The first thing to do is make sure that the antivirus database is up-to-date and scan your computer. If this does not help, antivirus solutions from other vendors may do the job. Many manufacturers of anti-virus solutions offer free versions of their products for trial or one-time scanning – we recommend you to run one of these products on your machine. If it detects a virus or a Trojan, make sure you send a copy of the infected file to the manufacturer of the antivirus solution that failed to detect it. This will help this vendor faster develop protection against this threat and protect other users running this antivirus from getting infected.
If an alternative antivirus does not detect any malware, it is recommended that you disconnect your computer from the Internet or a local network, disable Wi-Fi connection and the modem, if any, before you start looking for the infected file(s). Do not use the network unless critically needed. Do not use web payment systems or internet banking services under any circumstances. Avoid referring to any personal or confidential data; do not use any web-based services that require your screen name and password.
How do I find an infected file?
Detecting a virus or Trojan in your computer in some cases may be a complex problem requiring a technical qualification; however, in other cases that may be a pretty straightforward task – this all depends on the degree of the malware complexity and the methods used to hide the malicious code embedded into the system. In the difficult cases when special methods (e.g. rootkit technologies) are employed to disguise and conceal the malicious code in the system, a non-professional may be unable to track down the infected file. This problem may require special utilities or actions, like connecting the hard disk to another computer or booting the system from a CD. However, if a regular worm or simple Trojan is around, you may be able to track it down using fairly simple methods.
The vast majority of worms and Trojan need to take control when the system starts. There are two basic ways for that:
A link to the infected file is written to the autorun keys of the Windows registry;
The infected file is copied to an autorun folder in Windows.
The most common autorun folders in Windows 2000 and XP are as follows:
%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
%Documents and Settings%\All Users\Start Menu\Programs\Startup\
There are quite a number of autorun keys in the system register, the most popular keys include Run, RunService, RunOnce и RunServiceOnce, located in the following register folders:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\]
Most probably, a search at the above locations will yield several keys with names that don’t reveal much information, and paths to the executable files. Special attention should be paid to the files located in the Windows system catalog or root directory. Remember names of these files, you will need them in the further analysis.
Writing to the following key is also common:
[HKEY_CLASSES_ROOT\exefile\shell\open\command\]
The default value of this key is “%1" %*”.
Windows’ system (and system 32) catalog and root directory are the most convenient place to set worms and Trojans. This is due to 2 facts: the contents of these catalogs are not shown in the Explorer by default, and these catalogs host a great number of different system files, functions of which are completely unknown to a lay user. Even an experienced user will probably find it difficult to tell if a file called winkrnl386.exe is part of the operating system or foreign to it.
It is recommended to use any file manager that can sort file by creation/modification date, and sort the files located within the above catalogs. This will display all recently created and modified files at the top of the catalog – these very files will be of interest to the researcher. If any of these files are identical to those occurring in the autorun keys, this is the first wake-up call.
Advanced users can also check the open network ports using netstat, the standard utility. It is recommended to set up a firewall and scan the processes engaged in network activities. It is also recommended to check the list of active processes using dedicated utilities with advanced functionalities rather than the standard Windows utilities – many Trojans successfully avoid being detected by standard Windows utilities.
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums. Such web resources include www.virusinfo.info and anti-malware.ru (Russian language), and www.rootkit.com and www.gmer.net (English). Similar forums designed to assist users are also run by many antivirus companies.
virus etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
virus etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
23 Eylül 2011 Cuma
What if my computer is infected?
Unfortunately, it may happen occasionally that the antivirus installed in your computer with its latest updates is incapable of detecting a new virus, worm or a Trojan. Sadly but true: no antivirus protection software gives you a 100% guarantee of complete security. If your computer does get infected, you need to determine the fact of infection, identify the infected file and send it to the vendor whose product missed the malicious program and failed to protect your computer.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
12 Eylül 2011 Pazartesi
Trend Micro Titanium Antivirus+ 2012
The software designers at Trend Micro identified three main pain points for security software users: complexity, intrusiveness, and overuse of resources. With Trend Micro Titanium Antivirus+ 2012 ($39.95, direct; three licenses for $59.95) they aim to avoid those pain points and offer an antivirus that's safe, lightweight, and easy to use. It succeeds at those goals, but PCMag's tests and independent lab tests agree that its actual protection capabilities lag behind the competition.
Changes for 2012
Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) and Kaspersky Anti-Virus 2012 ($59.95 direct for three licenses, 3.5 stars) both got a full makeover this year, a new, simpler interface. Trend Micro's interface didn't need a change, as it was already super-simple. Interestingly, the latest edition lets you personalize the product by selecting a skin or using one of your own photos.
Specifications
Type
Business, Personal, Professional
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Free email, chat, and phone support plus online forum and videos.
More View Slideshow See all (16) slides
More
Action-wise this edition promises better protection against fake antivirus, better behavioral protection, and new technology to resist botnets and standard viruses. It also adds better detection and removal of rootkits, automatically offering a bootable rescue CD if needed to eradicate rootkits.
Trend Micro's Smart Protection Network (SPN) blocks 5 billion threats daily. About 80 percent of the antivirus's signature data resides in the cloud with SPN, to keep the product's footprint small. It's so quiet and unobtrusive that some users wondered if it was even working. The current edition offers a security report once a month, so you can see what it's doing for you. Of course, you can view the report any time you wish.
But wait! There's more! Whether you purchase one license or three of the PC-based antivirus, you get a free copy of Trend Micro Smart Surfing for Mac, which would normally cost $49.95.
Not Fond of the Labs
Trend Micro's researchers feel that many of the antivirus testing labs aren't doing their testing quite right. This product is designed to block malware at many levels, starting with the initial download of the file, and few labs test at all levels. Trend Micro stopped participating in Virus Bulletin's tests some while ago, and more recently withdrew from the retrospective tests performed by AV-Comparatives.org. In the latest on-demand malware cleanup test by AV-Comparatives, Trend Micro rated STANDARD, the lowest passing rating.
The company also declines to participate in testing by ICSA Labs. West Coast Labs certifies the product for both virus detection and virus removal.
All of the tests mentioned to this point are static tests in which the product is presented with thousands of inactive malware files and challenged to identify them. Trend Micro contends, quite reasonably, that dynamic testing of the whole product with active malware is more representative of the user's real-world experience.
Each quarter AV-Test.org runs a dynamic virus certification test under Windows 7, Vista, or XP. Products can earn up to six points in three areas: Protection, Repair, and Usability. A total of 11 points is required for certification. Trend Micro did make the cut, but just barely. Its last three scores were 12.5, 13.5, and 12.5. Bitdefender's technology averaged 16 point on the last three tests, the highest of any tested. and Kaspersky came in second with an average of 15.17.
In the dynamic whole product test by AV-Comparatives, Trend Micro impressively took the top rating, ADVANCED+.
Changes for 2012
Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) and Kaspersky Anti-Virus 2012 ($59.95 direct for three licenses, 3.5 stars) both got a full makeover this year, a new, simpler interface. Trend Micro's interface didn't need a change, as it was already super-simple. Interestingly, the latest edition lets you personalize the product by selecting a skin or using one of your own photos.
Specifications
Type
Business, Personal, Professional
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Free email, chat, and phone support plus online forum and videos.
More View Slideshow See all (16) slides
More
Action-wise this edition promises better protection against fake antivirus, better behavioral protection, and new technology to resist botnets and standard viruses. It also adds better detection and removal of rootkits, automatically offering a bootable rescue CD if needed to eradicate rootkits.
Trend Micro's Smart Protection Network (SPN) blocks 5 billion threats daily. About 80 percent of the antivirus's signature data resides in the cloud with SPN, to keep the product's footprint small. It's so quiet and unobtrusive that some users wondered if it was even working. The current edition offers a security report once a month, so you can see what it's doing for you. Of course, you can view the report any time you wish.
But wait! There's more! Whether you purchase one license or three of the PC-based antivirus, you get a free copy of Trend Micro Smart Surfing for Mac, which would normally cost $49.95.
Not Fond of the Labs
Trend Micro's researchers feel that many of the antivirus testing labs aren't doing their testing quite right. This product is designed to block malware at many levels, starting with the initial download of the file, and few labs test at all levels. Trend Micro stopped participating in Virus Bulletin's tests some while ago, and more recently withdrew from the retrospective tests performed by AV-Comparatives.org. In the latest on-demand malware cleanup test by AV-Comparatives, Trend Micro rated STANDARD, the lowest passing rating.
The company also declines to participate in testing by ICSA Labs. West Coast Labs certifies the product for both virus detection and virus removal.
All of the tests mentioned to this point are static tests in which the product is presented with thousands of inactive malware files and challenged to identify them. Trend Micro contends, quite reasonably, that dynamic testing of the whole product with active malware is more representative of the user's real-world experience.
Each quarter AV-Test.org runs a dynamic virus certification test under Windows 7, Vista, or XP. Products can earn up to six points in three areas: Protection, Repair, and Usability. A total of 11 points is required for certification. Trend Micro did make the cut, but just barely. Its last three scores were 12.5, 13.5, and 12.5. Bitdefender's technology averaged 16 point on the last three tests, the highest of any tested. and Kaspersky came in second with an average of 15.17.
In the dynamic whole product test by AV-Comparatives, Trend Micro impressively took the top rating, ADVANCED+.
AVG Anti-Virus Free 2012
AVG Technologies is best known for antivirus protection, but in recent years the company has branched out, adding system tune-up, parental control, online backup, and more. But have no fear; you can still get the powerful protection of AVG Anti-Virus Free 2012 without spending a penny. In my tests and in tests by independent labs it beats many of its for-pay competition. Do note that it's specifically free for personal use; business users must pay for AVG's antivirus protection.
The 2012 edition's main screen collapses the previous edition's ten component icons down to six, but adds three new ones to integrate the company's other products. If you use AVG Family Safety ($19.95 direct for three licenses, 4.5 stars), AVG PC Tuneup 2011 ($29.99/year direct, 4 stars), or AVG LiveKive online backup, you can click the icon to link your products. If you don't, naturally the antivirus includes an option to get them.
More
Specifications
Type
Personal
Free
Yes
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
FAQ, forum, videos, email; free phone support in US, UK, Canada.
More Good Lab Results
All of the labs I follow test AVG's technology and give it generally good ratings. ICSA Labs and West Coast Labs certify it for virus detection; West Coast adds checkmark certification for virus removal as well. In all of the last ten tests by Virus Bulletin, AVG has received VB100 certification.
AVG participates in the on-demand test by AV-Comparatives.org, but not in the retrospective test, which simulates zero-day protection by using old virus signatures. In the on-demand test AVG rated STANDARD, the lowest passing grade.
AV-Comparatives also runs a whole-product dynamic test, challenging products to protect test systems from real-world up-to-the-minute threats. In this test AVG rated ADVANCED, a cut above STANDARD.
The ongoing antivirus certification tests by AV-Test.org are also dynamic tests, emulating a user's real-world experience. Products can receive up to 6 points for protection, repair, and usability, with a total of 11 points required for certification. In the most recent tests under Windows 7, Vista, and XP, AVG averaged 13.17 points.
The article How We Interpret Antivirus Lab Tests explains how I boil down results from the various labs to create the following chart.
AVG Anti-Virus Free 2012 lab tests chart
Very Good Malware Cleanup
AVG installed quickly on my twelve malware-infested test systems. Resistant malware on one system interfered with installation, but installing in Safe Mode solved that one. On half of the test systems AVG detected active threats immediately and requested a reboot to finalize cleanup.
A full scan on my standard clean test system took just 16 minutes, and a repeat scan finished in less than two minutes. That's plenty fast. The average scan time for recent products on this same system is 25 minutes.
I always find it odd that AVG separates rootkit scanning from the whole computer scan. For the test systems infested with rootkits I ran the separate rootkit scan, which added about three minutes.
When I tallied the results I was quite impressed. AVG detected 88 percent, the same as TrustPort Antivirus 2012 ($39.95 direct, 3.5 stars). Of the products tested with this current threat collection, only G Data AntiVirus 2012 ($29.95 direct, 3.5 stars), with 91 percent, detected more.
AVG didn’t clean up perfectly. It left behind executable files for some threats, and even left a few processes running. However, its score of 6.5 points for malware removal is a new high for the current crop of antivirus products, beating out the 6.4 point record held by Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars).
AVG detected all of the threats that use rootkit technology and scored 6.7 points for rootkit removal, a tie for top score with ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars). Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) was the next-best rootkit remover, with 6.0 points.
The majority of current products detected all of my scareware samples. Malwarebytes scored a perfect 10, thoroughly cleaning up scareware. AVG was close behind with 9.5 points, the same as BitDefender, Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars), and several others.
This is quite an impressive showing, and it parallels the dynamic test results from the labs. For a full explanation of how I come up with these scores see How We Test Malware Removal.
The 2012 edition's main screen collapses the previous edition's ten component icons down to six, but adds three new ones to integrate the company's other products. If you use AVG Family Safety ($19.95 direct for three licenses, 4.5 stars), AVG PC Tuneup 2011 ($29.99/year direct, 4 stars), or AVG LiveKive online backup, you can click the icon to link your products. If you don't, naturally the antivirus includes an option to get them.
More
Specifications
Type
Personal
Free
Yes
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
FAQ, forum, videos, email; free phone support in US, UK, Canada.
More Good Lab Results
All of the labs I follow test AVG's technology and give it generally good ratings. ICSA Labs and West Coast Labs certify it for virus detection; West Coast adds checkmark certification for virus removal as well. In all of the last ten tests by Virus Bulletin, AVG has received VB100 certification.
AVG participates in the on-demand test by AV-Comparatives.org, but not in the retrospective test, which simulates zero-day protection by using old virus signatures. In the on-demand test AVG rated STANDARD, the lowest passing grade.
AV-Comparatives also runs a whole-product dynamic test, challenging products to protect test systems from real-world up-to-the-minute threats. In this test AVG rated ADVANCED, a cut above STANDARD.
The ongoing antivirus certification tests by AV-Test.org are also dynamic tests, emulating a user's real-world experience. Products can receive up to 6 points for protection, repair, and usability, with a total of 11 points required for certification. In the most recent tests under Windows 7, Vista, and XP, AVG averaged 13.17 points.
The article How We Interpret Antivirus Lab Tests explains how I boil down results from the various labs to create the following chart.
AVG Anti-Virus Free 2012 lab tests chart
Very Good Malware Cleanup
AVG installed quickly on my twelve malware-infested test systems. Resistant malware on one system interfered with installation, but installing in Safe Mode solved that one. On half of the test systems AVG detected active threats immediately and requested a reboot to finalize cleanup.
A full scan on my standard clean test system took just 16 minutes, and a repeat scan finished in less than two minutes. That's plenty fast. The average scan time for recent products on this same system is 25 minutes.
I always find it odd that AVG separates rootkit scanning from the whole computer scan. For the test systems infested with rootkits I ran the separate rootkit scan, which added about three minutes.
When I tallied the results I was quite impressed. AVG detected 88 percent, the same as TrustPort Antivirus 2012 ($39.95 direct, 3.5 stars). Of the products tested with this current threat collection, only G Data AntiVirus 2012 ($29.95 direct, 3.5 stars), with 91 percent, detected more.
AVG didn’t clean up perfectly. It left behind executable files for some threats, and even left a few processes running. However, its score of 6.5 points for malware removal is a new high for the current crop of antivirus products, beating out the 6.4 point record held by Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars).
AVG detected all of the threats that use rootkit technology and scored 6.7 points for rootkit removal, a tie for top score with ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars). Bitdefender Antivirus Plus 2012 ($39.95 direct for three licenses, 4 stars) was the next-best rootkit remover, with 6.0 points.
The majority of current products detected all of my scareware samples. Malwarebytes scored a perfect 10, thoroughly cleaning up scareware. AVG was close behind with 9.5 points, the same as BitDefender, Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars), and several others.
This is quite an impressive showing, and it parallels the dynamic test results from the labs. For a full explanation of how I come up with these scores see How We Test Malware Removal.
2 Eylül 2011 Cuma
Anti-Virus Tips
Tips for Virus Detection and Prevention
Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
Do not open any files attached to an email if the subject line is questionable or unexpected.
Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
Do not download any files from strangers.
Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site.
Update your anti-virus software regularly. McAfee security software like McAfee Total Protection update automatically and continuously via the Internet.
Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates for your operating system, web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security.
If you are in doubt about any potential virus-related situation you find yourself in, you may report a virus to our virus team.
Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
Do not open any files attached to an email if the subject line is questionable or unexpected.
Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
Do not download any files from strangers.
Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site.
Update your anti-virus software regularly. McAfee security software like McAfee Total Protection update automatically and continuously via the Internet.
Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates for your operating system, web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security.
If you are in doubt about any potential virus-related situation you find yourself in, you may report a virus to our virus team.
22 Ağustos 2011 Pazartesi
Use security software that updates automatically.
Keep your security software active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element or a security suite that includes these programs from a variety of sources, including commercial vendors or from your Internet Service Provider. Security software that comes pre-installed on a computer generally works for a short time unless you pay a subscription fee to keep it in effect. In any case, security software protects against the newest threats only if it is up-to-date. That's why it is critical to set your security software to update automatically.
Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers have used to spread malware. OnGuardOnline.gov can connect you to a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.
Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.
Anti-Virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
Anti-Spyware Software
Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information.
A computer may be infected with spyware if it:
Slows down, malfunctions, or displays repeated error messages
Won't shut down or restart
Serves up a lot of pop-up ads, or displays them when you're not surfing the web
Displays web pages or programs you didn't intend to use, or sends emails you didn't write.
Firewalls
A firewall helps keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers have used to spread malware. OnGuardOnline.gov can connect you to a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.
Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.
Anti-Virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
Anti-Spyware Software
Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information.
A computer may be infected with spyware if it:
Slows down, malfunctions, or displays repeated error messages
Won't shut down or restart
Serves up a lot of pop-up ads, or displays them when you're not surfing the web
Displays web pages or programs you didn't intend to use, or sends emails you didn't write.
Firewalls
A firewall helps keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
16 Ağustos 2011 Salı
What is pharming?
Whereas phishing uses fraudulent email messages to lure you to fake Web sites and try to get you to supply personal information like account passwords, pharming attacks redirect you to a hacker's site even when you type the address of a real site into your browser.
Real or not?
Pharming does not require that a user clicks on an email message or has a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."
Pharmers typically redirect users to a spoofed website by tampering with a company's hosts files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that users are unaware that the website where they are entering confidential information is controlled by hackers.
Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting the user to a fraudulent website when the user types in a legitimate address.
Pharming strike
In February 2007, a pharming attack that targeted online customers of at least 50 financial institutions in the US, Europe and the Asia-Pacific region infected at least 1,000 machines per day for several days. The attack was notable for the effort put into it by the hackers, who constructed a separate look-alike website for each financial institution they targeted.
Also in 2007, a new kind of pharming was discovered. In drive-by pharming a cyberattacker takes control of a user's home router by guessing the router password and any users who have not changed the default password on their router could be at risk.
Be aware
One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.
Real or not?
Pharming does not require that a user clicks on an email message or has a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."
Pharmers typically redirect users to a spoofed website by tampering with a company's hosts files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that users are unaware that the website where they are entering confidential information is controlled by hackers.
Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting the user to a fraudulent website when the user types in a legitimate address.
Pharming strike
In February 2007, a pharming attack that targeted online customers of at least 50 financial institutions in the US, Europe and the Asia-Pacific region infected at least 1,000 machines per day for several days. The attack was notable for the effort put into it by the hackers, who constructed a separate look-alike website for each financial institution they targeted.
Also in 2007, a new kind of pharming was discovered. In drive-by pharming a cyberattacker takes control of a user's home router by guessing the router password and any users who have not changed the default password on their router could be at risk.
Be aware
One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.
What is a rootkit?
Rootkits are a malware inventor's dream: they are created to allow worms, bots, and other malevolent software to hide in plain sight. Rootkits are designed to hide themselves from detection by users and security programs, so they don't show up in Windows Explorer, the running processes don't display in the Task Manager, and many antivirus programs can't find rootkit-hidden malware.
A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user's operating system and security software.
Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users' computers. Rootkits can allow criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on a user’s computer, disabling some PC firewalls and evading some traditional security products at will.
Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.
Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity in rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft's Windows platform. Rootkits have grown over the past five years from 27 components to 2,400, according to a report from April 2007.
This means that there are more ways attackers can use these components to hide their malware and it means that the use of rootkits is increasing. One security company recorded a 62 percent annual increase in rootkit activity in 2006 and predicted an increase of around 40 percent 2007. Another security company that surveyed 291,000 users in October 2007 warned that increasing numbers of PC users are falling victim to rootkit infections.
A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user's operating system and security software.
Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users' computers. Rootkits can allow criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on a user’s computer, disabling some PC firewalls and evading some traditional security products at will.
Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.
Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity in rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft's Windows platform. Rootkits have grown over the past five years from 27 components to 2,400, according to a report from April 2007.
This means that there are more ways attackers can use these components to hide their malware and it means that the use of rootkits is increasing. One security company recorded a 62 percent annual increase in rootkit activity in 2006 and predicted an increase of around 40 percent 2007. Another security company that surveyed 291,000 users in October 2007 warned that increasing numbers of PC users are falling victim to rootkit infections.
What is a keylogger?
According to experts, keystroke loggers pose more risk to PC users than any other tool used for committing cybercrime. Also known as keyloggers, they are small programs or hardware devices that monitor each keystroke you type on a specific computer's keyboard, including typos, backspacing and retyping.
Recording your every move on the Web
Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.
Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example online banking websites.
Therefore, keyloggers are an increasingly popular tool among identity thieves and most financial cybercrime is committed using them, as these programs are the most comprehensive and reliable tool for tracking electronic information. One security company detected just 275 keyloggers in 2001, while the number had reached 6,200 in 2005. Another security company recorded more than a 500 percent increase between January 2003 and July 2006.
Identity theft in all its various guises is one of the fastest growing crimes, with keylogging Trojan software often forming the weapon of choice for would-be fraudsters. According to figures from American consumer watchdog the Federal Trade Commission, almost ten million Americans discovered they were the victims of identity theft during 2003, with total losses approaching $50 billion. The research shows that the number of victims has risen by 50 percent since 2003 and the financial loss per consumer has more than doubled from $1,408 in 2005 to $3,257 in 2006.
In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record more than $1 million was stolen. Also in 2007, the users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, with cybercriminals taking off with about $35,000 from two dozen user accounts.
In 2005, a businessman from Florida filed a lawsuit against the Bank of America after unknown hackers stole $90,000 from his account and transferred the money to Latvia. An investigation showed that his computer was infected with a malicious program that recorded every keystroke and this was how the hackers got hold of his user name and password. The court did not rule in favor of the plaintiff, saying that he had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.
Your PC can become infected with keyloggers in various ways. They can be inadvertently downloaded from an infected Web site, email attachment, or by clicking on links. Often cyberthieves are using Trojan-horse software to load keylogging software onto unsuspecting victims' computers.
Recommended methods to protect against keyloggers include keeping all your programs up-to-date – antivirus and firewall software as well as Windows, Office and other applications – recognising phishing emails, and avoiding the temptation of clicking links in email that point to potentially dodgy sites hosting malware.
Recording your every move on the Web
Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.
Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example online banking websites.
Therefore, keyloggers are an increasingly popular tool among identity thieves and most financial cybercrime is committed using them, as these programs are the most comprehensive and reliable tool for tracking electronic information. One security company detected just 275 keyloggers in 2001, while the number had reached 6,200 in 2005. Another security company recorded more than a 500 percent increase between January 2003 and July 2006.
Identity theft in all its various guises is one of the fastest growing crimes, with keylogging Trojan software often forming the weapon of choice for would-be fraudsters. According to figures from American consumer watchdog the Federal Trade Commission, almost ten million Americans discovered they were the victims of identity theft during 2003, with total losses approaching $50 billion. The research shows that the number of victims has risen by 50 percent since 2003 and the financial loss per consumer has more than doubled from $1,408 in 2005 to $3,257 in 2006.
In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record more than $1 million was stolen. Also in 2007, the users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, with cybercriminals taking off with about $35,000 from two dozen user accounts.
In 2005, a businessman from Florida filed a lawsuit against the Bank of America after unknown hackers stole $90,000 from his account and transferred the money to Latvia. An investigation showed that his computer was infected with a malicious program that recorded every keystroke and this was how the hackers got hold of his user name and password. The court did not rule in favor of the plaintiff, saying that he had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.
Your PC can become infected with keyloggers in various ways. They can be inadvertently downloaded from an infected Web site, email attachment, or by clicking on links. Often cyberthieves are using Trojan-horse software to load keylogging software onto unsuspecting victims' computers.
Recommended methods to protect against keyloggers include keeping all your programs up-to-date – antivirus and firewall software as well as Windows, Office and other applications – recognising phishing emails, and avoiding the temptation of clicking links in email that point to potentially dodgy sites hosting malware.
What are security holes?
Security holes are constantly discovered in all sorts of software and to plug the holes software vendors issue patches - also called "fixes" or just plainly "security updates" - to offer an immediate quick-repair solution for the problem and/or a general enhancement of the software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Keeping your PC up-to-date
Constantly patching the software on your PC is just as important as keeping your antivirus program up-to-date and running a firewall. Yet the numbers show that a lot of users are struggling with the task of keeping all their software up-to-date.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
On occation cyber-criminals have tried to sneak malware past users by disguising it as an automatic update to a popular software product. If you are in doubt if an update trying to install itself on your computer is the real deal, it might be a good idea.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
On occation cyber-criminals have tried to sneak malware past users by disguising it as an automatic update to a popular software product. If you are in doubt if an update trying to install itself on your computer is the real deal, it might be a good idea.
How a virus works
The word virus is often being used as a common term for all malicious programs, but technically a virus is a program or code that attaches itself to a legitimate, executable piece of software, and then reproduces itself when that program is run. Viruses spread by reproducing and inserting themselves into programs, documents, or email attachments. They can be transmitted through emails or downloaded files and they can be present on CDs, DVDs, USB-drives and any other sort of digital media.
A virus normally requires action to successfully infect a victim. For instance - the malicious programs inside email attachments usually only strike if the recipient opens them. The effect of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.
In recent years viruses have been on the decrease. In January 2007, one in 119.9 e-mails, or 0.83 percent, were infected with viruses, while more than 20 percent of emails at times contained viruses five years earlier. The difference is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. Also, there has been big increase in spam emails that contains links to download viruses.
The computer virus turned 25 in 2007. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the first IBM-compatible PC. Elk Cloner, which spread between Apple II computers via infected floppy disks, was released July 1982 and it was the first computer virus to spread in the wild.
Viruses had their heyday around the year 2000, with the Y2K scare. In 1999, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft's Word and Outlook. A year later, the 'I Love You' virus caught the world by surprise. Lloyds of London estimated that the virus cost the global economy $10bn, making it the most expensive piece of malicious software to be unleashed to date. It was also the first time a computer virus became the day's top story for newspapers and television stations, marking a shift to mainstream awareness of computer viruses.
Nowadays, also mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and Internet browsing on cellphones. Attacks on cellphones rose five times in 2006, with clients of 83 percent of mobile operators around the world having been hit, an industry study showed.
But mobile viruses are around 20 years behind those plaguing PCs, which translates into more than 300 virus variants targeting mobiles and smartphones, but around 400,000 such threats targeting PCs. In June 2004, a security company released details of a piece of mobile-phone malware that used Bluetooth to try to spread to other Symbian Series 60-based mobiles. That is believed to be the first case of a self-replicating mobile-phone virus and since then there has been a consistent increase in mobile viruses.
A virus normally requires action to successfully infect a victim. For instance - the malicious programs inside email attachments usually only strike if the recipient opens them. The effect of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.
In recent years viruses have been on the decrease. In January 2007, one in 119.9 e-mails, or 0.83 percent, were infected with viruses, while more than 20 percent of emails at times contained viruses five years earlier. The difference is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. Also, there has been big increase in spam emails that contains links to download viruses.
The computer virus turned 25 in 2007. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the first IBM-compatible PC. Elk Cloner, which spread between Apple II computers via infected floppy disks, was released July 1982 and it was the first computer virus to spread in the wild.
Viruses had their heyday around the year 2000, with the Y2K scare. In 1999, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft's Word and Outlook. A year later, the 'I Love You' virus caught the world by surprise. Lloyds of London estimated that the virus cost the global economy $10bn, making it the most expensive piece of malicious software to be unleashed to date. It was also the first time a computer virus became the day's top story for newspapers and television stations, marking a shift to mainstream awareness of computer viruses.
Nowadays, also mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and Internet browsing on cellphones. Attacks on cellphones rose five times in 2006, with clients of 83 percent of mobile operators around the world having been hit, an industry study showed.
But mobile viruses are around 20 years behind those plaguing PCs, which translates into more than 300 virus variants targeting mobiles and smartphones, but around 400,000 such threats targeting PCs. In June 2004, a security company released details of a piece of mobile-phone malware that used Bluetooth to try to spread to other Symbian Series 60-based mobiles. That is believed to be the first case of a self-replicating mobile-phone virus and since then there has been a consistent increase in mobile viruses.
2 Ağustos 2011 Salı
Computer security policy-Germany
Berlin starts National Cyber Defense Initiative
On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) [[1]] , which is located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) [[2]], BKA (Federal Police Organisation) [[3]], BND (Federal Intelligence Service) [[4]], MAD (Military Intelligence Service) [[5]] and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on Feb. 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet
On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) [[1]] , which is located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) [[2]], BKA (Federal Police Organisation) [[3]], BND (Federal Intelligence Service) [[4]], MAD (Military Intelligence Service) [[5]] and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on Feb. 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet
Computer security policy
United States
Cybersecurity Act of 2010
On April 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010.[7] The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated" and talks about the country's response to a "cyber-Katrina".[8]), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."[8] The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors the dramatic over the sober response".[9]
International Cybercrime Reporting and Cooperation Act
On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees.[10] The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also "directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries"[10] as well as to develop an action plan and an annual compliance assessment for countries of "cyber concern".[10]
[edit] Protecting Cyberspace as a National Asset Act of 2010
On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in pdf), which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[11]
White House proposes cybersecurity legislation
On May 12, 2010, The White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.
Cybersecurity Act of 2010
On April 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010.[7] The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated" and talks about the country's response to a "cyber-Katrina".[8]), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."[8] The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors the dramatic over the sober response".[9]
International Cybercrime Reporting and Cooperation Act
On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees.[10] The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also "directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries"[10] as well as to develop an action plan and an annual compliance assessment for countries of "cyber concern".[10]
[edit] Protecting Cyberspace as a National Asset Act of 2010
On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in pdf), which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[11]
White House proposes cybersecurity legislation
On May 12, 2010, The White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.
Applications
Computer security is critical in almost any technology-driven industry which operates on computer systems. Computer security can also be referred to as computer safety. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.[3]
[edit] Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely[original research?].
[edit] Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.[4]
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide.[5] One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.[citation needed] Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.[citation needed]
[edit] Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
[edit] Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely[original research?].
[edit] Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.[4]
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide.[5] One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.[citation needed] Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.[citation needed]
[edit] Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
14 Temmuz 2011 Perşembe
Secure operating systems
One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.
Systems designed with such methodology represent the state of the art of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions.y8 None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
Systems designed with such methodology represent the state of the art of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions.y8 None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
Kaydol:
Kayıtlar (Atom)