Monday, December 22, 2008

Website of the Week #9

This week I'll be providing my recommendation for two software security suites. When I say the word "suite" I mean the product has much more than just antivirus capabilities...it could have anti-spyware, spam filtering, firewall, web site scanning, etc. Ultimately, each person will need to decide what works best for them and their situation; however, the following are my two choices for the best security suites of 2008.

Avira - or more specifically, the Avira Premium Security Suite http://www.avira.com/en/solutions/home_home_office.html (30 day free trail)

If you only want the AV and nothing more, you can download the software at http://tinyurl.com/8m2cc8 this is a free version with no limitations.
  • Over the past year, Avira has posted the highest malware detection rate out all (single engine) AV products world-wide
  • It has an extremely low CPU footprint (it runs between 5-17% CPU on my laptop while performing a scan)
  • The outbound firewall is robust and easy to configure
  • Built in Spyware and Adware engine
  • 'Anti-Drive by' feature that protects your browser from downloading malicious code
  • Fast AV scan engine (during manual scans)
  • Daily AV definition updates
  • Anti-Bot protection (must be configured appropriately with your ISP's email server)
  • Non-obtrusive pop-ups (from the firewall)
    SAP's primary vendor of choice during enterprise-wide SAP implementations
  • Company is based out of Tettnang, Germany

ESET / NOD32 - ESET's Smart Security http://www.eset.com/smartsecurity/index.php (30 day free trial)

  • Highest AV "pass rate" out of all AV software engines over the past 10 years - per the Virus Bulletin 100 Tests (VB 100) - 54 Successes vs. 3 Failures. A failure might also equate to producing a false positive.
  • Lowest false positive rating out of any AV product on the market, period.
  • Solid outbound firewall protection
  • Low CPU footprint on most modern pcs
  • Great email scanner
  • Built in Spyware and Adware engine
  • Easy to use if you don't want to worry about doing much setup/customization (leave the default settings and go)
  • Company is based out of Bratislava, Slovakia
Both of these products are top of the line AV / Spyware software packages. My preference is to use security "suites" that include multiple features such as a firewall, web protection, anti-spyware etc. vs. a stand-alone AV with either the Windows XP firewall or another 3rd party firewall.
Personally, I decided to use Avira over ESET (which I've also loaded onto a few other family member computers). The reasons were: 1) ESET was producing a slightly higher CPU footprint on my machine that Avira did. 2) Avira has built in bot protection (which you must configure, but it's well worth it). The anti-bot feature ultimately sold me on the product. 3) Avira provided me with slightly more advanced user customizations. 4) Avira has the highest malware detection rate out of any other single engine product.
I tested each product out for over a month before making my final decision and (if you're looking for a new security suite) I would recommend that you do the same. You can download 30 day test trials for each on their respective websites. This gives you 60 days of free AV protection.

Quote of the week:
Robert Duffner, Senior Director of Platform and Open Source Strategy at Microsoft (how's that for a title), said that Microsoft was the "Wal-Mart of software companies." And that "We are a good choice during this economic downturn."

Humm, I'm not sure that I've ever seen any cost similarities between Wal-Mart and Microsoft...or anything else for that matter. What I find the most amusing about this is when have we ever seen the terms Microsoft and Open Source in the same sentence?

Misc. News of the week:

Not dead yet -
Microsoft has once again extended the licensing of Windows XP for most computer dealers and distributors to May 30, 2009. The last deadline was Jan. 31, 2008. Look to see the May deadline get extended once we get a little closer.
IBM said that based on data from its 3,700 managed security services customers worldwide, the number of security events had risen from 1.8 billion to 2.5 billion per day over the past four months.

Using the same type of nanotechnology that enables hard drives to read and write data, researchers at Stanford University have developed a system that should be able to detect cancer in the human body.

The blood scanner, which is still in the prototype stage, is designed to find cancer markers in the blood stream in the early stages of the disease, when they can be treated more easily and successfully. The research document also noted that the sensors can detect cancer markers in a blood sample in less than an hour. (lets hope this works)


Browser News of the week:
For Internet Explorer users - an emergency off-cycle patch took place on Wed. 12/17 at 1pm EST that patched up several critical IE7 vulnerabilities.
Firefox also released a patch around 1:30am EST on 12/17 to secure a few different vulnerabilities as well. The new FF version is now 3.0.5.
For Google Chrome users - UnChrome keeps your web-surfing habits anonymous (basically it removes your unique user ID with a null value) so that Google is unable to trend your browsing habits. If you use Google's search engine (like just about everyone else on the planet), this might not really matter much.
Product of the week:
A hard drive docking station that allows hot swapping! (I want this for Christmas!)
Tool of the week:
Self destructing message
Ever wanted to make sure that a message you sent someone never got re-read? Check out this online tool that can be used for email and IM.

http://www.blogger.com/redir.aspx?C=55b0caa2458e479d943836c064a4934e&URL=https%3a%2f%2fprivnote.com%2f


Something Extra:

Have you ever wanted to learn a foreign language? Now you can...over the internet of course.

http://www.livemocha.com/


Website of the week:

VideoLAN - VLC Media Player

Would you like to be able to watch MP4's on your PC? You can do that and much more, just check out my website of the week to download a cool free tool.

http://www.videolan.org/


Next Week:
Online storage options

Posted by at No comments:
Labels:

Tuesday, December 16, 2008

Website of the Week #8

Security Report: (stats provided by Cisco)
  • Nine in ten emails are now considered spam
  • An estimated 200 billion junk mail messages per day are clogging up the internet
  • "Drive-by" download attacks where hackers plant redirection scripts on legitimate sites that lead to hacker controlled sites (which are full of exploits) have become a popular method for spreading all forms of malware, including botnet clients that turn PCs into spam-churning zombies
  • The U.S. is the single biggest source of spam, accounting for 17.2 per cent of junk mail. Other big offenders include Turkey (9.2 per cent), Russia (8 per cent), Canada (4.7 per cent), Brazil (4.1 per cent), India (3.5 per cent), South Korea (3.3 per cent), Germany and the UK (2.9 per cent each).
  • Numerous mainstream websites are now loaded/infected with iFrames, which are malicious scripts that also redirect visitors to malware-downloading sites
  • One of the big growth areas is the overall rise in vulnerabilities involving virtualization technology, which rose from 35% last year to 103% in 2008

I'll be discussing options to improve your overall security over the next couple of weeks. To immediately address the value of leveraging virtualization technology to help increase information security, I'll be discuss this in my pick for the tool of the week.


Tool of the Week: (Free)
What is Sandboxie?
Sandboxie is a tool that will contain and allow applications to run within an isolated virtual space.

How does it work?
Applications that run within the sandbox cannot make system (OS) changes. They can read files but cannot write. By doing so, this prevents any malicious code from writing to the system and keeps your work contained within the sandbox. Therefore, if you pickup some malicious code while surfing (from a site that was infected), this code will not be able to reach past the sandbox to do any damage to your system.

How is it different from a virtual machine (VM)?
Sandboxie has a very small CPU footprint and unlike a VM, you do not need to share/allocate RAM between the VM and your primary PC. Sandboxie will setup just about everything for you (the default settings work quite well), but you might still need to make some minor configuration changes to meet your individual needs.

Is this the silver bullet?
No, there is no such thing when it comes to computer security; however, this is one of the many ways to increase your overall computing safety. You can still pickup tracking cookies or malicious programs while using Sandboxie, as Sandboxie is not designed to detect or disable malware. It is designed to make sure that sandboxed applications stays in the sandbox - software can't integrate into Windows and it can be completely discarded when you delete the sandbox. You can configure Sandboxie to automatically delete content within the Sandbox upon closing the application.

How do I use Sandboxie?
Since one of the major I use Sandboxie during all my browsing sessions. Once I close my session, I've configured Sandboxie to automatically delete the content/history within the Sandbox. Therefore, any accumulated or unnecessary programs are immediately discarded and never have access to my operating system.
Sandboxie is a free tool; however, a paid version is also available with a few additional features. The free version suits my needs just fine. Using this application alone will increase your overall internet security exponentially.

Tech news of the week:
1. A group of scientists (actually they were students) at the University of California were able to replicate keys (house, car, etc.) by taking a digital photo of keys at distances up to 200 ft. away. Apparently, the 'twin' key had a successful 'open lock' rate of 80%. News about this type of digital key replication has been around for quite a while and has just recently resurfaced in the news again. I've attached a report from one story posted back in November by msnbc.com
2. Google's Chrome browser officially leaves Beta. Apparently, Google's goals for stability and performance have been met, but they are still working to add additional features such as RSS and form auto-fill just to name a few. Look for them to also develop extensions to support Mac and Linux users as well. Overall, this is interesting news...since Gmail has only been in beta for what, 10 years?! (Actually, it's been around since April of 2004)

3. Attention Windows users...Did you get your updates from last week? The second Tuesday of every month, also known as "Patch Tuesday" came out with 8 security bulletins for the month of December. Six were labeled as "Critical" and two were "Important". Seven out of the eight involved patching holes in various code that was open for remote code execution. Overall, the patch addressed a total of twenty eight different vulnerabilities. Even if you have the Windows Update feature enabled, I'd double check that you have all the updates either via Secunia's website (tool of the week last week) or go to http://www.update.microsoft.com to check.

Gadget of the week:
40 Years of Mighty Mice
How 10 famous technologies got their name:
And finally, the...

Website of the week:

Leo Notenboom is an ex-Microsoft guy and 100% tech guru. If you have a tech question you might be able to find it on his website. If you can't find it, Ask Him, or I should say "Ask Leo"! And he might just respond to you directly. I highly recommend this site for both it's thoroughness and accuracy.

Next Week:
My picks for the best two (yes, there are only two) Antivirus security suites on the market today.
What I have to say might surprise you.
Posted by at No comments:
Labels:

Tuesday, December 9, 2008

Website of the Week #7

Security Report:
Most PCs run outdated, "hacker-friendly" software. Below is Secunia's PC vulnerability study:

Number of insecure programs per PC/user

0 insecure programs: 1.91% of PCs

1-5 insecure programs: 30.27% of PCs

6-10 insecure programs: 25.07% of PCs

11+ insecure programs: 45.76% of PCs


See which category you fall into by trying out my tool of the week (below)


Tool of the week:
Secunia's online software inspector:
About Secunia's OSI and PSI tools...
Secunia has an extensive database holding tens of thousands of application signatures which will look for application version vulnerabilities and advises you on which ones that you need to upgrade. Read the "feature overview" bullets on their website for additional details.

How it works...
The tool scans most of the executables (.exe) and dynamic-linked libraries (.dll) on your hard drive. But most importantly, it looks for applications with known security flaws and tell you which ones that you need to upgrade. It also has an open connection to the MS Windows Update database. Since it's more of a version management system, it won't scan applications that don't have any vulnerabilities/problems. If you download the PSI version, it will show up in your startup menu - but the online scanner (OSI) works just as effectively for me.

Firefox News:Mozilla launched Firefox 3.1 Beta 2, now with a 'Private Browsing' feature that matches the similar features being used within both the Safari and Chrome web browsers. Mozilla Corp. is saying there will be a 3rd beta coming down the road to test out some additional functionality. I don't recommend using the beta version just yet, (v3.0.4 is the most current), but if you want to give it a test run you can download it at: http://tinyurl.com/6crtcy


Did you know?


Current Browser market share:

Internet Explorer (71.11%)

Mozilla Firefox (20.06%)

Safari (6.62%)

Opera (0.75%)

Google Chrome (0.74%)

Netscape (0.46%)

Other (0.24%)


Microsoft News:

Microsoft will be managing 3 Operating Systems in 2009. Yes, they are still attempting to phase out XP. Over the past month and a half XP's market share has dropped 1.8%, while Vista just broke the 20% mark. On top of all this, Microsoft will be working on getting Windows 7 ready for release as well as releasing IE8. This should prove to be a pivotal year for Microsoft, especially since the Windows OS has dropped below a 90% market share for the first time in twenty years.


General News:

Amazon's Kindle Reader is sold out for the holiday's. Sorry, you'll have to put yourself on a waiting list to get it sometime after Dec. 24th. But hang on...listings are still available via 3rd parties on Amazon...if your desperate.

Find the Kindle on Amazon.com http://tinyurl.com/5k5ezh


Video game of the week: (Are you serious!?)

If you ever wondered what it would like to be the President of the United States? Give this game a try starting on Jan. 20th, 2009.

http://tinyurl.com/678lzj


Pictures of the week:

Photos


And finally the...Website of the week! (Yes, it's a tool...but at least it's on a website!!!)

I might put this to good use some day...


VeoProject:
VeoProject review: http://tinyurl.com/6dm3cn
VeoProject website: http://tinyurl.com/65dlo2

Posted by at No comments:
Labels:

Tuesday, December 2, 2008

Website of the Week #6

Two Websites of the Week - pick your poison.
1) MIT's Open Courseware site provides you with over 1,800 courses that they've offered over the past several years. Resources ranging from lecture notes, to student papers, to filters for audio/video lectures are available on the site. No registration is necessary - just click and go.

2) An interactive guide to the international space station.
Pictures of the Week: Geek Hotels
Wasn't the ice hotel in one of the Bond movies?
News of the week: (for Mac Users)
It's not just a Windows 'thing'
This is long overdue, but Steve Jobs reluctantly accepts the reality of the world we live in.
Tip of the week:
Adobe Reader Vulnerability
There is an exploit that exists for Adobe Reader versions 8.1.2 and lower. I'd recommend updating to version 9 (at least on your home computers).
Posted by at No comments:
Labels:

Monday, November 24, 2008

Website of the Week #5

Website of the week: Tiny URL
Firefox also has a need little add-on which allows you to create a "tiny URL" after a few simple clicks on your toolbar.
http://tinyurl.com/

Did you know?...of the week:
12 myths on how the internet works.
http://tinyurl.com/65agj3
http://www.networkworld.com/news/2008/112008-ietf-internet-myths.html?hpg1=bn

Gadget of the week:
Specially made for the Star Wars fan in all of us.
Geek History:
Hail to the Chief...err, I mean Geek. Here are the top 10 Geeks of all time.
Security news of the week:
Webhosting firm McColo was recently forced offline over a week ago. McColo was said to be responsible for anywhere between 50-75% of the worlds spam messages. Will they rise again? Probably...look for them to setup camp somewhere in Russia (which has been a haven for cyber criminals). Here's one of the many articles surrounding this story.
Security Stats of the Week:
-The highest priced attack tool, on average, between July 2007 - June 2008 was botnets, which sold for an average of $225.
-Phishing scam hosting services were offered for an average price of $10 with prices ranging from $2 to $80.
-The average price of a keystroke logger advertised on the underground economy was $23.
-The highest ranked exploit during this reporting period was site-specific vulnerabilities in financial sites, which were advertised for an average price of $740, with prices ranging from $100 to $2,999.
Posted by at No comments:
Labels:

Sunday, November 16, 2008

Website of the Week #4

Website of the week: (Thanks Annie)
Includes a variety of news ranging from the environment, to science/technology, to politics (just to name a few). So check it out...
You can also sign up for a yearly subscription of the magazine and choose how much you want to pay for it (yes, it's true!). 100% of the subscription costs goes to a nonprofit agency of your choice. We need more of this in the world.
I found the "First 100 days pledge sheet" quite interesting also... http://www.good.is/?p=13184

Photos of the week:
Tree house engineering feats that are quite impressive. (where were these when we were kids???)
Security News of the week:
Wireless Protected Access (WPA) encryption cracked by researchers:
This will now undoubtedly begin to lead to future exploits of this wireless security protocol.
Although there are different flavors of each (and the details can get quite extensive), here is a quick and dirty list of the wireless security protocols. Since most of us use wireless networks at home, I thought it might be useful to outline this at a high level.

WEP - [Wireless Encryption Protocol] This wireless protocol has been obsolete for a few years (but it's better than broadcasting an open unsecured wireless network). FYI - This encryption can be cracked in about 1 minute using free software available over the internet.

WPA - [Wireless Protected Access] Sufficient protection. Future vulnerabilities will continue to be probed now that a minor vulnerability has been discovered.

WPA2 - Recommended. Uses the Advanced Encryption Standard (AES) used by many government agencies... and at my house.

In order to leverage the WPA2 wireless encryption you need to check a few things:
1) Router must be WPA2 compatible. You can check the manufacturers website or go into your router settings console via the IP, i.e. http://192.168.1.1 (this will vary by manufacturer)
2) The Wireless network card (in your computer) must be WPA2 compatible. If you are not sure go to http://certifications.wi-fi.org/wbcs_certified_products.php?search=1&lang=en&filter_category_id=2&listmode=1 and scroll down to find your wireless adaptor/card. Click the "View Wi-Fi certifications" link to the right of your wireless card to get the details.

There are a few ways to find your card type:
A) Start, Run, Cmd, IPConfig/all. Look to the right of "Description" under the title "Ethernet wireless network adapter" (title may vary).
OR
B) Right click My computer, Manage, Device Manager, Network Adapters.
3) Microsoft users can download the WPA2 hotfix (this is not a part of the Windows updates) http://support.microsoft.com/kb/893357
4) Before doing any of this save a restoration point to backup your current state/settings just in case you have any problems.
Also, there are always options to potentially upgrade your router's firmware or system device drivers if necessary. If you have any questions feel free to send me a note.
Posted by at No comments:
Labels:

Thursday, October 23, 2008

Website of the Week #3

There's no actual website for this week, but I will offer a free tool and some news...

Free tool of the week: Glary Utilities
Nice lightweight utility to help with tasks such as: Registry cleaning and defragging, permanent file deletion, file undelete, duplicate file finder etc. (many modules to choose from)


More Microsoft news:
Take a walk down memory lane as Microsoft Word turns 25 years old this week. (make sure to check out the screenshots)

Posted by at No comments:
Labels:

Wednesday, October 15, 2008

Website of the Week #2

Website of the week:
Description:
TrueCrypt is free open source disk encryption software with nearly unbreakable encryption. (Let me expand upon the term "nearly"...Basically, it would take you 90 years running a 2 GHz computer to decrypt the cipher...assuming you are only using a 9 character password. TrueCrypt recommends using at least a 20 character passcode. Bottom line - the longer and more unique the password, the more difficult it will be to break the cipher. One general rule of thumb surrounding password security is to never use a stand alone word or number sequence. Both of these have a high chance to be broken by using either a 'Dictionary' or 'Brute force attack'.
TrueCrypt is also recommended by one of the worlds top security guru's - Steve Gibson
www.grc.com

I also use it as a virtual vault store my personal/sensitive information.

Article of the week:
Do you know who you're texting...?
News of the week: (maybe not newsworthy, but news none-the-less)
Yesterday Microsoft officially came to a decision to name their new Operating System "Windows 7". Don't we all feel much better that this decision is now final...I know I do.
Posted by at No comments:
Labels:

Wednesday, September 24, 2008

Website of the Week #1


1. Website of the week:

http://www.hulu.com/

Hulu allows you to watch some of your favorite movies on the web. For example, the series premiere of Knight Rider, yes Knight Rider!!!! aired tonight night at 8p on NBC. Too bad I had already watched it over the weekend on Hulu! :) Jason Kilar, a former Amazon.com exec is the current CEO. The great thing about this site is that you don't have to create an account or sign-in every time. Check it out!



2. Tip of the week: Web Browsers:

For anyone using Firefox either as a primary or secondary browser, version 3.0.2 was released on 9.23.08. You can easily get the update by opening your Firefox browser, click 'Help' and 'Check for Updates'. (prior version was 3.0.1)

Detailed release notes can be found at: http://en-us.www.mozilla.com/en-US/firefox/3.0.2/releasenotes/



Security specific vulnerabilities patched: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2



If you are not running Firefox then you are probably running IE 7. FYI - IE 8 is currently in beta 2 and is available for download on the Microsoft IE website. http://www.microsoft.com/windows/internet-explorer/beta/default.aspx



Google's new Chrome browser has been a breath of fresh air for many traditional IE users. Speed, along with some unique functionality has made it an instant hit for many users craving for a new browser. For my money, I'm still sticking with Firefox, the add-ons are just too darn convenient. Plus, I don't want to jump on the Google bandwagon just yet...they have enough information on my surfing habits as it is!

http://www.google.com/chrome

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)