Think BEFORE You Click! – How Hard Is That?

HARD, apparently.

I recently repeated a small experiment (for the third year in a row), with a group of “average computer user” friends, (12 this time around), and I was disappointed to see (once again), that the conditioned response issue to “just click” while surfing the web, was still there.

Still, I’m always hopeful that reinforcing the point that clicking haphazardly, without considering the consequences – the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information – would have had some impact. Apparently not.

But, I haven’t given up. I’m prepared to hammer them repeatedly until such time as I can make some progress. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

They’re not alone in their “clicking haphazardly” bad habits. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It can be argued, that our “just click” mindset poses the biggest risk to our online safety and security. In fact, security experts argue, that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the types of files that are clearly dangerous. However, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

• Trojan horse programs
• Back door and remote administration programs
• Denial of service attacks
• Being an intermediary for another attack
• Mobile code (Java, JavaScript, and ActiveX)
• Cross-site scripting
• Email spoofing
• Email-borne viruses
• Packet sniffing

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

A point to ponder:

Since it’s proven to be difficult to get “buy-in” on this – “think before you click safety strategy” – I generally ask the question – do you buy lottery tickets? Not surprisingly, the answer is often – yes. The obvious next question is – why?

The answers generally run along these lines – I could win; somebody has to win;……. It doesn’t take much effort to point out that the odds of a malware infection caused by poor Internet surfing habits are ENORMOUSLY higher than winning the lottery and, that there’s a virtual certainty that poor habits will lead to a malware infection.

The last question I ask before I walk away shaking my head is – if you believe you have a chance of winning the lottery – despite the odds – why do you have a problem believing that you’re in danger on the Internet because of your behavior, despite the available stats that prove otherwise?

Way To Go WOT! – Now Protecting 30 Million Users

The Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel.

It’s hardly surprising then, that an enormous industry (no, not big, not large – but, enormous) has developed, based on the principal that technology can act as a counterfoil  to the most nefarious cyber criminal schemes. Criminal schemes which are, after all, technology driven.

I’ll leave it to you to decide if this has been an effective solution.

No matter the side you come down on regarding this complex issue, dancing around naked (so to speak ) on the Internet – that is, without adequate Browser protection, is akin to fumbling and stumbling through the toughest neighborhood in your area – after dark.

Internet security starts with the Web Browser (it does not end there – but, one step at a time), and WOT (Web of Trust, which passed the 30 million user mark yesterday – January 9, 2011), substantially reduces the risk exposure that comes with wandering through the increasingly risky neighborhood that the Internet has become.

Based on the way that I surf the Web, there’s no contest as to which of the 17 add-ons I have installed on Firefox, is most important to my piece of mind. The hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust).

Sure, that’s a pretty bold statement – but, since I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet, I’ll go with it.

If you’re not yet a WOT user, read the following in-depth review – you may reconsider.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 35 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

Valentine’s Day = Cyber Crooks And Malware Love

Love in Your Inbox – Malware on Your Computer

It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cyber crooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

It would be difficult for regular readers of this site not to be aware, that I write consistently on the importance of Internet Browser protection.

In fact, we’ve covered 20 or more Browser add-ons here in the past few weeks – from add-ons that add functionality, to those that promise to provide additional security.

All this coverage of Browser add-ons rattled my Brain somewhat, and got me thinking about the single most important add-on I have installed – the add-on I couldn’t do without.

Based on the way that I surf the Web, there was no contest. Of the 17 add-ons I have installed on Firefox, the hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust). I don’t think I’m alone in this assessment.

I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet.

In fact, just under 6,000 Tech Thoughts readers have installed WOT in the last two years – according to today’s download stats.

And why not. Security starts with the Web Browser, and WOT substantially reduces the risk exposure, that comes with wandering through the increasingly risky neighborhood that the Internet has become.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 30 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Malware Avoidance Lesson Number One – Think BEFORE You Click!

I recently repeated a small experiment with a group of “average computer user” friends, (about 16, or so), and I was disappointed to see that the conditioned response issue to “just click” while surfing the web, was still there. This, despite my long battle to get them to modify their online behavior.

I assumed that endlessly reinforcing “clicking haphazardly, without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information”, would have had some impact. Apparently not.

But, I haven’t given up. It appears it will take even more repetition before progress can be made. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

My friends are not alone in their “clicking haphazardly” bad habit. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It’s now well established, that our conditioned human responses pose the biggest risk to our online safety and security. Our curiosity, coupled with our conditioned responses can often override our common sense, so it’s not unusual for people to open an email attachment, for example, despite knowing that the attachment could be a virus, or another form of malware.

Security experts argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

• Trojan horse programs
• Back door and remote administration programs
• Denial of service attacks
• Being an intermediary for another attack
• Mobile code (Java, JavaScript, and ActiveX)
• Cross-site scripting
• Email spoofing
• Email-borne viruses
• Packet sniffing

You can do them an additional favor, by pointing them to  Comodo’s YouTube channel, Really Simple Security, where they can learn the basics of Internet security in a  constructive, yet lighthearted way.

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

I Got a Malware Infection and It’s YOUR Fault!

Your lack of Internet security awareness hurts both you, and me.

What you don’t know can’t hurt you, right? If you believe that, I have a bridge in Brooklyn you might be interested in buying.

Arguably, there are people who actually believe this nonsense statement, and that’s fair enough. For those who do believe this old truism, I have news for you. Bad news.

It’s simply this – if you are an unaware computer user, you simple don’t know, what you don’t know, when it comes to adequately protecting yourself – and by extension, me – on the Internet.

Fact: The majority of computer users are undereducated when it comes to recognizing the dangers and threats that the Internet poses to their computers, and to their personal privacy.

Fact: If your computer is inadequately protected while you surf the Internet, you increase the probability that at some point, I will be victimized!

Fact: The more infected computer systems that are attached to the Internet, the larger the attack surface is for cyber-criminals to use these infected machines in an attempt to infect my system.

While the results of a survey completed by security provider McAfee Inc, are slightly dated, nevertheless the results continue to be consistent with my personal anecdotal evidence.

The fact remains – a significant number of computer users lack adequate security knowledge, operate computers with security software that is incomplete, or dangerously out of date.

Highlights of the McAfee survey:

Ninety-two percent of those surveyed believed their anti-virus software was up to date, but in fact, only 51 percent had updated their anti-virus software within the past week.

Seventy-three percent of those surveyed believed they had a firewall installed and enabled, yet only 64 percent actually did.

Approximately 70 % of PC users believed they had anti-spyware software, but only 55 percent actually had it installed.

25% of survey participants believed they had anti-phishing software, but only 12 percent actually had the software.

60% lacked software to protect their privacy.

52% were unaware of their browser’s security/privacy settings.

Where do you fit in all this?

Computer security, on or off the Internet, but especially while surfing the Internet, has to be a priority; it cannot take a back seat. It needs to be first and foremost in computer users’ minds as they interact with the Internet.

Governments worldwide, now seem to be addressing this issue, since the potential for mass disruption of critical services, which by extension would/could have severe consequences on national security, are potentially impacted by unsafe practices, or inadequate security, at the home computer level.

Richard Harknett and James Stever, both political science professors at the University of Cincinnati, recently wrote in the Journal of Homeland Security and Emergency Management –

“The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.”

I’m not in the business of forecasting the future – I deal with present day realities, but I’ll say this – unless there are substantial voluntary changes in personal computing behavior, governments will be forced to enact rules governing that behavior. They’ll have no choice.

In the meantime, it may well be that you need to take the time to survey your computer to insure that all relevant security applications have been installed, are up to date, and are operating correctly.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

An Anti-malware Test – Common Sense Wins

I’ve just finished an anti-malware test that lasted for just over a year. For this test, I took a test machine, running Windows XP Professional, which I did not shut down, or reboot, for 373 days.

For 373 days, the machine was continuously wired to the Internet and each day, was used for active surfing and general computer use, including email, downloading applications, and so on.

During the test period, the installed anti-malware applications were patched and updated, as was the operating system. Common sense; right?

However, I did not run a single anti-malware scan of any description, since not doing so, was part of the objective of the test.

The overall purpose of the test was to determine if common sense plays a role in protecting a computer user against viruses, adware, spyware, hackers, spam,  phishing, and other Internet frauds.

Let me be clear, this test is in no way scientific, but instead, is a rather simple test on the importance of common sense in using a computer attached to the Internet.

Installed Anti-malware applications:

ZoneAlarm Firewall (free edition)

Spyware Terminator (free edition)

Avira Antivirus (free edition)

ThreatFire (free edition)

SnoopFree Privacy Shield (freeware)

WinPatrol (free edition)

Firefox – not strictly an anti-malware application, but…..

WOT

During this very extensive test run, the machine showed no indication of a malware infection; at least by normal observation (since I didn’t run any scans), – no system slowdown; no unusual disk use; no unusual Internet activity; no security application warnings.

In addition to practicing common sense in terms of not visiting the class of web sites that are known to be dangerous – porn sites; salacious news site; Facebook; MySpace; and so on, I absolutely adhered to the following.

I did not:

Download files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Click links in instant messaging (IM) that had no context, or were composed of only general text.

Download executable software from web sites without ensuring that the site was reputable.

Open email, or email attachments, from unknown people.

Open email attachments without first scanning them for viruses.

Open email attachments that ended in a file extension of .exe, .vbs, or .lnk.

Visit any site not shown as safe by WOT.

After 373 days (the end of the test period), I then ran multiple scans using the onboard security applications. The end result – not a single incidence of infection, malware, or an unwanted application.

It’s clear, at least to me, that by using common sense and updating both applications and the operating system, not visiting the class of web sites known to be unsafe, not clicking haphazardly and opening the types of files that are clearly dangerous, and being aware of the hidden dangers on the Internet, the dividends were measurable.

This was a long boring test, but it proved to me, that using common sense reduces the substantial risks we all face while surfing the Internet, regardless of the antispyware, antivirus, and the other Internet security applications installed.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Free Returnil Virtual System 2010 Home

If you read yesterday’s principal post (Download Shadow Defender – Virtualized Intrusion Prevention), you’ll remember we discussed operating system virtualization. Specifically, controlling malware intrusion through the use of a ‘”virtual” environment, rather than operating in a “real” environment.

Shadow Defender, the virtual environment application we focused on is, by no means, the only solution designed to create a virtual environment, as a number of readers pointed out.

The alternative application most mentioned by readers (all of whom are frequent commenter’s, and high level users), was Returnil Virtual System. I’m not surprised; I’ve tested this application in the past and use it on one of my test platforms. I’ve long considered Returnil a worthwhile addition.

There are a number of differences between Shadow Defender and Returnil Virtual System:

Returnil Virtual System is a FREE application.

Returnil Virtual System creates the virtual disk in memory (RAM), rather than on the Hard Disk (there may be a speed advantage to this method).

Returnil Virtual System incorporates an anti-virus. This seems to me to be overkill.

Shadow Defender allows system changes to be permanently saved to disk. Using Returnil Virtual System, you must first create a virtual disk.

Similarities:

Both provide an intrusion prevention system that is non-intrusive, prevents damage from intrusions, and malicious software: viruses, worms, spyware, key loggers, etc., and after initial setup, requires a minimum of user intervention.

From the developer’s site:

Returnil Virtual System’s protection concept is very easy to understand. It provides an impenetrable, yet extremely simple to use mechanism to prevent unwanted or malicious changes from being made to your supported Windows Operating System and the drive where Windows is installed.

You operate a copy of your system in a virtual environment, so anything you do will happen in the virtual environment, to the copy, and not to the real operating system.

If your computer is attacked or gets infected with malware, all you need to do is simply restart your PC to erase all changes induced by it. Once restarted, the working-copy of your system is renewed, enabling you to go on working as if nothing ever happened.

At the same time, Returnil Virtual System can create a virtual storage disk for you; the purpose of this storage space is to provide a place for you to save your data when the System Safe (Virtual System) mode is turned ON. You can customize the size of this disk to meet your individual requirements.

When the System Safe (Virtual System) protection is OFF, you can install or remove programs, save documents within the Windows disk drive, install security upgrades and software patches, alter configurations, and update user accounts. All changes made will remain following a restart of the computer.

Both applications incorporate a simple, easy to understand, “follow the bouncing ball” user interface as the following Returnil Virtual System screen captures illustrate.

Fast facts:

Keeps your system safe when connected to the Internet

Viruses, Trojans, Worms, Adware, Spyware, Keyloggers, Rootkits and unwanted content disappear with a simple reboot

Enforces settings and protects your Internet privacy

Helps reduce overall disk wear by copying and operating your system from memory rather than the hard disk

Saves time and money by considerably speeding up the system

Reduces or eliminates the need for routine disk de-fragmentation

Leaves absolutely no traces of computer activities

Eliminates the dangers of evaluating new software

Seamless integration with supported Windows Operating Systems

Easy to use, simple to configure, and the one tool in your arsenal that will be there to save the day when all else fails

System requirements: Windows XP, Vista, Server 2008, Win 7 (32-bit/64-bit all)

Supported Languages: English, Japanese, Chinese (Simplified), Chinese (Traditional), Korean, German, Italian, Spanish, Russian, Polish, Dutch, Czech, Finnish, Portuguese.

Download at: Returnil

A number of readers made mention of Comodo Time Machine, a worthwhile free system restore utility. Popular guest author, Rick Robinette, has a very informative article over on his site, What’s On My PC – Comodo Time Machine – A Powerful System Restore Utility. I encourage you to read this article.

As well, Tech Paul (one of my daily reads), has just posted an article, Time Travel Fights Infection, in which he discusses the concept of virtualization. I encourage you to read this article to get another view on this technology.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Shadow Defender – Virtualized Intrusion Prevention

Shadow Defender is an intrusion prevention system that is non-intrusive, and after initial setup, requires a minimum of user intervention – perfect for the average user.

Simply put, Shadow Defender, when active, creates a virtual environment on your computer by redirecting all changes to your system to an unused location on your Hard Drive. At, or before shut down, these system changes can be permanently saved to disk, or completely discarded.

Virtualization can be analogous to – “now you see me; now you don’t”, or “you think you can see me, but I’m not really here”. By handling security in this way, Shadow Defender prevents damage from intrusions, and malicious software: viruses, worms, spyware, key loggers, etc.

A case in point:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in a “virtual” environment with Shadow Defender active; operating in Shadow Mode, the system changes made by this parasite could be completely discarded, since the attack occurred in the, “I’m not really here” environment .

A system reboot would restore the system to the original state, as if the attack had not occurred.

So what’s Shadow Mode?

Shadow Defender clones an independent system platform with the same configuration, and functions,  as the existing system. The important difference between “normal mode”, and the shadow mode is: everything in Shadow Mode, including the file/s you downloaded, the document/s you created, or the settings that you changed, will disappear when you exit Shadow Mode.

The user interface is “follow the bouncing ball” simple as the following screen captures illustrate.

Since I’m not a fan of application auto start, I configured this application to start on an on demand basis – only at Browser launch.

At the following screen, I set the application to protect both partitions on my Hard Drive. Simple.

If a user choose to run Shadow Defender on a continuous basis, an option is available to exclude specific files and folders. Remember, since all downloaded files, all created documents, and all system changes will disappear when the user exits Shadow Mode, unless excluded, this is a critical option.

The administration screen allows the user to fine tune the application to their specific needs including allowing/disallowing auto start at boot.

Fast facts:

Prevent all viruses and malware.

Surf the internet safely and eliminate unwanted traces.

Protect your privacy.

Eliminate system downtime and maintenance costs.

Reboot to restore your system back to its original state.

Maintain a system free from malicious activity and unwanted changes.

Test software and game installations in a safe environment.

Protect against unwanted changes by shared users (suitable for workplaces and educational institutions).

During a quick test, I downloaded application files, video files, moved files between partitions, wrote and saved test documents, and made minor system changes with Shadow Defender active. On reboot, no changes were evident.

System requirements: Windows 2000, XP, Vista (32-bit), Windows 7 (32-bit and 64-bit).

This application is not freeware but you may download a 30 day trial version at: Shadow Defender

Purchase Price $35.00

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.