in any way.

The protected folder (lockbox) is hidden from all other users and applications on your computer; including the Administrator and the System. The lockbox (protected folder), is impossible to access not only from the local computer, but also from the Internet.

Following the on-screen instructions makes this program extremely easy to setup and use. The lockbox location, password, and parameters are configured during the easy setup procedure.

After the setup is completed, the lockbox will be hidden and locked until you, as the user, enter the valid password. My Lockbox Control Panel allows you easily change basic lockbox parameters: lockbox location, protection status, and password.

The program is effective, easy to use and best of all – it’s free.

Quick facts:

Very easy to use

Almost any folder on your computer can be password protected

Instant protection – no file scrambling

Lockbox folder is inaccessible even by the system administrators

Lockbox folder is inaccessible both locally and remotely

Lockbox folder can be protected in Windows safe mode

Hotkeys support – you can popup the Control Panel with a keystroke

Skinned user interface

Freeware

System Requirements: Windows 2000, XP, 2003 Server, Vista

Download at: Download.com.

Elsewhere in this Blog there is a review, and file download, for a similar type of program that encrypts, as well as conceals your files. The following is part of the review for this open source free program… “T r u e C r y p t is a free open-source disk encryption program for Windows and Linux, which creates a virtual encrypted disk within a file and mounts it as a real disk. The program automatically and transparently encrypts in real time”.

Go here for the full review of T r u e C r y p t and the file download.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.