Security Protection – Harry Waldron MVP Rotating Header Image

Anti-Virus Testing- Android Security Applications NOV2014

AV-Test is an independent software testing firm. Their latest testing focus on how well Android security products can protect devices with most products scoring well in the evaluation

http://securitywatch.pcmag.com/security-software/330168-report-android-security-apps-improving

FULL REPORT AV-TEST – Android Security Applications NOV2014

http://www.av-test.org/en/antivirus/mobile-devices/android/november-2014/

 
While there aren’t nearly as many malicious applications aimed at Android devices as there are targeting Windows, that’s no reason to be complacent. If one of those malware apps hits your phone, you’ve got trouble whether it’s common or not. AV-Test Institute rated 31 Android security applications and found that for the most part they’re even more effective than when last tested.  AV-Test CEO Andreas Marx observed that “the malware protection rate of all products—with one exception (51.2 percent)—was in the very good range with an average detection rate of 97.6 percent.” He also noted that the current crop of products generated far fewer false positives (valid files detected as malware), with a total of seven compared with 36 in the previous test.

Anti-Virus Testing- AV-Comparatives tests Virus cleaning DEC2014

AV-Comparatives is an independent software testing firm. The latest AV product tests focus on how well they can clean infected systems in removing malware and correcting damages to the registry and overall Windows system.

http://securitywatch.pcmag.com/security-software/330210-pc-infected-which-antivirus-does-the-best-cleanup

FULL DETAILED PDF – AV-Comparatives tests Virus cleaning DEC2014
http://www.av-comparatives.org/wp-content/uploads/2014/12/avc_rem_201411_en.pdf

TABLE SUMMARIZING TEST RESULTS BY VENDOR
http://www.pcmag.com/image_popup/0,1740,iid=441354,00.asp

 
The AV-Comparatives researchers used a fairly simple system to convert these grades in to numeric ratings for comparison. A product that earned a D grade for removal or convenience got zero of 100 possible points. Perfect removal earned 100, 90, or 80 points, depending on whether the convenience grade was A, B, or C. Removal with executables remaining (a B grade) earned 70, 60, or 50 points, again depending on the convenience grade. And so on. Average point totals for the products tested ranged from AhnLab’s low of 68 to a high score of 88, shared by AVG and Bitdefender. Panda and Kaspersky came close, with 87 and 86 points respectively

Anti-Virus protection – one key defense for 2015

While safe practices can go along way in protecting users, this brief article highlights the complementary need for technology defenses as well.

http://securitywatch.pcmag.com/security-software/330459-why-you-need-antivirus-software

 
These days, “antivirus” is just a word for a tool that protects your data and your PC against viruses, Trojans, botnets, rootkits, rogue security software, ransomware, and all types of malicious software. Actual viruses are the least of your worries, since they lay low to avoid detection.   “But I only use my PC to surf the Web,” you may say. “I don’t keep any personal information on it. Who cares if a virus or some bad program goes along for the ride?” Well, it’s not as simple as that.    A Trojan horse gets onto your system by pretending to be useful, but once inside the walls, it releases a malicious payload. You say you don’t store personal data? How about your email address—that’s about as personal as it gets. A Trojan might try to capture your email address and password, or insert itself into financial transactions to drain your bank account. That’s bank robbery with no need for a mask or a gun.

Leadership – Five Techniques to sharpen skills for 2015

Excellent advice for coming year is found at John Maxwell’s leadership blog.  These strategies can provide improved techniques to help take on the challenges for coming year:

http://www.johnmaxwell.com/blog/5-surefire-ways-to-sharpen-your-skills

QUOTE: Recently, another leader asked me about how he should go about sharpening his skills in the areas where he was naturally gifted. Here are the thoughts I shared with him that day. To sharpen our skills in a strength area, we should seek to…

1. Gain Experience – Once you get some experience under your belt, it gives you both confidence and examples of what works and what doesn’t. Having dealt with a similar situation before really makes you confident that you can handle it this time.

2. Get Feedback – feedback from any number of people can be really valuable.

3. Write Down YOur Thoughts - I’ve discovered that when I write a thought on paper and then examine it, I can think of all sorts of ways to improve it.

4. Participate in a Small Group of People – Sitting in a group discussing ideas is huge because it allows us to flesh out great thinking. That’s because as a group, we can all contribute to improving an idea.

5. Study Available Resources – if you will spend one hour a day every day on a certain subject, within five years you will become an expert on that subject.

SUMMARY: I’ve always said that we should focus on growing in our areas of strength, more than in areas of weakness. Once you’ve figured out which way you’re naturally wired, work on gaining experience, getting feedback, participating in groups, and studying great resources. Your efforts in these areas will yield great dividends in your personal growth.

Enterprise Anti-Virus Protection Test – December 2014

Dennis Technology Labs is an independent software testing firm.  They compared corporate AV products with real-world simulated testing as noted in the comprehensive PDF report

http://www.dennistechnologylabs.com/

http://www.dennistechnologylabs.com/reports/s/a-m/2014/DTL_2014_Q4_Ent.1.0.pdf

Product Protected Legitimate accuracy Total Accuracy
Kaspersky Endpoint Security for Windows 100 100% 100%
Symantec Endpoint Protection 100 100% 100%
Trend Micro OfficeScan and Intrusion Defense Firewall 95 95% 93%
McAfee VirusScan, HIPs and SiteAdvisor 98 87% 88%
Microsoft System Center Endpoint Protection 53 100% 64%

 
This report aims to compare the effectiveness of anti-malware products provided by well-known security companies. The products were exposed to internet threats that were live during the test period. This exposure was carried out in a realistic way, closely reflecting a customer’s experience. These results reflect what would have happened if a user was using one of the products and visited an infected website

Device Security – Safely retire older devices when they are replaced

Modern digital devices can hold enormous amounts of personal and confidential data.  Great care must be exercised when they are replaced. Data contents should be reviewed with complete deletion of data even when passing on to others in family.  This is emphasized in following PC magazine article:

http://securitywatch.pcmag.com/security/330704-re-gifting-digital-gadgets-can-lead-to-identity-theft-woes

 
If you received a shiny new gadget for the holidays, you may be thinking about passing your existing device to a new owner. It works just fine, and it’s better to pass it on than to throw it away, right?   Re-gifting digital devices can be problematic, especially if you don’t take the time to scrub your personal data and financial information first. If you are looking to pass on your laptops, desktops, tablets, and gaming consoles to someone else, make sure your identity is still safe. And if you received something that was regifted, take the time to scrub the data before you start using it. “Someone’s digital and personal footprint can still be acquired any number of ways outside the cash register or Internet shopping cart,” said David Anderson, director of product at Protect Your Bubble. One way is through information left behind on the older device.

Microsoft Security Updates – DECEMBER 2014

Critical Security updates to Microsoft Windows, Internet Explorer,  Office and other products became available on Patch Tuesday.  A patch for the Exchange server based product is also available.  This is a large security update and users should promptly update to enjoy best levels of protection. So far, no issues encountered in early use after installation at home & work.

https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+-+December+2014/19043

http://technet.microsoft.com/en-us/security/bulletin/ms14-dec 

Central Virginia CPCU Chapter – 20 Security Awareness slides



On November 11, 2014, Microsoft MVP Harry Waldron provided a 70 minute security awareness presentation at the Roanoke Country Club.  The 20 slides and documentation for this event are noted below:

BEST PRACTICES FOR INTERNET SAFETY FOR 2014
November 11, 2014 — Roanoke Country Club LUNCHEON MEETING (starts @ 11:45 am)

ROANOKE COUNTRY CLUB
http://www.roanokecountryclub.org/
3360 Country Club Drive NW
Roanoke, VA 24017
(540) 345-1508



DATE:     NOVEMBER 11, 2014 (Tuesday)
TIME:     11:45 am — 1:00 pm (Lunch & presentation)
COST:     Free to all CPCUs  ($15 for IT professionals & other attendees)
MENU:   Soup, Salad, Potato & Desert bar

BEST PRACTICES FOR INTERNET SAFETY FOR 2014
http://blogs.msmvps.com/harrywaldron/2014/10/16/best-practices-for-internet-safety-for-2014/

ABOUT SPEAKER
https://mvp.microsoft.com/en-us/mvp/Harry%20L.%20Waldron-9220



 

COPIES OF SLIDES USED IN PRESENTATION:

==========================

Slide 1 – COMPUTER SECURITY
BEST SAFTEY PRACTICES FOR 2014
CENTRAL VIRGINIA CPCU – NOV 11, 2014
Harry Waldron, CPCU, AAI
==========================

Slide 2 — MAJOR SAFETY PRINCIPLES
1. EDUCATION – KNOW THY ENEMY
2. TECHNICAL PROTECTION
3. HUMAN BEST SAFETY PRACTICES
==========================

Slide 3 – EDUCATED USERS SAFER
1. MOST ACTIVIES ARE SAFE
2. MANY DANGERS IN ONLINE ACTIONS
3. KNOWLEDGE LEADS TO PROTECTION
==========================

Slide 4 – SECURITY EXPOSURES
1. PHYSICAL (THEFT, USB, WIRELESS)
2. EMAIL, WEB & SOCIAL NETWORKS
3. E-COMMERCE & PRIVACY
==========================

Slide 5 – TYPES OF ATTACKS
1. PRANKS, HOAXES, NUISANCE
2. DATA MINING & HARMFUL ATTACKS
3. THEFT DURING E-COMMERCE
==========================

Slide 6 – METHODS OF ATTACK
1. LEGITIMATE LOOKING EMAIL/WEBSITE
2. SOCIAL ENGINEERING TRICKS
3. WEAK PASSWORDS OR DEFENSES
==========================

Slide 7 – ADVANCED ATTACK EXAMPLES
1. WEBSITE INJECTION (IMPLANT VIRUSES)
2. RANSOMWARE (HOLD HOSTAGE)
3. POINT-OF-SALES ATTACK (CREDIT CARD)
==========================

Slide 8 – SECURITY EDUCATION SUMMARY
1. CAT & MOUSE GAME (KNOW ENEMY)
2. ATTACKS OUTSIDE USA HARD TO STOP
3. EDUCATED USERS AVOID RISKS BETTER
==========================

Slide 9 – TECHNICAL SAFETY OVERVIEW
1. STAY UP-TO-DATE ON SOFTWARE
2. ANTI-VIRUS & SECURITY TOOLS
3. BACKUP FILES & DATA OFTEN
==========================

Slide 10 – UP-TO-DATE SOFTWARE
1. KEEP ANTI-VIRUS ACTIVE & UPDATED
2. PATCH WINDOWS, OFFICE, FLASH, ETC
3. ONE-THIRD OF ALL ATTACKS MITIGATED
==========================

Slide 11 – ANTI-VIRUS & SECURITY TOOLS
1. A/V BENEFICIAL – EXCEPT “ZERO DAY”
2. FIREWALLS, ENCRYPTION, ETC.
3. PHYSICAL SECURITY CONTROLS
==========================

Slide 12 – BACKUP EARLY AND OFTEN
1. USB HARD DRIVE, DVD, CLOUD
2. STORM IS NOT TIME TO PATCH ROOF
3. INSURANCE POLICY IN WORST CASE
==========================

Slide 13 – HUMAN SAFETY OVERVIEW
1. SEC-U-R-IT-Y (YOU ARE IT)
2. AVOIDANCE = OUNCE OF PREVENTION
3. THINK BEFORE YOU CLICK
==========================

Slide 14 – EMAIL SAFETY
1. EMAIL ADDRESS SPOOFING
2. DANGEROUS WEBSITE LINKS
3. ATTACHMENT DANGERS
==========================

Slide 15 – WEBSITE SAFETY
1. GOOGLE SEARCH DANGERS
2. PHISHING ATTACKS (FAKE BANK SITE)
3. MALICIOUS LINKS OR FLASH DANGERS
==========================

Slide 16 – DESIGNS TO GET FOLKS TO CLICK
1. FEAR (FAKE BANK, IRS, UPS CHARGES)
2. GREED (YOU HAVE WON A BIG PRIZE)
3. CURIOSITY (FAKE NEWS STORIES)
==========================

Slide 17 – FAKE PHONE & WEBSITE SCAMS
1. MICROSOFT & IRS DO NOT CALL USERS
2. SCAMS TO STEAL MONEY OR DATA
3. CHECK IT OUT BEFORE TAKING ACTION
==========================

Slide 18 – SOCIAL NETWORK SAFETY
1. LOCK DOWN PRIVACY & SECURITY
2. SHARE AS IF PRINTED IN NEWSPAPER
3. SHARE VACATION & EVENTS CAREFULLY
==========================

Slide 19 – ADDITIONAL USER SAFETY TIPS
1. COMPLEX & DIFFERENT PASSWORDS
2. WIRELESS ACCESS = HIGH-RISK
3. E-COMMERCE ON TRUSTED SITES ONLY
==========================

Slide 20 – SECURITY IS A PROCESS
1. BLEND OF TECHNICAL/HUMAN SAFETY
2. EDUCATION & RISK MANAGEMENT
3. BEST PRACTICES IMPROVES SAFETY
==========================

Windows 10 – Additional Announcements likely in early 2015

The initial preview launch for Windows 10 offered a high-level early look at many basic features. As this article from Information Week reflects, additional details are likely to emerge for other forthcoming features in early 2015

http://www.informationweek.com/software/operating-systems/windows-10-5-new-facts/d/d-id/1317919

 
Microsoft is done releasing Windows 10 previews until at least January, but details about the new operating system continue to leak. Early Windows 10 Preview builds have focused on mouse-and-keyboard features such as virtual desktops, but a touch-focused preview is on the way. However, several reports, all citing unnamed Microsoft insiders, claim Microsoft will reveal Windows 10 for smartphones and tablets at an event in late January. It’s possible Microsoft will reveal the mobile OS in January but wait a few months to release a public preview.  According to ZDNet’s Mary Jo Foley, who has a strong track record for pre-release Microsoft news, the version of Windows 10 revealed in January will be compatible with both ARM-based and Intel-based devices

Microsoft Press – 130 e-books available for FREE download

I’ve just discovered this new training and reference resource.  I have already downloaded a few “Windows 8.1″ and “Windows Server 2012 R2″ books for IT Professionals to review this offering.  The price is certainly right on these, as it makes a great online “non-paper” reference in some cases

Source: Microsoft Senior Sales Excellence Manager – Eric Ligman

BLOG – Eric Ligman, Microsoft Senior Sales Manager
http://blogs.msdn.com/b/mssmallbiz/

MAIN LINK — 130 e-books available for FREE download
http://blogs.msdn.com/b/mssmallbiz/archive/2014/07/07/largest-collection-of-free-microsoft-ebooks-ever-including-windows-8-1-windows-8-windows-7-office-2013-office-365-office-2010-sharepoint-2013-dynamics-crm-powershell-exchange-server-lync-2013-system-center-azure-cloud-sql.aspx

Some excellent “Windows Server 2012 R2″ e-books here also
http://blogs.msdn.com/b/mssmallbiz/archive/2014/10/13/windows-server-2012-training-lineup-starting-with-a-free-ebook.aspx

QUOTE:   FREE Microsoft eBooks! Who doesn’t love FREE Microsoft eBooks? Well, for the past few years, I’ve provided posts containing almost 150 FREE Microsoft eBooks and my readers, new and existing, have loved these posts so much that they downloaded over 3.5 Million free eBooks as of last June, including over 1,000,000 in a single week last year (and many, many more since then).

Given the amount my readers enjoy these posts and these free resources, I am sharing another post this year with over 130 more FREE eBooks, Step-By-Steps, Resource Guides, etc., for your enjoyment. Plus I’m also including links to the free eBooks I shared in the past so you have all of them here in one single post, making this my single largest collection EVER (Almost 300 total)! Please enjoy these FREE eBooks and resources, and be sure to pass this along to your friends, colleagues, peers, and others who you think would benefit from and enjoy them. After all, wouldn’t it be fun if we could surpass the 1,000,000 download mark within just one week again?