These tips can help you determine that you're shopping at a secure and trustworthy website.
Look for signs that the business is legitimate
Buy from reputable stores and sellers. Here are some ways to check:
Find out what other shoppers say. Sites like Epinions.com or BizRate have customer evaluations which can help you determine a company's legitimacy.
Look for third-party seals of approval. Companies can put these seals on their sites if they abide by a set of rigorous standards such as how personal information can be used. Two seals to look for:
If you see the seals, click them to make sure they link to the organization that created them. Some unscrupulous merchants will put these logos on their websites without permission.
Look for signs that the website protects your data
On the web page where you enter your credit card or other personal information, look for an "s" after http in the web address of that page (as shown below). (Encryption is a security measure that scrambles data as it traverses the Internet.)
Also make sure there is a tiny closed padlock in the address bar, or on the lower right corner of the window.
Image of green address bar in Internet Explorer
Use a filter that warns you of suspicious websites
Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.
30 Eylül 2011 Cuma
11 tips for social networking safety
Social networking websites like MySpace, Facebook, Twitter, and Windows Live Spaces are services people can use to connect with others to share information like photos, videos, and personal messages.
As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.
Read these tips to help protect yourself when you use social networks.
Use caution when you click links that you receive in messages from your friends on your social website. Treat links in messages on these sites as you would links in email messages. (For more information, see Approach links in email with caution and Click Fraud: Cybercriminals want you to 'like' it.)
Know what you've posted about yourself. A common way that hackers break into financial or other accounts is by clicking the "Forgot your password?" link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, home town, high school class, or mother's middle name. If the site allows, make up your own password questions, and don't draw them from material anyone could find with a quick search. For more information, see:
What was the name of your first pet?
What is screen scraping?
Take charge of your online reputation
Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find out. This includes invitations to join new social networks. For more information, see Scammers exploit Facebook friendships.
To avoid giving away email addresses of your friends, do not allow social networking services to scan your email address book. When you join a new social network, you might receive an offer to enter your email address and password to find out if your contacts are on the network. The site might use this information to send email messages to everyone in your contact list or even everyone you've ever sent an email message to with that email address. Social networking sites should explain that they're going to do this, but some do not.
Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen. For more tips about how to avoid phishing scams, see Email and web scams: How to help protect yourself.
Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you.
Choose your social network carefully. Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out if the site monitors content that people post. You will be providing personal information to this website, so use the same criteria that you would to select a site where you enter your credit card.
Assume that everything you put on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.
Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information. To download and use third-party applications safely, take the same safety precautions that you take with any other program or file you download from the web.
Think twice before you use social networking sites at work. For more information, see Be careful with social networking sites, especially at work.
Talk to your kids about social networking. If you're a parent of children who use social networking sites, see How to help your kids use social websites more safely.
As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.
Read these tips to help protect yourself when you use social networks.
Use caution when you click links that you receive in messages from your friends on your social website. Treat links in messages on these sites as you would links in email messages. (For more information, see Approach links in email with caution and Click Fraud: Cybercriminals want you to 'like' it.)
Know what you've posted about yourself. A common way that hackers break into financial or other accounts is by clicking the "Forgot your password?" link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, home town, high school class, or mother's middle name. If the site allows, make up your own password questions, and don't draw them from material anyone could find with a quick search. For more information, see:
What was the name of your first pet?
What is screen scraping?
Take charge of your online reputation
Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find out. This includes invitations to join new social networks. For more information, see Scammers exploit Facebook friendships.
To avoid giving away email addresses of your friends, do not allow social networking services to scan your email address book. When you join a new social network, you might receive an offer to enter your email address and password to find out if your contacts are on the network. The site might use this information to send email messages to everyone in your contact list or even everyone you've ever sent an email message to with that email address. Social networking sites should explain that they're going to do this, but some do not.
Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen. For more tips about how to avoid phishing scams, see Email and web scams: How to help protect yourself.
Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you.
Choose your social network carefully. Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out if the site monitors content that people post. You will be providing personal information to this website, so use the same criteria that you would to select a site where you enter your credit card.
Assume that everything you put on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.
Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information. To download and use third-party applications safely, take the same safety precautions that you take with any other program or file you download from the web.
Think twice before you use social networking sites at work. For more information, see Be careful with social networking sites, especially at work.
Talk to your kids about social networking. If you're a parent of children who use social networking sites, see How to help your kids use social websites more safely.
What does digital citizenship mean to you?
Digital citizenship is usually defined as the "norms of behavior with regard to technology use." It encompasses digital literacy, ethics, etiquette, online safety, norms, rights, culture and more. Microsoft recognizes that good digital citizenship, when you use computers, gaming consoles, or mobile devices, promotes a safer online environment for all.
The visual whitepaper, "Fostering Digital Citizenship," discusses why digital citizenship matters and outlines the education young people need as they explore, learn, and essentially "grow-up" online. This paper also addresses the three types of risks you might encounter in online activities: Content, Contact, and Conduct.
Managing your online behavior and monitoring your reputation are important elements of good digital citizenship. Microsoft recently surveyed teen and parental attitudes, awareness of, and behaviors toward managing their online reputations.
Teens share considerably more information online than their parents and, as a result, expose themselves to more risk; they also feel more in control of their online reputations.
Teens believe the benefits of sharing information online outweigh the risks, with the exception of sharing a physical location.
Teens and parents worry about different things. Teens are most concerned about getting into college (57%), landing a job (52%,) and being embarrassed (42%). Parents worry about fraud (54%), being embarrassed (51%,) and career (43%).
The encouraging results suggest that American parents and teens are actively managing their online reputations—and with an eye toward good digital citizenship.
The visual whitepaper, "Fostering Digital Citizenship," discusses why digital citizenship matters and outlines the education young people need as they explore, learn, and essentially "grow-up" online. This paper also addresses the three types of risks you might encounter in online activities: Content, Contact, and Conduct.
Managing your online behavior and monitoring your reputation are important elements of good digital citizenship. Microsoft recently surveyed teen and parental attitudes, awareness of, and behaviors toward managing their online reputations.
Teens share considerably more information online than their parents and, as a result, expose themselves to more risk; they also feel more in control of their online reputations.
Teens believe the benefits of sharing information online outweigh the risks, with the exception of sharing a physical location.
Teens and parents worry about different things. Teens are most concerned about getting into college (57%), landing a job (52%,) and being embarrassed (42%). Parents worry about fraud (54%), being embarrassed (51%,) and career (43%).
The encouraging results suggest that American parents and teens are actively managing their online reputations—and with an eye toward good digital citizenship.
23 Eylül 2011 Cuma
DDoS attacks
All statistical data presented in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.
The quarter in figures
The most powerful attack repelled by Kaspersky DDoS Prevention in Q2: 500 Mbps
The average power of the attacks repelled by Kaspersky DDoS Prevention: 70 Mbps
The longest DDoS attack in Q2: 60 days, 1 hour, 21 minutes and 9 seconds
The highest number of DDoS attacks against a single site in Q2: 218.
DDoS and protests
Distributed denial-of-service attacks are no longer being carried out simply to make a profit. Cybercriminals are increasingly targeting government resources or the sites of big companies to show off their skills, demonstrate their power or, in some cases, as a form of protest. These are exactly the sort of attacks that get maximum publicity in the media.
The most active hacker groups in the second quarter of 2011 were LulzSec and Anonymous. They organized DDoS attacks on government sites in the US, the UK, Spain, Turkey, Iran and several other countries. The hackers managed to temporarily bring down sites such as cia.gov (the US Central Intelligence Agency) and www.soca.gov.uk (the British Serious Organized Crime Agency (SOCA)). This shows that even government sites safeguarded by specialist agencies are not immune to DDoS attacks.
Attacking government sites is a risky business for hackers because it immediately attracts the attention of law enforcement authorities. In Q2 of 2011, for example, more than 30 members of Anonymous were arrested on suspicion of launching DDoS attacks on government sites. More arrests are likely to follow as authorities continue their investigations. However, not all those involved are likely to be convicted because participation in the organization of a DDoS attack is still not considered illegal in many countries.
One big corporation subjected to a major attack was Sony. At the end of March, Sony brought legal action against several hackers accusing them of breaching the firmware of the popular PlayStation 3 console. In protest at Sony’s pursuit of the hackers, Anonymous launched a DDoS attack that crippled the company’s PlayStationnetwork.com sites for some time. But this was just the tip of the iceberg. According to Sony, during the DDoS attack the servers of the PSN service were hacked and the data of 77 million users were stolen. Whether or not it was done intentionally, the DDoS attack by Anonymous served as a diversionary tactic for the theft of huge volumes of data and which, at the end of the day, affected Sony’s reputation.
DDoS attacks on social media
The second quarter of 2011 is likely to be remembered by Russian Internet users for the series of attacks on LiveJournal. The resource is popular with a variety of people, with housewives, photographers, pilots and even politicians posting blogs on the site. According to our botnet monitoring system, the mass attacks on LiveJournal began by targeting journals of a political nature, in particular, that of the anti-corruption and political activist Alexey Navalny.
Our botnet monitoring system has been tracking a botnet named Optima which was used in the DDoS attacks on LiveJournal. In the period between 23 March and 1 April Optima received commands to attack the anti-corruption site http://rospil.info, http://www.rutoplivo.ru and http://navalny.livejournal.com as well as the furniture factory site http://www.kredo-m.ru. On certain days only http://navalny.livejournal.com was attacked. At the beginning of April the botnet received a command to attack a long list of LiveJournal addresses mostly belonging to popular bloggers who cover a wide range of subjects.
The Optima botnet has been known on the market since late 2010. From the type of code used, it is safe to say that Optima bots are developed by Russian-speaking malware writers and they are mostly sold on Russian-language forums. It is difficult to determine the size of the botnet because it is highly segmented. However, our monitoring system has recorded instances of the Optima bots that attacked LiveJournal receiving commands to download other malicious programs. This suggests the Optima botnet includes tens of thousands of infected machines because such downloads are considered unprofitable for small botnets.
The motive for the attacks on LiveJournal remains unclear as nobody has yet claimed responsibility. Until the cybercriminals behind the attacks are identified, it will be difficult to say whether the attacks were ordered or just a show of force.
DDoS attacks on social media are becoming more frequent because these services allow the immediate exchange of information between tens of thousands of users. Blocking this process, even if it is just for a short time, can only be achieved with the help of DDoS attacks.
We expect to see a further growth in these types of attack in the future.
Commercial DDoS attacks
Ordinary criminals also continue to make active use of DDoS attacks. However, information about attacks that aim to extort or blackmail organizations is rarely made public and when it is, it is usually related to the subsequent criminal investigation.
In April, a court in Dusseldorf handed down a sentence to a cybercriminal who tried to blackmail six German bookmakers during the 2010 World Cup. The culprit used the familiar routine of: intimidation, a trial attack on the victim’s site, and a message containing a ransom demand. Three of the six offices agreed to pay off the attacker. According to the bookmakers, a few hours of website downtime can result in the loss of significant sums – 25-40,000 euros for large offices and 5-6,000 euros for smaller offices. Surprisingly, the scammer only demanded 2000 euros. He received money in U-cash vouchers – a method which had already been used by the author of the well-known GpCode Trojan program. The court sentenced the defendant to nearly three years in prison – the first time in German legal history that someone has been imprisoned for organizing a DDoS attack. Such attacks are now classified by the country’s courts as computer sabotage and are punishable by up to 10 years in jail.
In June, the Russian judicial system also addressed the subject of DDoS attacks. On 24 June, a Moscow court sanctioned the arrest of Pavel Vrublevsky, the owner of ChronoPay, Russia’s biggest Internet payment service provider. Vrublevsky was accused of organizing a DDoS attack against competitor firm Assist in order to undermine its chances in a tender for a lucrative contract to process payments for Aeroflot, Russia’s largest airline. Sources close to the investigation said Vrublevsky was also considered the owner of the Rx-Promotion affiliate network which specializes in spreading pharmaceutical spam.
The quarter in figures
The most powerful attack repelled by Kaspersky DDoS Prevention in Q2: 500 Mbps
The average power of the attacks repelled by Kaspersky DDoS Prevention: 70 Mbps
The longest DDoS attack in Q2: 60 days, 1 hour, 21 minutes and 9 seconds
The highest number of DDoS attacks against a single site in Q2: 218.
DDoS and protests
Distributed denial-of-service attacks are no longer being carried out simply to make a profit. Cybercriminals are increasingly targeting government resources or the sites of big companies to show off their skills, demonstrate their power or, in some cases, as a form of protest. These are exactly the sort of attacks that get maximum publicity in the media.
The most active hacker groups in the second quarter of 2011 were LulzSec and Anonymous. They organized DDoS attacks on government sites in the US, the UK, Spain, Turkey, Iran and several other countries. The hackers managed to temporarily bring down sites such as cia.gov (the US Central Intelligence Agency) and www.soca.gov.uk (the British Serious Organized Crime Agency (SOCA)). This shows that even government sites safeguarded by specialist agencies are not immune to DDoS attacks.
Attacking government sites is a risky business for hackers because it immediately attracts the attention of law enforcement authorities. In Q2 of 2011, for example, more than 30 members of Anonymous were arrested on suspicion of launching DDoS attacks on government sites. More arrests are likely to follow as authorities continue their investigations. However, not all those involved are likely to be convicted because participation in the organization of a DDoS attack is still not considered illegal in many countries.
One big corporation subjected to a major attack was Sony. At the end of March, Sony brought legal action against several hackers accusing them of breaching the firmware of the popular PlayStation 3 console. In protest at Sony’s pursuit of the hackers, Anonymous launched a DDoS attack that crippled the company’s PlayStationnetwork.com sites for some time. But this was just the tip of the iceberg. According to Sony, during the DDoS attack the servers of the PSN service were hacked and the data of 77 million users were stolen. Whether or not it was done intentionally, the DDoS attack by Anonymous served as a diversionary tactic for the theft of huge volumes of data and which, at the end of the day, affected Sony’s reputation.
DDoS attacks on social media
The second quarter of 2011 is likely to be remembered by Russian Internet users for the series of attacks on LiveJournal. The resource is popular with a variety of people, with housewives, photographers, pilots and even politicians posting blogs on the site. According to our botnet monitoring system, the mass attacks on LiveJournal began by targeting journals of a political nature, in particular, that of the anti-corruption and political activist Alexey Navalny.
Our botnet monitoring system has been tracking a botnet named Optima which was used in the DDoS attacks on LiveJournal. In the period between 23 March and 1 April Optima received commands to attack the anti-corruption site http://rospil.info, http://www.rutoplivo.ru and http://navalny.livejournal.com as well as the furniture factory site http://www.kredo-m.ru. On certain days only http://navalny.livejournal.com was attacked. At the beginning of April the botnet received a command to attack a long list of LiveJournal addresses mostly belonging to popular bloggers who cover a wide range of subjects.
The Optima botnet has been known on the market since late 2010. From the type of code used, it is safe to say that Optima bots are developed by Russian-speaking malware writers and they are mostly sold on Russian-language forums. It is difficult to determine the size of the botnet because it is highly segmented. However, our monitoring system has recorded instances of the Optima bots that attacked LiveJournal receiving commands to download other malicious programs. This suggests the Optima botnet includes tens of thousands of infected machines because such downloads are considered unprofitable for small botnets.
The motive for the attacks on LiveJournal remains unclear as nobody has yet claimed responsibility. Until the cybercriminals behind the attacks are identified, it will be difficult to say whether the attacks were ordered or just a show of force.
DDoS attacks on social media are becoming more frequent because these services allow the immediate exchange of information between tens of thousands of users. Blocking this process, even if it is just for a short time, can only be achieved with the help of DDoS attacks.
We expect to see a further growth in these types of attack in the future.
Commercial DDoS attacks
Ordinary criminals also continue to make active use of DDoS attacks. However, information about attacks that aim to extort or blackmail organizations is rarely made public and when it is, it is usually related to the subsequent criminal investigation.
In April, a court in Dusseldorf handed down a sentence to a cybercriminal who tried to blackmail six German bookmakers during the 2010 World Cup. The culprit used the familiar routine of: intimidation, a trial attack on the victim’s site, and a message containing a ransom demand. Three of the six offices agreed to pay off the attacker. According to the bookmakers, a few hours of website downtime can result in the loss of significant sums – 25-40,000 euros for large offices and 5-6,000 euros for smaller offices. Surprisingly, the scammer only demanded 2000 euros. He received money in U-cash vouchers – a method which had already been used by the author of the well-known GpCode Trojan program. The court sentenced the defendant to nearly three years in prison – the first time in German legal history that someone has been imprisoned for organizing a DDoS attack. Such attacks are now classified by the country’s courts as computer sabotage and are punishable by up to 10 years in jail.
In June, the Russian judicial system also addressed the subject of DDoS attacks. On 24 June, a Moscow court sanctioned the arrest of Pavel Vrublevsky, the owner of ChronoPay, Russia’s biggest Internet payment service provider. Vrublevsky was accused of organizing a DDoS attack against competitor firm Assist in order to undermine its chances in a tender for a lucrative contract to process payments for Aeroflot, Russia’s largest airline. Sources close to the investigation said Vrublevsky was also considered the owner of the Rx-Promotion affiliate network which specializes in spreading pharmaceutical spam.
What to do
The first thing to do is make sure that the antivirus database is up-to-date and scan your computer. If this does not help, antivirus solutions from other vendors may do the job. Many manufacturers of anti-virus solutions offer free versions of their products for trial or one-time scanning – we recommend you to run one of these products on your machine. If it detects a virus or a Trojan, make sure you send a copy of the infected file to the manufacturer of the antivirus solution that failed to detect it. This will help this vendor faster develop protection against this threat and protect other users running this antivirus from getting infected.
If an alternative antivirus does not detect any malware, it is recommended that you disconnect your computer from the Internet or a local network, disable Wi-Fi connection and the modem, if any, before you start looking for the infected file(s). Do not use the network unless critically needed. Do not use web payment systems or internet banking services under any circumstances. Avoid referring to any personal or confidential data; do not use any web-based services that require your screen name and password.
How do I find an infected file?
Detecting a virus or Trojan in your computer in some cases may be a complex problem requiring a technical qualification; however, in other cases that may be a pretty straightforward task – this all depends on the degree of the malware complexity and the methods used to hide the malicious code embedded into the system. In the difficult cases when special methods (e.g. rootkit technologies) are employed to disguise and conceal the malicious code in the system, a non-professional may be unable to track down the infected file. This problem may require special utilities or actions, like connecting the hard disk to another computer or booting the system from a CD. However, if a regular worm or simple Trojan is around, you may be able to track it down using fairly simple methods.
The vast majority of worms and Trojan need to take control when the system starts. There are two basic ways for that:
A link to the infected file is written to the autorun keys of the Windows registry;
The infected file is copied to an autorun folder in Windows.
The most common autorun folders in Windows 2000 and XP are as follows:
%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
%Documents and Settings%\All Users\Start Menu\Programs\Startup\
There are quite a number of autorun keys in the system register, the most popular keys include Run, RunService, RunOnce и RunServiceOnce, located in the following register folders:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\]
Most probably, a search at the above locations will yield several keys with names that don’t reveal much information, and paths to the executable files. Special attention should be paid to the files located in the Windows system catalog or root directory. Remember names of these files, you will need them in the further analysis.
Writing to the following key is also common:
[HKEY_CLASSES_ROOT\exefile\shell\open\command\]
The default value of this key is “%1" %*”.
Windows’ system (and system 32) catalog and root directory are the most convenient place to set worms and Trojans. This is due to 2 facts: the contents of these catalogs are not shown in the Explorer by default, and these catalogs host a great number of different system files, functions of which are completely unknown to a lay user. Even an experienced user will probably find it difficult to tell if a file called winkrnl386.exe is part of the operating system or foreign to it.
It is recommended to use any file manager that can sort file by creation/modification date, and sort the files located within the above catalogs. This will display all recently created and modified files at the top of the catalog – these very files will be of interest to the researcher. If any of these files are identical to those occurring in the autorun keys, this is the first wake-up call.
Advanced users can also check the open network ports using netstat, the standard utility. It is recommended to set up a firewall and scan the processes engaged in network activities. It is also recommended to check the list of active processes using dedicated utilities with advanced functionalities rather than the standard Windows utilities – many Trojans successfully avoid being detected by standard Windows utilities.
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums. Such web resources include www.virusinfo.info and anti-malware.ru (Russian language), and www.rootkit.com and www.gmer.net (English). Similar forums designed to assist users are also run by many antivirus companies.
If an alternative antivirus does not detect any malware, it is recommended that you disconnect your computer from the Internet or a local network, disable Wi-Fi connection and the modem, if any, before you start looking for the infected file(s). Do not use the network unless critically needed. Do not use web payment systems or internet banking services under any circumstances. Avoid referring to any personal or confidential data; do not use any web-based services that require your screen name and password.
How do I find an infected file?
Detecting a virus or Trojan in your computer in some cases may be a complex problem requiring a technical qualification; however, in other cases that may be a pretty straightforward task – this all depends on the degree of the malware complexity and the methods used to hide the malicious code embedded into the system. In the difficult cases when special methods (e.g. rootkit technologies) are employed to disguise and conceal the malicious code in the system, a non-professional may be unable to track down the infected file. This problem may require special utilities or actions, like connecting the hard disk to another computer or booting the system from a CD. However, if a regular worm or simple Trojan is around, you may be able to track it down using fairly simple methods.
The vast majority of worms and Trojan need to take control when the system starts. There are two basic ways for that:
A link to the infected file is written to the autorun keys of the Windows registry;
The infected file is copied to an autorun folder in Windows.
The most common autorun folders in Windows 2000 and XP are as follows:
%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
%Documents and Settings%\All Users\Start Menu\Programs\Startup\
There are quite a number of autorun keys in the system register, the most popular keys include Run, RunService, RunOnce и RunServiceOnce, located in the following register folders:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\]
Most probably, a search at the above locations will yield several keys with names that don’t reveal much information, and paths to the executable files. Special attention should be paid to the files located in the Windows system catalog or root directory. Remember names of these files, you will need them in the further analysis.
Writing to the following key is also common:
[HKEY_CLASSES_ROOT\exefile\shell\open\command\]
The default value of this key is “%1" %*”.
Windows’ system (and system 32) catalog and root directory are the most convenient place to set worms and Trojans. This is due to 2 facts: the contents of these catalogs are not shown in the Explorer by default, and these catalogs host a great number of different system files, functions of which are completely unknown to a lay user. Even an experienced user will probably find it difficult to tell if a file called winkrnl386.exe is part of the operating system or foreign to it.
It is recommended to use any file manager that can sort file by creation/modification date, and sort the files located within the above catalogs. This will display all recently created and modified files at the top of the catalog – these very files will be of interest to the researcher. If any of these files are identical to those occurring in the autorun keys, this is the first wake-up call.
Advanced users can also check the open network ports using netstat, the standard utility. It is recommended to set up a firewall and scan the processes engaged in network activities. It is also recommended to check the list of active processes using dedicated utilities with advanced functionalities rather than the standard Windows utilities – many Trojans successfully avoid being detected by standard Windows utilities.
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums. Such web resources include www.virusinfo.info and anti-malware.ru (Russian language), and www.rootkit.com and www.gmer.net (English). Similar forums designed to assist users are also run by many antivirus companies.
What if my computer is infected?
Unfortunately, it may happen occasionally that the antivirus installed in your computer with its latest updates is incapable of detecting a new virus, worm or a Trojan. Sadly but true: no antivirus protection software gives you a 100% guarantee of complete security. If your computer does get infected, you need to determine the fact of infection, identify the infected file and send it to the vendor whose product missed the malicious program and failed to protect your computer.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
20 Eylül 2011 Salı
Famous Hackers
Steve Jobs and Steve Wozniak, founders of Apple Computers, are both hackers. Some of their early exploits even resemble the questionable activities of some malicious hackers. However, both Jobs and Wozniak outgrew their malicious behavior and began concentrating on creating computer hardware and software. Their efforts helped usher in the age of the personal computer -- before Apple, computer systems remained the property of large corporations, too expensive and cumbersome for average consumers.
Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.
Richard Stallman, also known as "rms," founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.
On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) "c0mrade." Originally sentenced to house arrest, James was sent to prison when he violated parole.
Kevin Mitnick
Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.
Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick's reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI's Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.
Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He's famous for hacking the phones of a radio station called KIIS-FM. Poulsen's hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he's famous for being a senior editor at Wired magazine.
Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant -- his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.
It's likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don't really know what they are doing -- they're just using dangerous tools they don't completely understand. Others know what they're doing so well that they can slip in and out of systems without anyone ever knowing.
Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.
Richard Stallman, also known as "rms," founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.
On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) "c0mrade." Originally sentenced to house arrest, James was sent to prison when he violated parole.
Kevin Mitnick
Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.
Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick's reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI's Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.
Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He's famous for hacking the phones of a radio station called KIIS-FM. Poulsen's hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he's famous for being a senior editor at Wired magazine.
Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant -- his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.
It's likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don't really know what they are doing -- they're just using dangerous tools they don't completely understand. Others know what they're doing so well that they can slip in and out of systems without anyone ever knowing.
Hackers and the Law
In general, most governments aren't too crazy about hackers. Hackers' ability to slip in and out of computers undetected, stealing classified information when it amuses them, is enough to give a government official a nightmare. Secret information, or intelligence, is incredibly important. Many government agents won't take the time to differentiate between a curious hacker who wants to test his skills on an advanced security system and a spy.
Laws reflect this attitude. In the United States, there are several laws forbidding the practice of hacking. Some, like 18 U.S.C. § 1029, concentrate on the creation, distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked.
Another important law is 18 U.S.C. § 1030, part of which forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a nonpublic government computer [Source: U.S. Department of Justice].
Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months' probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice's Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment [Source: U.S. Department of Justice].
Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, like Stanford University students Larry Page and Sergey Brin. Page and Brin worked together to create a search engine they eventually named Google. Today, they are tied for 26th place on Forbes' list of the world's most wealthy billionaires [source: Forbes].
Other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of "hacker tools." Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems [source: IDG News Service].
Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States' indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defense and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal [Source: BBC News].
In the next section, we'll look at some famous and notorious hackers.
Laws reflect this attitude. In the United States, there are several laws forbidding the practice of hacking. Some, like 18 U.S.C. § 1029, concentrate on the creation, distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked.
Another important law is 18 U.S.C. § 1030, part of which forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a nonpublic government computer [Source: U.S. Department of Justice].
Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months' probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice's Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment [Source: U.S. Department of Justice].
Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, like Stanford University students Larry Page and Sergey Brin. Page and Brin worked together to create a search engine they eventually named Google. Today, they are tied for 26th place on Forbes' list of the world's most wealthy billionaires [source: Forbes].
Other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of "hacker tools." Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems [source: IDG News Service].
Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States' indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defense and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal [Source: BBC News].
In the next section, we'll look at some famous and notorious hackers.
Hacker Culture
Individually, many hackers are antisocial. Their intense interest in computers and programming can become a communication barrier. Left to his or her own devices, a hacker can spend hours working on a computer program while neglecting everything else.
Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically.
Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims' databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world's most secure systems at will [source: Sterling].
There are many Web sites dedicated to hacking. The hacker journal "2600: The Hacker Quarterly" has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.
When caught -- either by law enforcement or corporations -- some hackers admit that they could have caused massive problems. Most hackers don't want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest -- he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act outlaws unauthorized access to computer systems [source: Hacking Laws].
Hackers and Crackers
Many computer programmers insist that the word "hacker" applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn't a hacker at all, but a cracker.
Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don't understand the distinction between hackers and crackers.
Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers -- the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software.
Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers' experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux.
There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements -- most attendees stay in tents -- and high-tech conversation and activities.
In the next section, we'll learn about hackers and legal issues
Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically.
Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims' databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world's most secure systems at will [source: Sterling].
There are many Web sites dedicated to hacking. The hacker journal "2600: The Hacker Quarterly" has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.
When caught -- either by law enforcement or corporations -- some hackers admit that they could have caused massive problems. Most hackers don't want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest -- he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act outlaws unauthorized access to computer systems [source: Hacking Laws].
Hackers and Crackers
Many computer programmers insist that the word "hacker" applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn't a hacker at all, but a cracker.
Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don't understand the distinction between hackers and crackers.
Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers -- the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software.
Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers' experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux.
There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements -- most attendees stay in tents -- and high-tech conversation and activities.
In the next section, we'll learn about hackers and legal issues
The Hacker Toolbox
The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations -- once a skilled hacker knows how a system works, he can design programs that exploit it.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone's identity.
Hack passwords: There are many ways to hack someone's password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker's system. The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages -- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won't be able to read it.
In the next section, we'll get a glimpse into hacker culture.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone's identity.
Hack passwords: There are many ways to hack someone's password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker's system. The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages -- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won't be able to read it.
In the next section, we'll get a glimpse into hacker culture.
How Hackers Work
Thanks to the media, the word "hacker" has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there's no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.
The term computer hacker first showed up in the mid-1960s. A hacker was a programmer -- someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers -- they saw the potential of what computers could do and created ways to achieve that potential.
Up Next
A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug -- a section of bad code that prevented the program from working properly -- hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they'd happily do for free.
As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning -- a person using computers to explore a network to which he or she didn't belong. Usually hackers didn't have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.
In fact, that's still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious -- they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.
Super Phreak
Before computer hackers, curious and clever individuals found ways to manipulate the phone system in a phenomenon called phreaking. Through phreaking, these individuals found ways to make long distance calls for free or sometimes just played pranks on other telephone users.
In this article, we'll explore common techniques hackers use to infiltrate systems. We'll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.
In the next section, we'll look at hackers' tricks of the trade.
The term computer hacker first showed up in the mid-1960s. A hacker was a programmer -- someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers -- they saw the potential of what computers could do and created ways to achieve that potential.
Up Next
A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug -- a section of bad code that prevented the program from working properly -- hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they'd happily do for free.
As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning -- a person using computers to explore a network to which he or she didn't belong. Usually hackers didn't have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.
In fact, that's still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious -- they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.
Super Phreak
Before computer hackers, curious and clever individuals found ways to manipulate the phone system in a phenomenon called phreaking. Through phreaking, these individuals found ways to make long distance calls for free or sometimes just played pranks on other telephone users.
In this article, we'll explore common techniques hackers use to infiltrate systems. We'll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.
In the next section, we'll look at hackers' tricks of the trade.
cryptographic technology
Our work in cryptography is making an impact within and outside the Federal government. Strong cryptography improves the security of systems and the information they process. IT users also enjoy the enhanced availability in the marketplace of secure applications through cryptography, Public Key Infrastructure (PKI), and e-authentication. Work in this area addresses such topics as secret and public key cryptographic techniques, advanced authentication systems, cryptographic protocols and interfaces, public key certificate management, biometrics, smart tokens, cryptographic key escrowing, and security architectures. This year, the work called for in the Homeland Security Presidential Directive 12 (HSPD-12) has continued. A few examples of the impact this work has had include changes to Federal employee identification methods, how users authenticate their identity when needing government services online, and the technical aspects of passports issued to U.S. citizens.
CSD collaborates with a number of national and international agencies and standards bodies to develop secure, interoperable security standards. Federal agency collaborators include the Department of Energy, the Department of State, the National Security Agency (NSA), and the Communications Security Establishment of Canada, while national and international standards bodies include the American Standards Committee (ASC) X9 (financial industry standards), the International Organization for Standardization (ISO), the Institute of Electrical and Electronic Engineers (IEEE) and the Internet Engineering Task Force (IETF). Industry collaborators include BC5 Technologies, Certicom, Entrust Technologies, Hewlett Packard, InfoGard, Microsoft, NTRU, Pitney Bowes, RSA Security, Spyrus, and Wells Fargo.
CSD collaborates with a number of national and international agencies and standards bodies to develop secure, interoperable security standards. Federal agency collaborators include the Department of Energy, the Department of State, the National Security Agency (NSA), and the Communications Security Establishment of Canada, while national and international standards bodies include the American Standards Committee (ASC) X9 (financial industry standards), the International Organization for Standardization (ISO), the Institute of Electrical and Electronic Engineers (IEEE) and the Internet Engineering Task Force (IETF). Industry collaborators include BC5 Technologies, Certicom, Entrust Technologies, Hewlett Packard, InfoGard, Microsoft, NTRU, Pitney Bowes, RSA Security, Spyrus, and Wells Fargo.
Is Data Loss Plummeting?
Our guess is that the primary finding of the latest Verizon business 2011 Data Breach Investigations Report –namely that even with doubling the number of examined incident cases, the total number of compromised data records dropped by an order of magnitude—will be so unpalatable to some that the report will fall off the radar in a hurry.
On the other hand, this and other findings in the report raise such interesting questions that the industry might well do itself some good by asking itself some of the tough questions that the report raises. Like: why aren't organizations spending more time making sure that systems have all the old patches still in place, rather than worrying about the speed with which they patch newly discovered vulnerabilities?
According to the report, data records compromised records through data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010. This, according to Wade Baker, director of research and intelligence at Verizon Business, is by far the lowest volume of data loss since the report’s launch in 2008.
Topline findings from the report included:
Large-scale breaches dropped dramatically while small attacks increased. The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.
Outsiders are responsible for most data breaches. Ninety-two percent of data breaches were caused by external sources. Contrary to the malicious-employee stereotype, insiders were responsible for only 16 percent of attacks. Partner-related attacks continued to decline, and business partners accounted for less than 1 percent of breaches.
Physical attacks are on the rise. After doubling as a percentage of all breaches in 2009, attacks involving physical actions doubled again in 2010, and included manipulating common credit-card devices such as ATMs, gas pumps and point-of-sale terminals. The data indicates that organized crime groups are responsible for most of these card-skimming schemes.
Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseload and was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities.
Stolen passwords and credentials are out of control. Ineffective, weak or stolen credentials continue to wreak havoc on enterprise security. Failure to change default credentials remains an issue, particularly in the financial services, retail and hospitality industries.
On the other hand, this and other findings in the report raise such interesting questions that the industry might well do itself some good by asking itself some of the tough questions that the report raises. Like: why aren't organizations spending more time making sure that systems have all the old patches still in place, rather than worrying about the speed with which they patch newly discovered vulnerabilities?
According to the report, data records compromised records through data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010. This, according to Wade Baker, director of research and intelligence at Verizon Business, is by far the lowest volume of data loss since the report’s launch in 2008.
Topline findings from the report included:
Large-scale breaches dropped dramatically while small attacks increased. The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.
Outsiders are responsible for most data breaches. Ninety-two percent of data breaches were caused by external sources. Contrary to the malicious-employee stereotype, insiders were responsible for only 16 percent of attacks. Partner-related attacks continued to decline, and business partners accounted for less than 1 percent of breaches.
Physical attacks are on the rise. After doubling as a percentage of all breaches in 2009, attacks involving physical actions doubled again in 2010, and included manipulating common credit-card devices such as ATMs, gas pumps and point-of-sale terminals. The data indicates that organized crime groups are responsible for most of these card-skimming schemes.
Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseload and was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities.
Stolen passwords and credentials are out of control. Ineffective, weak or stolen credentials continue to wreak havoc on enterprise security. Failure to change default credentials remains an issue, particularly in the financial services, retail and hospitality industries.
Better Fraud Through Data
Andy Kemshall, technical director of SecurEnvoy, recently said that the X-Factor US database hack is not only the latest in a string of attacks on corporate servers to extract personal data, but furthermore suggests that cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.
"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.
It's an interesting idea: one of the most effective online fraud deterrents available are services that analyze transaction histories to establish a customer's basic use profile. When a new transaction is sufficiently outside the norm, the transaction can be subjected to further scrutiny before it's approved. How would a serious hacker counteract the effectiveness of this defense? By building up their own profiles to go along with stolen credentials and making sure that fraudulent transactions were sufficiently within the norm that red flags weren't raised. Seems entirely possible.
"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.
It's an interesting idea: one of the most effective online fraud deterrents available are services that analyze transaction histories to establish a customer's basic use profile. When a new transaction is sufficiently outside the norm, the transaction can be subjected to further scrutiny before it's approved. How would a serious hacker counteract the effectiveness of this defense? By building up their own profiles to go along with stolen credentials and making sure that fraudulent transactions were sufficiently within the norm that red flags weren't raised. Seems entirely possible.
16 Eylül 2011 Cuma
Applications
Computer security is critical in almost any technology-driven industry which operates on computer systems. Computer security can also be referred to as computer safety. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.
Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely.
Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.
Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely.
Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.
Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
Secure coding
If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, and others). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.
In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. It is to be immediately noted that all of the foregoing are specific instances of a general class of attacks, where situations in which putative "data" actually contains implicit or explicit, executable instructions are cleverly exploited.
Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.
Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.
Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally read/write) is
In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. It is to be immediately noted that all of the foregoing are specific instances of a general class of attacks, where situations in which putative "data" actually contains implicit or explicit, executable instructions are cleverly exploited.
Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.
Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.
Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally read/write) is
Secure operating systems
One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.
Systems designed with such methodology represent the state of the art[clarification needed] of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
Read more: http://www.answers.com/topic/computer-security#ixzz1Y7k0ORQL
Systems designed with such methodology represent the state of the art[clarification needed] of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
Read more: http://www.answers.com/topic/computer-security#ixzz1Y7k0ORQL
12 Eylül 2011 Pazartesi
Trend Micro Titanium Antivirus+ 2012
The software designers at Trend Micro identified three main pain points for security software users: complexity, intrusiveness, and overuse of resources. With Trend Micro Titanium Antivirus+ 2012 ($39.95, direct; three licenses for $59.95) they aim to avoid those pain points and offer an antivirus that's safe, lightweight, and easy to use. It succeeds at those goals, but PCMag's tests and independent lab tests agree that its actual protection capabilities lag behind the competition.
Changes for 2012
Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) and Kaspersky Anti-Virus 2012 ($59.95 direct for three licenses, 3.5 stars) both got a full makeover this year, a new, simpler interface. Trend Micro's interface didn't need a change, as it was already super-simple. Interestingly, the latest edition lets you personalize the product by selecting a skin or using one of your own photos.
Specifications
Type
Business, Personal, Professional
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Free email, chat, and phone support plus online forum and videos.
More View Slideshow See all (16) slides
More
Action-wise this edition promises better protection against fake antivirus, better behavioral protection, and new technology to resist botnets and standard viruses. It also adds better detection and removal of rootkits, automatically offering a bootable rescue CD if needed to eradicate rootkits.
Trend Micro's Smart Protection Network (SPN) blocks 5 billion threats daily. About 80 percent of the antivirus's signature data resides in the cloud with SPN, to keep the product's footprint small. It's so quiet and unobtrusive that some users wondered if it was even working. The current edition offers a security report once a month, so you can see what it's doing for you. Of course, you can view the report any time you wish.
But wait! There's more! Whether you purchase one license or three of the PC-based antivirus, you get a free copy of Trend Micro Smart Surfing for Mac, which would normally cost $49.95.
Not Fond of the Labs
Trend Micro's researchers feel that many of the antivirus testing labs aren't doing their testing quite right. This product is designed to block malware at many levels, starting with the initial download of the file, and few labs test at all levels. Trend Micro stopped participating in Virus Bulletin's tests some while ago, and more recently withdrew from the retrospective tests performed by AV-Comparatives.org. In the latest on-demand malware cleanup test by AV-Comparatives, Trend Micro rated STANDARD, the lowest passing rating.
The company also declines to participate in testing by ICSA Labs. West Coast Labs certifies the product for both virus detection and virus removal.
All of the tests mentioned to this point are static tests in which the product is presented with thousands of inactive malware files and challenged to identify them. Trend Micro contends, quite reasonably, that dynamic testing of the whole product with active malware is more representative of the user's real-world experience.
Each quarter AV-Test.org runs a dynamic virus certification test under Windows 7, Vista, or XP. Products can earn up to six points in three areas: Protection, Repair, and Usability. A total of 11 points is required for certification. Trend Micro did make the cut, but just barely. Its last three scores were 12.5, 13.5, and 12.5. Bitdefender's technology averaged 16 point on the last three tests, the highest of any tested. and Kaspersky came in second with an average of 15.17.
In the dynamic whole product test by AV-Comparatives, Trend Micro impressively took the top rating, ADVANCED+.
Changes for 2012
Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) and Kaspersky Anti-Virus 2012 ($59.95 direct for three licenses, 3.5 stars) both got a full makeover this year, a new, simpler interface. Trend Micro's interface didn't need a change, as it was already super-simple. Interestingly, the latest edition lets you personalize the product by selecting a skin or using one of your own photos.
Specifications
Type
Business, Personal, Professional
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Free email, chat, and phone support plus online forum and videos.
More View Slideshow See all (16) slides
More
Action-wise this edition promises better protection against fake antivirus, better behavioral protection, and new technology to resist botnets and standard viruses. It also adds better detection and removal of rootkits, automatically offering a bootable rescue CD if needed to eradicate rootkits.
Trend Micro's Smart Protection Network (SPN) blocks 5 billion threats daily. About 80 percent of the antivirus's signature data resides in the cloud with SPN, to keep the product's footprint small. It's so quiet and unobtrusive that some users wondered if it was even working. The current edition offers a security report once a month, so you can see what it's doing for you. Of course, you can view the report any time you wish.
But wait! There's more! Whether you purchase one license or three of the PC-based antivirus, you get a free copy of Trend Micro Smart Surfing for Mac, which would normally cost $49.95.
Not Fond of the Labs
Trend Micro's researchers feel that many of the antivirus testing labs aren't doing their testing quite right. This product is designed to block malware at many levels, starting with the initial download of the file, and few labs test at all levels. Trend Micro stopped participating in Virus Bulletin's tests some while ago, and more recently withdrew from the retrospective tests performed by AV-Comparatives.org. In the latest on-demand malware cleanup test by AV-Comparatives, Trend Micro rated STANDARD, the lowest passing rating.
The company also declines to participate in testing by ICSA Labs. West Coast Labs certifies the product for both virus detection and virus removal.
All of the tests mentioned to this point are static tests in which the product is presented with thousands of inactive malware files and challenged to identify them. Trend Micro contends, quite reasonably, that dynamic testing of the whole product with active malware is more representative of the user's real-world experience.
Each quarter AV-Test.org runs a dynamic virus certification test under Windows 7, Vista, or XP. Products can earn up to six points in three areas: Protection, Repair, and Usability. A total of 11 points is required for certification. Trend Micro did make the cut, but just barely. Its last three scores were 12.5, 13.5, and 12.5. Bitdefender's technology averaged 16 point on the last three tests, the highest of any tested. and Kaspersky came in second with an average of 15.17.
In the dynamic whole product test by AV-Comparatives, Trend Micro impressively took the top rating, ADVANCED+.
AVG Anti-Virus Free 2012
AVG Technologies is best known for antivirus protection, but in recent years the company has branched out, adding system tune-up, parental control, online backup, and more. But have no fear; you can still get the powerful protection of AVG Anti-Virus Free 2012 without spending a penny. In my tests and in tests by independent labs it beats many of its for-pay competition. Do note that it's specifically free for personal use; business users must pay for AVG's antivirus protection.
The 2012 edition's main screen collapses the previous edition's ten component icons down to six, but adds three new ones to integrate the company's other products. If you use AVG Family Safety ($19.95 direct for three licenses, 4.5 stars), AVG PC Tuneup 2011 ($29.99/year direct, 4 stars), or AVG LiveKive online backup, you can click the icon to link your products. If you don't, naturally the antivirus includes an option to get them.
More
Specifications
Type
Personal
Free
Yes
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
FAQ, forum, videos, email; free phone support in US, UK, Canada.
More Good Lab Results
All of the labs I follow test AVG's technology and give it generally good ratings. ICSA Labs and West Coast Labs certify it for virus detection; West Coast adds checkmark certification for virus removal as well. In all of the last ten tests by Virus Bulletin, AVG has received VB100 certification.
AVG participates in the on-demand test by AV-Comparatives.org, but not in the retrospective test, which simulates zero-day protection by using old virus signatures. In the on-demand test AVG rated STANDARD, the lowest passing grade.
AV-Comparatives also runs a whole-product dynamic test, challenging products to protect test systems from real-world up-to-the-minute threats. In this test AVG rated ADVANCED, a cut above STANDARD.
The ongoing antivirus certification tests by AV-Test.org are also dynamic tests, emulating a user's real-world experience. Products can receive up to 6 points for protection, repair, and usability, with a total of 11 points required for certification. In the most recent tests under Windows 7, Vista, and XP, AVG averaged 13.17 points.
The article How We Interpret Antivirus Lab Tests explains how I boil down results from the various labs to create the following chart.
AVG Anti-Virus Free 2012 lab tests chart
Very Good Malware Cleanup
AVG installed quickly on my twelve malware-infested test systems. Resistant malware on one system interfered with installation, but installing in Safe Mode solved that one. On half of the test systems AVG detected active threats immediately and requested a reboot to finalize cleanup.
A full scan on my standard clean test system took just 16 minutes, and a repeat scan finished in less than two minutes. That's plenty fast. The average scan time for recent products on this same system is 25 minutes.
I always find it odd that AVG separates rootkit scanning from the whole computer scan. For the test systems infested with rootkits I ran the separate rootkit scan, which added about three minutes.
When I tallied the results I was quite impressed. AVG detected 88 percent, the same as TrustPort Antivirus 2012 ($39.95 direct, 3.5 stars). Of the products tested with this current threat collection, only G Data AntiVirus 2012 ($29.95 direct, 3.5 stars), with 91 percent, detected more.
AVG didn’t clean up perfectly. It left behind executable files for some threats, and even left a few processes running. However, its score of 6.5 points for malware removal is a new high for the current crop of antivirus products, beating out the 6.4 point record held by Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars).
AVG detected all of the threats that use rootkit technology and scored 6.7 points for rootkit removal, a tie for top score with ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars). Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) was the next-best rootkit remover, with 6.0 points.
The majority of current products detected all of my scareware samples. Malwarebytes scored a perfect 10, thoroughly cleaning up scareware. AVG was close behind with 9.5 points, the same as BitDefender, Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars), and several others.
This is quite an impressive showing, and it parallels the dynamic test results from the labs. For a full explanation of how I come up with these scores see How We Test Malware Removal.
The 2012 edition's main screen collapses the previous edition's ten component icons down to six, but adds three new ones to integrate the company's other products. If you use AVG Family Safety ($19.95 direct for three licenses, 4.5 stars), AVG PC Tuneup 2011 ($29.99/year direct, 4 stars), or AVG LiveKive online backup, you can click the icon to link your products. If you don't, naturally the antivirus includes an option to get them.
More
Specifications
Type
Personal
Free
Yes
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
FAQ, forum, videos, email; free phone support in US, UK, Canada.
More Good Lab Results
All of the labs I follow test AVG's technology and give it generally good ratings. ICSA Labs and West Coast Labs certify it for virus detection; West Coast adds checkmark certification for virus removal as well. In all of the last ten tests by Virus Bulletin, AVG has received VB100 certification.
AVG participates in the on-demand test by AV-Comparatives.org, but not in the retrospective test, which simulates zero-day protection by using old virus signatures. In the on-demand test AVG rated STANDARD, the lowest passing grade.
AV-Comparatives also runs a whole-product dynamic test, challenging products to protect test systems from real-world up-to-the-minute threats. In this test AVG rated ADVANCED, a cut above STANDARD.
The ongoing antivirus certification tests by AV-Test.org are also dynamic tests, emulating a user's real-world experience. Products can receive up to 6 points for protection, repair, and usability, with a total of 11 points required for certification. In the most recent tests under Windows 7, Vista, and XP, AVG averaged 13.17 points.
The article How We Interpret Antivirus Lab Tests explains how I boil down results from the various labs to create the following chart.
AVG Anti-Virus Free 2012 lab tests chart
Very Good Malware Cleanup
AVG installed quickly on my twelve malware-infested test systems. Resistant malware on one system interfered with installation, but installing in Safe Mode solved that one. On half of the test systems AVG detected active threats immediately and requested a reboot to finalize cleanup.
A full scan on my standard clean test system took just 16 minutes, and a repeat scan finished in less than two minutes. That's plenty fast. The average scan time for recent products on this same system is 25 minutes.
I always find it odd that AVG separates rootkit scanning from the whole computer scan. For the test systems infested with rootkits I ran the separate rootkit scan, which added about three minutes.
When I tallied the results I was quite impressed. AVG detected 88 percent, the same as TrustPort Antivirus 2012 ($39.95 direct, 3.5 stars). Of the products tested with this current threat collection, only G Data AntiVirus 2012 ($29.95 direct, 3.5 stars), with 91 percent, detected more.
AVG didn’t clean up perfectly. It left behind executable files for some threats, and even left a few processes running. However, its score of 6.5 points for malware removal is a new high for the current crop of antivirus products, beating out the 6.4 point record held by Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars).
AVG detected all of the threats that use rootkit technology and scored 6.7 points for rootkit removal, a tie for top score with ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars). Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) was the next-best rootkit remover, with 6.0 points.
The majority of current products detected all of my scareware samples. Malwarebytes scored a perfect 10, thoroughly cleaning up scareware. AVG was close behind with 9.5 points, the same as BitDefender, Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars), and several others.
This is quite an impressive showing, and it parallels the dynamic test results from the labs. For a full explanation of how I come up with these scores see How We Test Malware Removal.
Spyware Stoppers
Illustration: Doug FraserNot long ago, Web- and e-mail-borne viruses were a computer user's worst enemy. Though viruses and worms still cause more damage in compromised or lost data, a newer menace, popularly known as spyware, steals users' productivity and peace of mind. The "spyware" label can apply to legitimate but annoying programs that users consent (perhaps unwittingly) to have installed on their PCs, or it can describe programs that install themselves without permission. Both types of applications can drain your computer's resources, slow your Internet connection, spy on your surfing, and even forcibly redirect your Web browser. For the purposes of this story, we'll call the former category adware and the latter spyware. Adware clearly spells out its intent, comes with an uninstaller, and can be readily removed from a system. Spyware, in contrast, installs itself surreptitiously and can be nearly impossible to remove without assistance.
A crop of anti-spyware programs has sprung up to provide that assistance. We evaluated ten current anti-spyware utilities designed to detect and remove spyware and adware from PCs, looking at their rates of detection, scanning speed, ability to prevent unwanted applications from installing themselves, and ease of use. We were pleased to find that a couple of the programs did a very effective job of cleaning an infected system and preventing new infestations with effective real-time protection.
PC World tested seven products in the $20 to $40 range from big and small vendors: Allume Systems' (formerly Aladdin Systems') Internet Cleanup, Aluria Software's Spyware Eliminator, Computer Associates' ETrust PestPatrol Anti-Spyware, InterMute's SpySubtract Pro, McAfee's AntiSpyware, Sunbelt Software's CounterSpy, and Webroot Software's Spy Sweeper. In addition, we tested two popular free programs--Lavasoft's Ad-Aware SE Personal and Safer Networking's Spybot Search & Destroy--and a third free program that operates very differently but no less effectively, Merijn.org's HijackThis. (You can get all three free products here.) We did not include HijackThis in our charts because, unlike the others, it does not scan for infections. We also tested one product in beta, Microsoft's new Windows AntiSpyware, which was until late last year Giant Software's AntiSpyware.
A crop of anti-spyware programs has sprung up to provide that assistance. We evaluated ten current anti-spyware utilities designed to detect and remove spyware and adware from PCs, looking at their rates of detection, scanning speed, ability to prevent unwanted applications from installing themselves, and ease of use. We were pleased to find that a couple of the programs did a very effective job of cleaning an infected system and preventing new infestations with effective real-time protection.
PC World tested seven products in the $20 to $40 range from big and small vendors: Allume Systems' (formerly Aladdin Systems') Internet Cleanup, Aluria Software's Spyware Eliminator, Computer Associates' ETrust PestPatrol Anti-Spyware, InterMute's SpySubtract Pro, McAfee's AntiSpyware, Sunbelt Software's CounterSpy, and Webroot Software's Spy Sweeper. In addition, we tested two popular free programs--Lavasoft's Ad-Aware SE Personal and Safer Networking's Spybot Search & Destroy--and a third free program that operates very differently but no less effectively, Merijn.org's HijackThis. (You can get all three free products here.) We did not include HijackThis in our charts because, unlike the others, it does not scan for infections. We also tested one product in beta, Microsoft's new Windows AntiSpyware, which was until late last year Giant Software's AntiSpyware.
9 Eylül 2011 Cuma
Computer Security
The term computer security is used frequently, but the content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network. As the use of computer networks, especially the Internet, has become pervasive, the concept of computer security has expanded to denote issues pertaining to the networked use of computers and their resources.
The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be. Availability means that resources are accessible by authorized parties; "denial of service" attacks, which are sometimes the topic of national news, are attacks against availability. Other important concerns of computer security professionals are access control and nonrepudiation. Maintaining access control means not only that users can access only those resources and services to which they are entitled, but also that they are not denied resources that they legitimately can expect to access. Nonrepudiation implies that a person who sends a message cannot deny that he sent it and, conversely, that a person who has received a message cannot deny that he received it. In addition to these technical aspects, the conceptual reach of computer security is broad and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime; the prevention, detection, and remediation of attacks; and identity and anonymity in cyberspace.
While confidentiality, integrity, and authenticity are the most important concerns of a computer security manager, privacy is perhaps the most important aspect of computer security for everyday Internet users. Although users may feel that they have nothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. Because of the ease with which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.
The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be. Availability means that resources are accessible by authorized parties; "denial of service" attacks, which are sometimes the topic of national news, are attacks against availability. Other important concerns of computer security professionals are access control and nonrepudiation. Maintaining access control means not only that users can access only those resources and services to which they are entitled, but also that they are not denied resources that they legitimately can expect to access. Nonrepudiation implies that a person who sends a message cannot deny that he sent it and, conversely, that a person who has received a message cannot deny that he received it. In addition to these technical aspects, the conceptual reach of computer security is broad and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime; the prevention, detection, and remediation of attacks; and identity and anonymity in cyberspace.
While confidentiality, integrity, and authenticity are the most important concerns of a computer security manager, privacy is perhaps the most important aspect of computer security for everyday Internet users. Although users may feel that they have nothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. Because of the ease with which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.
2 Eylül 2011 Cuma
How Phishing Works
Suppose you check your e-mail one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do?
This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
Phishing Origins
The first documented use of the word "phishing" took place in 1996. Most people believe it originated as an alternative spelling of "fishing," as in "to fish for information" [source: Next Generation Security Software].
From beginning to end, the process involves:
Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
Collection. Phishers record the information victims enter into Web pages or popup windows.
Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover [Source: Information Week].
Computer Security
Computer Security Quiz
10 Worst Computer Viruses
ScienceChannel.com: Hacker Quiz
If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.
Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.
This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
Phishing Origins
The first documented use of the word "phishing" took place in 1996. Most people believe it originated as an alternative spelling of "fishing," as in "to fish for information" [source: Next Generation Security Software].
From beginning to end, the process involves:
Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
Collection. Phishers record the information victims enter into Web pages or popup windows.
Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover [Source: Information Week].
Computer Security
Computer Security Quiz
10 Worst Computer Viruses
ScienceChannel.com: Hacker Quiz
If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.
Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.
How Spyware Works
Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Perhaps spyware is to blame.
Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.
Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.
Up Next
How Trolls Work
How Trojan Horses Work
Curiosity Project: 10 Surprising Ways Software Keeps Us Moving
Spyware, on the other hand, generally isn't designed to damage your computer. Spyware is defined broadly as any program that gets into your computer without your permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.
At present, most spyware targets only the Windows operating system. Some of the more notorious spyware threats include Trymedia, Nuvens, Estalive, Hotbar and New.Net.Domain.Plugin
Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.
Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.
Up Next
How Trolls Work
How Trojan Horses Work
Curiosity Project: 10 Surprising Ways Software Keeps Us Moving
Spyware, on the other hand, generally isn't designed to damage your computer. Spyware is defined broadly as any program that gets into your computer without your permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.
At present, most spyware targets only the Windows operating system. Some of the more notorious spyware threats include Trymedia, Nuvens, Estalive, Hotbar and New.Net.Domain.Plugin
How E-mail Scams Work
Almost everyone who has e-mail has been greeted with a message that offers an amazing financial opportunity. From pleas from African government officials to notices that you've won a lottery (that you don't remember entering), the e-mail messages appear too good to be true. And they are.
E-mail scams and Internet fraud are two of the most common complaints of computer users today. Often well disguised and including just enough true information to be enticing, e-mail fraud can be potentially dangerous to the recipient's finances and credit rating. These thieves may seek to steal your money directly, using bank account or credit card numbers you provide. Or they may seek to steal your identity, running up charges in your name. Money Magazine reports that more than 93 million personal data records have been lost or stolen since February 2005.
No one is safe. The FBI issued a warning in July 2007 about an increasing number of e-mail scams where the perpetrators impersonated the FBI to intimidate victims into giving up personal data. A similar e-mail scam was sent to taxpayers seemingly from the Internal Revenue Service, telling the taxpayers that they had an unclaimed refund.
E-mail scammers also act quickly. In November 2007, CNN reported that scammers were e-mailing people and asking them to donate to victims of the California wildfires.Such scams also appeared after 2005's Hurricane Katrina.
A recent report from Symantec, a supplier of Internet security software, said Web pirates are moving away from viruses and other damaging software and instead are focusing on financial gain through fraud. Government and private citizens in the United States provide more than half of the Internet activity that might lead to identity theft, the report stated.
E-mail scams and Internet fraud are widespread and costly. The FBI estimates computer-related crimes, including virus attacks, identity theft and other fraud, has cost $400 billion in the United States. The Internet Crime Complaint Center, a joint venture between the FBI and the National White Collar Crime Center, logged its 1 millionth complaint in the summer of 2007.
In this article we'll discuss e-mail scams and Internet fraud -- how to recognize it and how to protect yourself.
E-mail scams and Internet fraud are two of the most common complaints of computer users today. Often well disguised and including just enough true information to be enticing, e-mail fraud can be potentially dangerous to the recipient's finances and credit rating. These thieves may seek to steal your money directly, using bank account or credit card numbers you provide. Or they may seek to steal your identity, running up charges in your name. Money Magazine reports that more than 93 million personal data records have been lost or stolen since February 2005.
No one is safe. The FBI issued a warning in July 2007 about an increasing number of e-mail scams where the perpetrators impersonated the FBI to intimidate victims into giving up personal data. A similar e-mail scam was sent to taxpayers seemingly from the Internal Revenue Service, telling the taxpayers that they had an unclaimed refund.
E-mail scammers also act quickly. In November 2007, CNN reported that scammers were e-mailing people and asking them to donate to victims of the California wildfires.Such scams also appeared after 2005's Hurricane Katrina.
A recent report from Symantec, a supplier of Internet security software, said Web pirates are moving away from viruses and other damaging software and instead are focusing on financial gain through fraud. Government and private citizens in the United States provide more than half of the Internet activity that might lead to identity theft, the report stated.
E-mail scams and Internet fraud are widespread and costly. The FBI estimates computer-related crimes, including virus attacks, identity theft and other fraud, has cost $400 billion in the United States. The Internet Crime Complaint Center, a joint venture between the FBI and the National White Collar Crime Center, logged its 1 millionth complaint in the summer of 2007.
In this article we'll discuss e-mail scams and Internet fraud -- how to recognize it and how to protect yourself.
Anti-Virus Tips
Tips for Virus Detection and Prevention
Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
Do not open any files attached to an email if the subject line is questionable or unexpected.
Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
Do not download any files from strangers.
Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site.
Update your anti-virus software regularly. McAfee security software like McAfee Total Protection update automatically and continuously via the Internet.
Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates for your operating system, web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security.
If you are in doubt about any potential virus-related situation you find yourself in, you may report a virus to our virus team.
Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
Do not open any files attached to an email if the subject line is questionable or unexpected.
Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
Do not download any files from strangers.
Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site.
Update your anti-virus software regularly. McAfee security software like McAfee Total Protection update automatically and continuously via the Internet.
Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates for your operating system, web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security.
If you are in doubt about any potential virus-related situation you find yourself in, you may report a virus to our virus team.
Kaydol:
Kayıtlar (Atom)