Your Home Is As Secure As Your PC…Right?….WRONG!!

Is your home as secure as your computer?  If your answer is “Yes it is”, then you are WRONG.   

For your computer security you have installed all the recommended security programs
and a Firewall, set all of your software to download updates as they
become available, and your computer is now as secure as possible. But have you added the equivalent protection to your home?

A
reporter with WMC-TV memphis discovered that all the locks you have
carefully installed and use, won’t keep a thief out of your home.  The
tecnique used to enter your home is called “Lock Bumping”. The
following video from WMC-TV Memphis demonstrates how insecure your home
is despite the locks you have installed. You will be taken to YouTube when you click the following link:

Lock Bumping and Bump Keys

 After
watching the video and finding out how easily a thief can break into
your home, you should be concerned or even a little afraid.  As a
service to its viewers, WMC-TV also posted another video giving you
some

Solutions To Lock Bumping

to
help you secure your home at a reasonable cost. There are other videos
on the site that give more detailed information about Lock Bumping. 
Check your security today, both on your PC and in your home!

 

 


Wireless Computing and Security

 Have you joined the wireless world?  Many people think of wireless
technology as applying only to computers.  If you have a cordless
phone, a garage door opener, GPS in your car, a satellite hookup for
your TV, or a cell phone, then you have been using wireless technology
as long as you’ve been using those items.  Surprised?  Many people are
when they realize they have been using a cordless phone or garage door
opener, for several years. 

In the computer world you have
Laptops/Notebooks,  PDAs (personal digital assistants), wireless
keyboards and mice and anything else that inter-connects without wires
or batteries, that is related to a computer.

The one thing most
people don’t realize is that using any of the above devices creates
it’s own security problems.  Anyone using a cordless phone should
realize that their phone calls can be intercepted.  Most people have no
reason to worry about whether someone is listening to their calls, but
there are occasions when the information discussed in a phone call is
so sensitive that they should not be using a Cordless phone or cell
phone to make the call.  Would you want a call to your bank
intercepted? or A call to your physician? or  A call to your lawyer? 
Businesses are more at risk than the average person because sensitive
information is often discussed by phone, but more businesses are becoming aware
of how insecure using wireless technology actually is.

If you use
wireless technology, you should be aware of the Security necessary to
keep your interactions over the device secure.  No matter what wireless
equipment you want to use, there is wireless technology available for
someone who wants to listen or steal the information you are sending
over that specific equipment. Now, the information sent by a garage
door opener isn’t particularly sensitive but people use phones,
laptops, PDAs, keyboards etc., to exchange sensitive information with
others that they don’t want to share with others. This is especially
true over the Internet.

If wireless computing is in your future, make sure you pay as much attention to Security for the device as you do to choosing and purchasing a laptop.  For different ways of making sure your wireless computing is secure, please read  Wireless Security – A Timely Topic,    Wireless – Why Do I Need Security?  and  Wireless Security – How To Protect Yourself
If a cell phone, cordless phone, wireless keyboard or mouse or any
other devices is in your future, then the some security information
about these devices is in   Wireless – Bluetooth Device Security.

 Securing and Protecting yourself and your information should be
at the top of your list, before using the wireless device you have
chosen. Sadly in this computer age, security and protection are
becoming absolutely necessary before we can enjoy our ‘electronic
toys’.  Identity Theft is one of the fastest growing evils of the 21st century. 

 

Malware Meant To Destroy Your Life As You Know It

 Almost 2 years ago
I wrote the first article called
Protection For Your PC
and the second
Protection For Your
PC – Part 2
almost 6 months ago.  All of that information, though 6
months and 2 years old respectively, applies today. However, in the past 2 years since I wrote the first
article, the nasties have become nastier, the ID theft more rampant, and the
scumware writers more adept at creating Spyware, Malware and other Scumware that
is harder to detect and more invasive into your private life.

 

Though gains have
been made against this evil that has entered our lives with the computer age, there
are still plenty of scumware writers out there producing junk to make your life
miserable. The scumware writers took a hit when Microsoft introduced Vista last year, but they are rapidly trying to get back
their hold on the Internet and more needs to be done to stop them. 

 

The next article
in the series: “Protection For Your PC – Part 3” is here today.  In it I have focused on the worst and most
malicious of today’s Malware, because it is the most damaging for the innocent computer
user and web surfer.  This particular type
of Malware surfaced in the fall of 2005 and is much more difficult to recover
from than the advertising  popups, the
spyware that tracks your online surfing habits, and the take over of your
computer by an infection so that you are
unable to surf the internet.  This type
of Malware steals your identity and takes over your life, not just your
PC. 

 

Please read Protection For Your PC – Part 3  for an update to my previous articles and added information on Securing your PC.  Other articles on PC security will follow.

 

 

Protection For Your PC – Part 3

 Almost 2
years ago I wrote the first article called Protection
For Your PC
.  and the second 
Protection
For Your PC – Part 2
  almost 6 months ago.  All of
that information, though 6 months and 2 years old respectively, applies today.
However, in the past 2 years since I wrote the first article, the nasties have
become nastier, the ID theft more rampant, and the scumware writers more adept
at creating Spyware, Malware and other Scumware that is harder to detect and
more invasive into your private life.

Though
gains have been made against this evil that has entered our lives with the
computer age, there are still plenty of scumware writers out there producing
junk to make your life miserable. The scumware writers took a hit when
Microsoft introduced Vista last year,
but they are rapidly trying to get back their hold on the Internet and more
needs to be done to stop them. 

 

An
evil that was in its infancy a little over 2 years ago, has now been perfected
by the scumware writers to be a large part of the Malware on the
internet.  Rootkits are
what I am talking about here, as well as
RATs (I know everyone uses acronyms
these days but I will explain what they mean.):

 
A Rootkit is computer code designed to hide other
computer code (usually malicious) inside it. If you have a rootkit on your
system, it will load before Windows loads in the boot-up sequence, preventing
Windows from ‘seeing’ it so that it will not appear in the File Manager or be
under the control of your Windows OS.  The rootkit then can operate
independently of Windows even taking control of Windows.   Rootkits
have been used for non-malicious purposes for quite some time, but in this day
and age they are used almost exclusively by the scumware writers to make your
life miserable. 

 

As I
said above,inside a Rootkit  is
malicious computer code which could be anything: adware, spyware, or a program
designed to irritate you with pop-ups, and though it is not good for you, they
are less malicious than the inner code that is so destructive these days: RATs (Remote Access Trojans).  

 

RATs (Remote Access Trojans), are also called ‘backdoor trojans because they  open a ‘backdoor’ on your system. Once open, all of your
private information flows through this backdoor
out to the internet without leaving a trace on your PC.  The author of the
RAT receives your personal identifying information, usually including financial
details, credit cards number(s), bank account(s), passwords, and all other
sensitive information on your hard drive. When they get this, they then have
the ability to impersonate you, use your credit card(s), empty your bank
account(s) and even commit future crimes IN YOUR NAME while using your
identity.  This is a very lucrative business for them because they can
also sell your personal information on the Black Market getting large sums of
money for the information.

 

You ask
How does a Rootkit or RAT get into my computer?”.  The answer is “easily”. 
They can be downloaded as part of a software package or in an email, they can
be a result of an attack by a trojan, or by you clicking on a link or an
innocuous banner or advertisement on an infected web page and lastly by a Drive-By
download
.  A drive-by download occurs when you innocently visit an
infected website and the website automatically downloads some computer code to
your PC. This is all done silently, without you knowing any of it has
occurred.  You find out only when you receive the bills from your credit
card company or check your bank account to find nothing there.


By now
you are either afraid of  Rootkits and RATs, or you are
doubting that this will happen to you.  You should take the high road and
be afraid rather than
taking the position that it won’t happen to you. Many people who doubted their
vulnerability to this form of Malware, are now trying to put their lives back
together after losing everything. Yes EVERYTHING
!  A criminal who dropped a RAT on their PC through
one form or another, has maxed-out their credit cards, emptied their bank
accounts, cashed in their retirement funds, sold their house, car(s) and other
assets, as well as impersonated them anywhere the criminal could possibly get
money in the victim’(s) name, leaving the innocent victim penniless and living
a NIGHTMARE.

 

Now that I have your attention, there are some easy ways for you
to practice safe computing.  These methods are never 100% effective, but
they definitely lower your risk of infection, significantly. You are the only person
who can prevent this happening, because you are the one who can take the
necessary precautions. The first line of defense is the easy part. 

 

For your computer:


1.
    
Keep all of your software up-to-date including Windows, Office and
all your         third party programs.

·       
Download and install all the patches as soon as you are notified
of them.

·       
If there is a new version of a software program that you have on
your PC,         download and install it,
immediately.

·       
If you hear of a work-around for a vulnerability that has not been
patched         yet from a reputable source, use
it.

 

2.     set your Antivirus software to update automatically either continuously
or daily.     If you do that, you will find that when there is
an update you will get it when it     is released.

3.     obtain an AntiSpyware program that you can run at least once a
week to             check for any
malware on your system.

·        
Keep the AntiSpyware program
up-to-date as often as your AV program.

4.    Make
sure you have a Firewall

·        
if possible have a
bi-directional Firewall so that it will notify you if there is a file or
program on your PC attempting to contact the internet. Many programs like web
browsers and email have to contact the internet to function, but it is the
other programs that you need to watch.

·        
 set the updates for your Firewall the same
as your AV software, so if  an update is released you can download and install
it immediately.

5.     If you use XP, make sure it is SP2.

·        
Upgrade to Sp2 as necessary and
keep it up-to-date.

6.     Upgrade IE 6.0 to IE 7 for better security.

·        
Download and install all
updates for IE 7

7.     In both Windows XP and Vista you
can use a  hosts file
to protect your computer. The hosts file prevents your computer from connecting
to any of the bad sites that are listed in it. Please see the instructions for
both 
 XP and Vista here  

 

For Email:

 

1.     Use the most updated copy of your Email program.

2.     If a new version of your email program is released, download and
install it as soon as you hear about it.

3.     Use a spam filter in your email program but **make sure you check
the spam folder for email that you want that has been marked spam in error.**

4.     Hover your mouse over the links in any email and check the URL in
the status bar of your email client. You will often be able to determine if the
link is legit in this way.

5.     Don’t click links in the emails you receive, even if the email is
from someone you know they will often redirect you to a bad site. Phishing
emails are often sent from someone in your address book because they have been
previously infected with the scumware.

6.     Watch for phishing emails from places that you deal with such as
eBay or PayPal. If you check in your account messages at that particular
website eg My Summary/Messages at eBay you will find a copy of the email, if it
is legit.

 

For Safe Surfing:

1.     Do not click on banners, advertisements or links on a webpage
unless you know where the link is going to.

2.     Hover your mouse over any link, banner or advertisement and look
at the URL that will appear in the status bar of your browser to make sure the
link is taking you to a safe website.

3.     Even if a website is supposed to be safe, it may have been infected
with scumware and links to the bad sites embedded in the pages. Be aware of
this so that you will notice anything that is abnormal.

4.     Surf with caution, anything that seems odd probably is. Avoid
ignoring your ‘gut feelings’ about something on the internet, if you think it
might be bad, then don’t go there.

5.  There are many more things you can do to keep yourself safe while surfing but they are for another article.

 

Not every infection is a Rootkit or RAT, and not all will require
a format, there are many out there that don’t.  If you think your PC is
infected, the first thing you need to do is get help!  There are a number
of forums staffed with trained volunteers that are there to help you identify
what has caused your infection and help you clean your computer. 
Unfortunately, these forums can be very busy and often are backed up with other
victims.  It sometimes takes time before you receive the help you need,
but bear in mind, the staff are volunteers and you will get their undivided
attention, when they get to your problem.  A list of these forums is
located
here


Please follow the instructions you find at each forum, as not all
are the same.  Then post what the forum has asked for, your problem, and
any helpful information you can think of. Then sit back and wait for a staff
member to help you.  In my experience, those that tried to clean their own
PC without help, ended up spending far more time than they would have if they
had waited for help. Their PC ends up in a far bigger mess than if they had
waited at the beginning and it takes much longer to clean their computer than
it would have, had they waited.  Often the victim has complicated things
by running every available tool they could find, which has removed  vital
information that would have led the helper to the correct information on the
original infector shortening the cleaning process significantly. A helper will
be able to tell you if your computer requires a format, or if it can be cleaned
simply with specific tools the helper knows.

 

After your computer is cleaned or you have formatted, we would
appreciate hearing all about it at Malware Complaints.  We are a forum
that helps you fight back against the scumware writers that have made your life
he**.  We help you write letters to the media and your government asking
for legislation to prevent the criminals from taking over the Internet,
allowing all innocent people to surf safely without fear of infection. 
Please
StandUp and Be Counted To Fight Back against  this scourge of the
Internet

 

I will be following with articles about Identity Theft, Rootkits
and RATs. Please stay tuned…

 

 

 

But My OS is Linux, I don’t need security! …or do I?

 People who use Linux as an Operating System, often say they
don’t need to protect their computer from Malware,Spyware, Adware,
Identity Theft etc etc. because they believe Linux is not at risk
partly because it is not  the main target of the scumware writers. 
Well they are wrong.  The Malware writers are increasingly aiming at
the alternate OS’s with their scumware because it is more of a
challenge now than Windows. Every hacker/cracker writes scumware for
Windows, not every hacker/cracker writes for Linux. BUT the day is
coming folks when Linux will be as heavily infected as a Windows OS. 
Many of the Security recommendations are the same as they are for
Windows, but there are also unique

Minimal protection for a Linux System is:

  • a firewall such as  Smoothwall Express  or SmoothGuardian  which is a commercial firewall with more advanced features. Please read   A Linux Firewall Primer  for a discussion of the use of Firewalls in Linux
  • the National Security Agency of the US government has been researching
    the use of firewalls in Linux.  This research of  Security-Enhanced Linux has resulted in the development of the SELinux firewall, and several versions available for download making this an excellent site for security information related to the Linux OS.
  • an Antivirus program to prevent viruses from infecting the
    Windows computers that connect to your system several are discussed in Antivirus Solutions For Linux  
  • Keeping the OS up-to-date is as important with Linux as with
    Windows to prevent any vulnerabilites in the Linux core OS remaining
    unpatched
  • run the OS as a ‘Limited User’ rather than as ‘Administrator’ will prevent many infections from taking over your system.

For an excellent article about Security on a Linux system including why
it is necessary and measures you can take beyond the above, to protect
yourself please read:    Best Practices For Securing Your Linux System.

Are You A Student Bound For College? Do You Want A Secure P.C.?

Today I became aware of a new
FREE e-book for students entering college. It could also be useful to High
School students in the upper grades because they have reached the point
where their computing needs have become much more demanding.

 

This e-book titled “Safe Computing For The College Bound”  was written by fellow Microsoft MVP Dan Appleman,
a software developer and author of several books on technology and
security.  In it is advice for the teenager who is a student who is
headed off
to College, on buying a computer.  Among other things, he discusses
laptops and desktops and how to choose the best computer for you. 
After he discusses the options in computers, he focuses on security for
your computer in a college atmosphere.  
He also advises the best way to keep your computer secure while you are
away
at College and  also covers the rules and regulations you are likely
to find for the Computer Networks at College.

 

“Safe Computing For The College Bound”
is a free e-book that is likely to give you a good start to
finding the right computer for you and learning to keep it safe and secure in a
completely different environment than you’ve had before.

 

 Dan Appleman is the founder and CEO of Desaware Inc. and co-founder of APress  and also maintains a blog. He has written several books including Moving to VB.NET: Strategies, Concepts and Code and maintains his website Always Use Protection: A Teen’s Guide to Safe Computing

 

Take some time to read his latest e-book “Safe Computing For The College Bound”,
and learn what to expect in computing when you get to College. It may
prevent you becoming a victim of Spyware, Malware, or any of the other
evils roaming the Internet!

Time For The Beach To Take A Vacation

 

Many
Canadians at this time of year crave the beach because of the long
winters here.  Unlike them, I love winter, especially when we have lots
of snow.  Outside it is so clean and fresh looking, the air is cold and
crisp, the nights so peaceful and quiet.  It is naturally beautiful. 
As much as I like the beach, living in a country where each of the four
seasons are different, I appreciate them all. So for now, winter will
be my blog theme.

 

The
temperature outside my house is -20 degrees celsius (-4 degrees
fahrenheit) and I think that the beach at the top of my blog was a
little inappropriate.  I went looking for a nice winter picture to
replace the beach and found it with MSN search.  After altering it to
be a banner for my blog, I posted what I think is reflective of a
Canadian winter.  The weather will remain cold for only a day or two
but winter and snow will be around for several months yet.  Enjoy!

 

A good friend Corrine 
helped get me moving on this project, by pointing out that my links to
other MVP’s blogs, were sorely outdated.  When I logged in to make the
necessary changes, I decided it was time for a change. I thank her
again for her help. I don’t know what I would do without her!

 

With
this update to my blog, I hope to bring you new information in the next
while that will help prevent you from becoming a victim of Spyware,
Adware, Malware, Viruses, Trojans etc etc.   These threats are still
very active and every time you connect to the internet, whether it be
by email, or surfing the Internet, you put yourself at risk. 

 

My
only advice today is to Protect yourself, Protect your computer etc!
etc! etc!  Get that Antivirus program up-to-date! Get that Anti-Spyware
program up-to-date!  Set your protection programs on automatic and have
them checking for updates hourly.  Keep that Firewall at High at all
times and if you let someone send you a file, scan it before opening.  
If you receive an email from someone you don’t know, or even someone
you know, be cautious opening it.  Scan all attachments before opening
them.  Remember to Protect yourself, Protect your computer! Protect
your Identity!

A New Year Full Of Promise

Happy New Year to one and all!  2008 is the year we are going to gain an edge on Malware and begin wiping this scourge from the Internet! 

With the armies of people fighting the Malware we have to gain an edge at some point, and 2008 is as good as any year.  The antispyware forums, software developers, Microsoft, the media, and government awareness of the problem, is growing. Ordinary people surfing the Internet are becoming more aware of the implications of surfing the internet without protection. They are protecting themselves with Firewalls, Antivirus and Antispyware programs and keeping them up-to-date.  Microsoft has taken a large step forward into secure computing with the advent of Vista in 2007.

 Having a positive attitude can work wonders!  I hope  that on January 1, 2009 I can look back at this blog and see that my predictions for 2008 were true.  There are simple things each person can do to ensure their safety on the Internet:

  • every individual learns about safe-surfing techniques
  • every parent teaches their children how to protect themselves on the internet
  • every parent uses Parental Control programs to protect their children from websites they shouldn’t visit.
  • each and every person makes security of their PC the most important aspect of computing
  • each and every person follows the instructions on the Microsoft Security At Home Website to keep their PC safe.
  • most importantly each person who uses a computer becomes aware of the risks of not protecting their PC. 

 If everyone who uses a computer does the above, my predictions for 2008 can become reality!

 

On
the other hand, if my predictions fall short and you become infected
with malware, please visit Malware Complaints  to tell your story.  Visiting Malware Complaints  will broadcast your difficulty to those that can change laws and help all people who surf the Internet,
toward the day when this scourge no longer exists!

 

 

Stand Up and Be Counted