Your Home Is As Secure As Your PC…Right?….WRONG!!

Is your home as secure as your computer?  If your answer is “Yes it is”, then you are WRONG.   

For your computer security you have installed all the recommended security programs and a Firewall, set all of your software to download updates as they become available, and your computer is now as secure as possible. But have you added the equivalent protection to your home?

A reporter with WMC-TV memphis discovered that all the locks you have carefully installed and use, won’t keep a thief out of your home.  The tecnique used to enter your home is called “Lock Bumping”. The following video from WMC-TV Memphis demonstrates how insecure your home is despite the locks you have installed. You will be taken to YouTube when you click the following link:

Lock Bumping and Bump Keys

 After watching the video and finding out how easily a thief can break into your home, you should be concerned or even a little afraid.  As a service to its viewers, WMC-TV also posted another video giving you some

Solutions To Lock Bumping

to help you secure your home at a reasonable cost. There are other videos on the site that give more detailed information about Lock Bumping.  Check your security today, both on your PC and in your home!

 

 



Wireless Computing and Security

 Have you joined the wireless world?  Many people think of wireless technology as applying only to computers.  If you have a cordless phone, a garage door opener, GPS in your car, a satellite hookup for your TV, or a cell phone, then you have been using wireless technology as long as you’ve been using those items.  Surprised?  Many people are when they realize they have been using a cordless phone or garage door opener, for several years. 

In the computer world you have Laptops/Notebooks,  PDAs (personal digital assistants), wireless keyboards and mice and anything else that inter-connects without wires or batteries, that is related to a computer.

The one thing most people don’t realize is that using any of the above devices creates it’s own security problems.  Anyone using a cordless phone should realize that their phone calls can be intercepted.  Most people have no reason to worry about whether someone is listening to their calls, but there are occasions when the information discussed in a phone call is so sensitive that they should not be using a Cordless phone or cell phone to make the call.  Would you want a call to your bank intercepted? or A call to your physician? or  A call to your lawyer?  Businesses are more at risk than the average person because sensitive information is often discussed by phone, but more businesses are becoming aware of how insecure using wireless technology actually is.

If you use wireless technology, you should be aware of the Security necessary to keep your interactions over the device secure.  No matter what wireless equipment you want to use, there is wireless technology available for someone who wants to listen or steal the information you are sending over that specific equipment. Now, the information sent by a garage door opener isn’t particularly sensitive but people use phones, laptops, PDAs, keyboards etc., to exchange sensitive information with others that they don’t want to share with others. This is especially true over the Internet.

If wireless computing is in your future, make sure you pay as much attention to Security for the device as you do to choosing and purchasing a laptop.  For different ways of making sure your wireless computing is secure, please read  Wireless Security – A Timely Topic,    Wireless – Why Do I Need Security?  and  Wireless Security – How To Protect Yourself.  If a cell phone, cordless phone, wireless keyboard or mouse or any other devices is in your future, then the some security information about these devices is in   Wireless – Bluetooth Device Security.

 Securing and Protecting yourself and your information should be at the top of your list, before using the wireless device you have chosen. Sadly in this computer age, security and protection are becoming absolutely necessary before we can enjoy our ‘electronic toys’.  Identity Theft is one of the fastest growing evils of the 21st century. 

 

Malware Meant To Destroy Your Life As You Know It

 Almost 2 years ago I wrote the first article called Protection For Your PC and the second Protection For Your PC – Part 2 almost 6 months ago.  All of that information, though 6 months and 2 years old respectively, applies today. However, in the past 2 years since I wrote the first article, the nasties have become nastier, the ID theft more rampant, and the scumware writers more adept at creating Spyware, Malware and other Scumware that is harder to detect and more invasive into your private life.






 






Though gains have been made against this evil that has entered our lives with the computer age, there are still plenty of scumware writers out there producing junk to make your life miserable. The scumware writers took a hit when Microsoft introduced Vista last year, but they are rapidly trying to get back their hold on the Internet and more needs to be done to stop them. 






 








The next article in the series: “Protection For Your PC – Part 3” is here today.  In it I have focused on the worst and most malicious of today’s Malware, because it is the most damaging for the innocent computer user and web surfer.  This particular type of Malware surfaced in the fall of 2005 and is much more difficult to recover from than the advertising  popups, the spyware that tracks your online surfing habits, and the take over of your computer by an infection so that you are unable to surf the internet.  This type of Malware steals your identity and takes over your life, not just your PC. 



 



Please read Protection For Your PC – Part 3  for an update to my previous articles and added information on Securing your PC.  Other articles on PC security will follow.



 



 






Protection For Your PC – Part 3



 Almost 2 years ago I wrote the first article called Protection For Your PC.  and the second  Protection For Your PC – Part 2  almost 6 months ago.  All of that information, though 6 months and 2 years old respectively, applies today. However, in the past 2 years since I wrote the first article, the nasties have become nastier, the ID theft more rampant, and the scumware writers more adept at creating Spyware, Malware and other Scumware that is harder to detect and more invasive into your private life.


Though gains have been made against this evil that has entered our lives with the computer age, there are still plenty of scumware writers out there producing junk to make your life miserable. The scumware writers took a hit when Microsoft introduced Vista last year, but they are rapidly trying to get back their hold on the Internet and more needs to be done to stop them. 

 

An evil that was in its infancy a little over 2 years ago, has now been perfected by the scumware writers to be a large part of the Malware on the internet.  Rootkits are what I am talking about here, as well as RATs (I know everyone uses acronyms these days but I will explain what they mean.):

 
A Rootkit is computer code designed to hide other computer code (usually malicious) inside it. If you have a rootkit on your system, it will load before Windows loads in the boot-up sequence, preventing Windows from ‘seeing’ it so that it will not appear in the File Manager or be under the control of your Windows OS.  The rootkit then can operate independently of Windows even taking control of Windows.   Rootkits have been used for non-malicious purposes for quite some time, but in this day and age they are used almost exclusively by the scumware writers to make your life miserable. 

 

As I said above,inside a Rootkit  is malicious computer code which could be anything: adware, spyware, or a program designed to irritate you with pop-ups, and though it is not good for you, they are less malicious than the inner code that is so destructive these days: RATs (Remote Access Trojans).  

 

RATs (Remote Access Trojans), are also called ‘backdoor trojans because they  open a ‘backdoor’ on your system. Once open, all of your private information flows through this backdoor out to the internet without leaving a trace on your PC.  The author of the RAT receives your personal identifying information, usually including financial details, credit cards number(s), bank account(s), passwords, and all other sensitive information on your hard drive. When they get this, they then have the ability to impersonate you, use your credit card(s), empty your bank account(s) and even commit future crimes IN YOUR NAME while using your identity.  This is a very lucrative business for them because they can also sell your personal information on the Black Market getting large sums of money for the information.

 

You ask “How does a Rootkit or RAT get into my computer?”.  The answer is “easily”.  They can be downloaded as part of a software package or in an email, they can be a result of an attack by a trojan, or by you clicking on a link or an innocuous banner or advertisement on an infected web page and lastly by a Drive-By download.  A drive-by download occurs when you innocently visit an infected website and the website automatically downloads some computer code to your PC. This is all done silently, without you knowing any of it has occurred.  You find out only when you receive the bills from your credit card company or check your bank account to find nothing there.


By now you are either afraid of  Rootkits and RATs, or you are doubting that this will happen to you.  You should take the high road and be afraid rather than taking the position that it won’t happen to you. Many people who doubted their vulnerability to this form of Malware, are now trying to put their lives back together after losing everything. Yes EVERYTHING!  A criminal who dropped a RAT on their PC through one form or another, has maxed-out their credit cards, emptied their bank accounts, cashed in their retirement funds, sold their house, car(s) and other assets, as well as impersonated them anywhere the criminal could possibly get money in the victim’(s) name, leaving the innocent victim penniless and living a NIGHTMARE.

 

Now that I have your attention, there are some easy ways for you to practice safe computing.  These methods are never 100% effective, but they definitely lower your risk of infection, significantly. You are the only person who can prevent this happening, because you are the one who can take the necessary precautions. The first line of defense is the easy part. 

 
For your computer:


1.
     Keep all of your software up-to-date including Windows, Office and all your         third party programs.

·        Download and install all the patches as soon as you are notified of them.

·        If there is a new version of a software program that you have on your PC,         download and install it, immediately.

·        If you hear of a work-around for a vulnerability that has not been patched         yet from a reputable source, use it.

 

2.     set your Antivirus software to update automatically either continuously or daily.     If you do that, you will find that when there is an update you will get it when it     is released.

3.     obtain an AntiSpyware program that you can run at least once a week to             check for any malware on your system.

·         Keep the AntiSpyware program
up-to-date as often as your AV program.

4.    Make sure you have a Firewall

·         if possible have a
bi-directional Firewall so that it will notify you if there is a file or
program on your PC attempting to contact the internet. Many programs like web
browsers and email have to contact the internet to function, but it is the
other programs that you need to watch.

·          set the updates for your Firewall the same as your AV software, so if  an update is released you can download and install it immediately.

5.     If you use XP, make sure it is SP2.

·         Upgrade to Sp2 as necessary and
keep it up-to-date.

6.     Upgrade IE 6.0 to IE 7 for better security.

·         Download and install all
updates for IE 7






7.     In both Windows XP and Vista you can use a  hosts file to protect your computer. The hosts file prevents your computer from connecting to any of the bad sites that are listed in it. Please see the instructions for both  XP and Vista here  






 






For Email:






 






1.     Use the most updated copy of your Email program.






2.     If a new version of your email program is released, download and install it as soon as you hear about it.






3.     Use a spam filter in your email program but **make sure you check the spam folder for email that you want that has been marked spam in error.**






4.     Hover your mouse over the links in any email and check the URL in the status bar of your email client. You will often be able to determine if the link is legit in this way.






5.     Don’t click links in the emails you receive, even if the email is from someone you know they will often redirect you to a bad site. Phishing emails are often sent from someone in your address book because they have been previously infected with the scumware.






6.     Watch for phishing emails from places that you deal with such as eBay or PayPal. If you check in your account messages at that particular website eg My Summary/Messages at eBay you will find a copy of the email, if it is legit.






 






For Safe Surfing:






1.     Do not click on banners, advertisements or links on a webpage unless you know where the link is going to.






2.     Hover your mouse over any link, banner or advertisement and look at the URL that will appear in the status bar of your browser to make sure the link is taking you to a safe website.






3.     Even if a website is supposed to be safe, it may have been infected with scumware and links to the bad sites embedded in the pages. Be aware of this so that you will notice anything that is abnormal.






4.     Surf with caution, anything that seems odd probably is. Avoid ignoring your ‘gut feelings’ about something on the internet, if you think it might be bad, then don’t go there.




5.  There are many more things you can do to keep yourself safe while surfing but they are for another article.








 






Not every infection is a Rootkit or RAT, and not all will require a format, there are many out there that don’t.  If you think your PC is infected, the first thing you need to do is get help!  There are a number of forums staffed with trained volunteers that are there to help you identify what has caused your infection and help you clean your computer.  Unfortunately, these forums can be very busy and often are backed up with other victims.  It sometimes takes time before you receive the help you need, but bear in mind, the staff are volunteers and you will get their undivided attention, when they get to your problem.  A list of these forums is located here




Please follow the instructions you find at each forum, as not all are the same.  Then post what the forum has asked for, your problem, and any helpful information you can think of. Then sit back and wait for a staff member to help you.  In my experience, those that tried to clean their own PC without help, ended up spending far more time than they would have if they had waited for help. Their PC ends up in a far bigger mess than if they had waited at the beginning and it takes much longer to clean their computer than it would have, had they waited.  Often the victim has complicated things by running every available tool they could find, which has removed  vital information that would have led the helper to the correct information on the original infector shortening the cleaning process significantly. A helper will be able to tell you if your computer requires a format, or if it can be cleaned simply with specific tools the helper knows.






 






After your computer is cleaned or you have formatted, we would appreciate hearing all about it at Malware Complaints.  We are a forum that helps you fight back against the scumware writers that have made your life he**.  We help you write letters to the media and your government asking for legislation to prevent the criminals from taking over the Internet, allowing all innocent people to surf safely without fear of infection.  Please StandUp and Be Counted To Fight Back against  this scourge of the Internet






 






I will be following with articles about Identity Theft, Rootkits and RATs. Please stay tuned…






 






 






 

But My OS is Linux, I don’t need security! …or do I?

 People who use Linux as an Operating System, often say they don’t need to protect their computer from Malware,Spyware, Adware, Identity Theft etc etc. because they believe Linux is not at risk partly because it is not  the main target of the scumware writers.  Well they are wrong.  The Malware writers are increasingly aiming at the alternate OS’s with their scumware because it is more of a challenge now than Windows. Every hacker/cracker writes scumware for Windows, not every hacker/cracker writes for Linux. BUT the day is coming folks when Linux will be as heavily infected as a Windows OS.  Many of the Security recommendations are the same as they are for Windows, but there are also unique

Minimal protection for a Linux System is:


  • a firewall such as  Smoothwall Express  or SmoothGuardian  which is a commercial firewall with more advanced features. Please read   A Linux Firewall Primer  for a discussion of the use of Firewalls in Linux
  • the National Security Agency of the US government has been researching the use of firewalls in Linux.  This research of  Security-Enhanced Linux has resulted in the development of the SELinux firewall, and several versions available for download making this an excellent site for security information related to the Linux OS.
  • an Antivirus program to prevent viruses from infecting the Windows computers that connect to your system several are discussed in Antivirus Solutions For Linux  
  • Keeping the OS up-to-date is as important with Linux as with Windows to prevent any vulnerabilites in the Linux core OS remaining unpatched
  • run the OS as a ‘Limited User’ rather than as ‘Administrator’ will prevent many infections from taking over your system.

For an excellent article about Security on a Linux system including why
it is necessary and measures you can take beyond the above, to protect
yourself please read:    Best Practices For Securing Your Linux System.

Are You A Student Bound For College? Do You Want A Secure P.C.?

Today I became aware of a new FREE e-book for students entering college. It could also be useful to High School students in the upper grades because they have reached the point where their computing needs have become much more demanding.



 



This e-book titled “Safe Computing For The College Bound”  was written by fellow Microsoft MVP Dan Appleman, a software developer and author of several books on technology and security.  In it is advice for the teenager who is a student who is headed off to College, on buying a computer.  Among other things, he discusses laptops and desktops and how to choose the best computer for you.  After he discusses the options in computers, he focuses on security for your computer in a college atmosphere.   He also advises the best way to keep your computer secure while you are away at College and  also covers the rules and regulations you are likely to find for the Computer Networks at College.



 



“Safe Computing For The College Bound” is a free e-book that is likely to give you a good start to finding the right computer for you and learning to keep it safe and secure in a completely different environment than you’ve had before.



 




 Dan Appleman is the founder and CEO of Desaware Inc. and co-founder of APress  and also maintains a blog. He has written several books including Moving to VB.NET: Strategies, Concepts and Code and maintains his website Always Use Protection: A Teen’s Guide to Safe Computing


 


Take some time to read his latest e-book “Safe Computing For The College Bound”, and learn what to expect in computing when you get to College. It may prevent you becoming a victim of Spyware, Malware, or any of the other evils roaming the Internet!

Time For The Beach To Take A Vacation

 

Many Canadians at this time of year crave the beach because of the long winters here.  Unlike them, I love winter, especially when we have lots of snow.  Outside it is so clean and fresh looking, the air is cold and crisp, the nights so peaceful and quiet.  It is naturally beautiful.  As much as I like the beach, living in a country where each of the four seasons are different, I appreciate them all. So for now, winter will be my blog theme.

 

The temperature outside my house is -20 degrees celsius (-4 degrees fahrenheit) and I think that the beach at the top of my blog was a little inappropriate.  I went looking for a nice winter picture to replace the beach and found it with MSN search.  After altering it to be a banner for my blog, I posted what I think is reflective of a Canadian winter.  The weather will remain cold for only a day or two but winter and snow will be around for several months yet.  Enjoy!

 

A good friend Corrine  helped get me moving on this project, by pointing out that my links to other MVP’s blogs, were sorely outdated.  When I logged in to make the necessary changes, I decided it was time for a change. I thank her again for her help. I don’t know what I would do without her!

 

With this update to my blog, I hope to bring you new information in the next while that will help prevent you from becoming a victim of Spyware, Adware, Malware, Viruses, Trojans etc etc.   These threats are still very active and every time you connect to the internet, whether it be by email, or surfing the Internet, you put yourself at risk. 

 

My only advice today is to Protect yourself, Protect your computer etc! etc! etc!  Get that Antivirus program up-to-date! Get that Anti-Spyware program up-to-date!  Set your protection programs on automatic and have them checking for updates hourly.  Keep that Firewall at High at all times and if you let someone send you a file, scan it before opening.   If you receive an email from someone you don’t know, or even someone you know, be cautious opening it.  Scan all attachments before opening them.  Remember to Protect yourself, Protect your computer! Protect your Identity!

A New Year Full Of Promise

Happy New Year to one and all!  2008 is the year we are going to gain an edge on Malware and begin wiping this scourge from the Internet! 

With the armies of people fighting the Malware we have to gain an edge at some point, and 2008 is as good as any year.  The antispyware forums, software developers, Microsoft, the media, and government awareness of the problem, is growing. Ordinary people surfing the Internet are becoming more aware of the implications of surfing the internet without protection. They are protecting themselves with Firewalls, Antivirus and Antispyware programs and keeping them up-to-date.  Microsoft has taken a large step forward into secure computing with the advent of Vista in 2007.

 Having a positive attitude can work wonders!  I hope  that on January 1, 2009 I can look back at this blog and see that my predictions for 2008 were true.  There are simple things each person can do to ensure their safety on the Internet:

  • every individual learns about safe-surfing techniques
  • every parent teaches their children how to protect themselves on the internet
  • every parent uses Parental Control programs to protect their children from websites they shouldn’t visit.
  • each and every person makes security of their PC the most important aspect of computing
  • each and every person follows the instructions on the Microsoft Security At Home Website to keep their PC safe.
  • most importantly each person who uses a computer becomes aware of the risks of not protecting their PC. 

 If everyone who uses a computer does the above, my predictions for 2008 can become reality!

 

On the other hand, if my predictions fall short and you become infected with malware, please visit Malware Complaints  to tell your story.  Visiting Malware Complaints  will broadcast your difficulty to those that can change laws and help all people who surf the Internet, toward the day when this scourge no longer exists!


 

 

Stand Up and Be Counted