Saturday, December 20, 2008

Infected web pages increase

During 2008, the rate at which the number of web pages infected with malicious software (malware) increased rose from one every 14 seconds to one ever 4.5 seconds. [See "Forecast: Security Threats for 2009"]

So what can you do?

  • Don't "assume" a web site is safe to visit.
  • Don't "assume" a link in an email is safe to click on.
  • Don't "assume" an email from a friend was really sent by them.
  • Use anti-phishing software, antivirus software, and anti-spam software.
  • Keep all your computer programs updated. If there is a security patch available for any of your programs, install the patch.
  • Use a program like Secunia's free Personal Software Inspector to check for program updates.
  • Use a program like Driver Detective to check for updates to program driver files.

Firefox less secure?

Firefox has often been touted as fundamentally "more secure" than Internet Explorer. If you have been led to believe that, you need to look at some cold, hard facts:
  • From March to September 2005 (yes, even as early as 2005), FireFox had 40 vulnerabilities to IE's 10. [ZDNet article]
  • From April through September 2005, the number of published Firefox exploits was 11 compared to IE's 6.
  • The most recent FireFox-related security problem is that some Russian criminals are using it to add malicious software as a "Plug-In". The malware detects when you connect to any of over 100 banks and then steals your account name and password, sending them to the criminals. [read the SC Magazine article]
  • In terms of vulnerability numbers reported in March 2008, Opera had the most, followed by Safari, FireFox, then Internet Explorer.

The biggest problem with malware is not the browser, it's the person using the browser. People are either too trusting of links and unknown sites or just think they will never get attacked.

Friday, December 12, 2008

Computing to help others

A recent New York Times story highlighted a couple of Computer Science students at Georgia Tech who show us all some of the exciting possibilities of helping others through computing.

The project students started out small -- based on some blood suppy spreadsheets at the CDC in Atlanta. As they delved into the real issue and talked with real users in Africa, the project has blossomed into a web-enabled application using Ajax.

In January, 14 African nations will start using this program. It must be impressive -- the United Nations Worldwide Health Organization (WHO) is discussing making this a program for reporting on blood supplies worldwide.

Friday, November 28, 2008

Beware nasty Mebroot trojan

Beware of malware called Sinowal (also as Mebroot) captures bank and similar data. A gang of Internet criminals have been using this and even morphing the malware to temporarily fool antivirus software.

Windows Secrets contributing editor Woody Leonhard likens Mebroot to "a parasitic operating system that runs inside Windows". [Disclaimer: I subscribe to the paid version of "Windows Secrets" newsletter. Prior to that subscribed for years to the paid version of Fred Langa's "LangaList" newsletter, which is now integrated into Brian Livingston's "Windows Secrets" newsletter. I highly recommend Windows Secrets anyone concerned about or interested in PCs.]

Leonhard says that his experience is that a lot of systems get infected with Mebroot (Sinowal) because the owners did not keep up with Adobe Reader, Adobe Flash, or Apple Quicktime security patches. You can manually check for such patches, set the apps to automatically check for updates, or (even better), install the free Secunia Personal Software Inspector (PSI) and scan for programs that need updating.

In October 2008 Brian Krebs, Washington Post, alerted readers to the "virtual heist" going on. Mebroot infects the Master Boot Record (MBR) of your PC and sends personal data to its "owners". Krebs says that the criminals have stolen over half a million credit and debit card account in the past few years.

While Symantec lists the malware's risk as low, if your data gets stolen, it won't be a little thing to you. Here are some actions Symantec and I recommend to reduce your risk of malware infections:

  • Use a firewall
  • Enforce complex passwords for all users of your computer
  • Use the lowest level access privileges.
  • Never use an Administrator-level login account as your normal one. Always login as a lower level account and then "Runas" or login as the Administrator level only as needed. Vista security is a big advance in making this type security easier. Yes, you get pop-ups to login as Administrator, but that's much better than manually running a "runas" command and you don't need to know the runas command line syntax.
  • Disable Auto-play
  • Turn off "File Sharing"
  • Turn off and remove unnecessary system services
  • Always keep your programs patched (You can use the free Secunia PSI to monitor patch status)
  • Don't open email attachments unless you were expecting them. Contact the sender separately (not by a "Reply") and see if they really did send you that email and attachment.
  • Turn off Bluetooth via Windows Control Panel if you are not using it.
  • If you really need to use Bluetooth, make sure every Bluetooth device's visibility is set to "Hidden".

Wednesday, November 26, 2008

Secunia PSI now in final form

Secunia Personal Software Inspector (PSI) is now officially out of beta and at version 1.0 (well, OK ... version 1.0.0.1). I have used versions prior to 1.0 and found them excellent. I'll be downloading, installing, and running PSI 1.0 today. I encourage you to do the same. This free software checks your programs for any updates.

While Microsoft Update (or the lesser Windows Update) does a great job, they naturally only deal with Microsoft products. Your computer has tons more programs, each of which may need a security patch, bug fix, or enhancement. Why check them all manually? Let PSI check for you. Try it; you'll like it.

To really stay on top of patches, I also use Driver Detective (not free, but very worth having).

Tuesday, November 11, 2008

Patch Adobe Reader, Acrobat!

If you use Adobe Reader 8.12 or earlier or Adobe Acrobat 8.12 or earlier, update them now! Adobe has released security updates to critical vulnerabilities.

Better yet, for Adobe Reader, upgrade to the version 9 -- it's free.

Both programs come configured to automatically check for updates, but some people turn that off. Leave the auto-check on -- protect yourself.

Monday, June 16, 2008

Firefox 3 leaps ahead

While not revolutionary or even truly evolutionary, version 3 of the Mozilla Firefox web browser looks very good. Some of its new features may even get me to use it as my default, which is now Microsoft Internet Explorer 7. Some of the new features I look forward to most relate to security and ease of use:

  • Site ownership. The "Passport Officer" lets you know who really owns a web site. This helps reduce accidental visiting of malicious sites.
  • Malware protection. A "Reported attack site!" message box with a red background pops up when the site you asked to visit is on a list of malware sites. Firefox blocks access and you must select the "Ignore" link if you really want to visit that URL. I also like that the link is small, in the lower right corner, and not a normal button. The two buttons are "Get me out of here" and "Why was this site blocked". This is a good security precaution.
  • Page zoom now zooms both text and images.
  • Multiple text select. You can now use the Control key to select and copy multiple blocks of text on a web page.

Features I an unsure about until I try them extensively include the new "keyhole" shaped navigation control. IE7 font rendering is better than FF2, so I am also curious about how well the font rendering in FF3 will work.

Features I already like in Firefox 2 include spell-checking in Web text areas, including Blogger, and the wide range of add-ons for blogging, editing, and web development.

I do wish Firefox would support the "standard" MSIE hot keys for such things as create a hyperlink (Ctrl+K), as using Firefox in Blogger is less useful than IE at this point (except for Spell-check).

It would help if at least Firefox and Mozilla had consistent hot keys. For example, Thunderbird uses Ctrl+L to insert a hyperlink. It doesn't match MSIE, but the Ctrl+L is easy to remember (L for "link"). But Ctrl+L in Firefox accesses its "Location Bar" (what IE calls the address bar. Bummer.

Friday, February 01, 2008

Firefox 3 to better indicate "safe" site

For many people, the "padlock" symbol showing in their browser status bar means "safe" or "secure". Actually, it only means that someone has bought a certificate and is using SSL (Secure Sockets Layer) -- encryption.

Since it's possible for criminals to buy a certificate and use SSL, the padlock is no guarantee that you won't get duped or have your identity stolen. What's important is to know that the site is really what it seems and to know who really owns it -- identity.

Firefox developers are now working on a different way to indicate the potential safety (or not) of a site by concentrating on identity, not SSL. In the process, Firefox looks like it will abandon the padlock symbol as an indicator of safety. This should appear in Firefox 3.0 when it comes out.

Monday, January 21, 2008

Maps - use the right tool

When you need a map, use the right one for the job. If what you need is a road map, you don't need Google Earth or Microsoft Virtual Earth, for example. Google Maps or Microsoft's Live Maps. Basically, I avoid the resource-intensive and thus also slower 3D apps such as Google Earth when I don't really need them to get the job done.

Here are what I see as the strengths of some common mapping apps:

  • Basic mapping. Google Maps is my first choice for all basic mapping, from road maps to aerial (satellite)views. Google's maps seem to cover much more of the globe and in closer detail. Google Maps even has a "Traffic" view now, as well as a "Terrain" view.
  • 3D maps. For a 3D-type view, I generally prefer Google Earth.
  • I use Microsoft Virtual Earth (the 3D part of Live Maps) if and only if I need to get a closer view. In some locations, Virtual Earth's maps get you a bit closer to the surface.
  • Measuring distances. Use Google Earth's measurement tool to get a pretty close idea of distances. You can even plot a multi-point line and get the total distance.
  • Placemarks. If you want to mark a place on the earth for others to see and you want to add a pop-up box description, see if WikiMapia fits your need. WikiMapia uses Google Maps. Example: Mulungwishi, Katanga Province, D.R. Congo.
  • Local points of interest. If you want to add local map "pins" for specific points of interest, Google Maps is great.
  • Multiple needs, including 3D. To combine local points of interest plus geographic location plus the need to tilt the view, Google Earth may be your best choice.

IE 7 Add-ons make surfing better

Internet Explorer 7 is a nice browser, but certainly not perfect. I also have Firefox installed on my PC, though I routinely use IE7. Among other things, online Blogger post editing seems to come out better than Firefox. No browser is perfect.

Case in point -- spell checking. I like the Firefox spell checking feature. Well, if you are an IE7 user, there's a free spell check add-on (but I like the Firefox implementation better). Actually, there are different add-ons that let you add features or customize IE7 more to your liking.

Here are a few IE add-ons that I wish Microsoft had included in IE7:

  • IE Spell (See IE7Pro below, though). Note that this spell check is only for form fields and similar ares to be filled in -- not for general web page views. It works fine within the Blogger post editing area, for example, though you have to manually force the check.
  • Inline Search (from IE Forge. See IE7Pro, below, though.)
  • Add Search Providers (surprisingly, from Microsoft)

Other handy Add-ons:

  • IE7Pro. IE7Pro adds several features, including Spell check and inline searching. The IE7Pro spell checks as you type, unlike the spell check on request method of "IE Spell" (above). That can be a blessing or a curse -- you decide.
    Note: IE7Pro didn't function well on my system, perhaps due to a couple of other browser helper objects installed. It crashed on use.
  • Web Developer Toolbar
  • Feed Folder. I prefer the IE7 Feed display in the left pane, but if you like Firefox's feed display better, check out Feed Folder.

Monday, January 07, 2008

SuperSpeed USB 3.0 coming

USB 3.0 is being developed and it's 10 times faster than USB 2.0 -- from 480Mbps to about 4.8Gbps! That's significantly better than firewire.

The product was recently demonstrated with an optical cable but the same type connector. The blazing speed could download a high-definition movie in about 70 seconds.

It may have better power efficiency for attached devices. That could use less power on laptops and may allow more USB devices to be charged via the USB connection instead of an AC adapter.

Current plans are to market it commecrially in 2009.