Westfield Links

About

Bookmark and Share

FeedBurner

  • Enter your email address:

    Delivered by FeedBurner

Subscribe to this blog's feed

Archives

More...

Categories

Blogroll & other links

Hubspot Code

  • Hubspot Code

24 posts categorized "Home Computer"

04 November 2009

Information Security Concerns in a Pandemic

For a while now, we have been working on the development of a pandemic plan for our company.  Information Technology supports this plan in many ways.  Through the use of technology we can increase the number of employees who can “work at home” and use Virtual Private Networking (VPN) software to remotely connect into our systems to perform their work.  Getting employees out of the office but still having them be productive is a form of “Social Distancing” that can reduce the risk of exposure to disease.

A component of any pandemic plan needs to be communication on what can and can’t be done from an Information Security perspective, even in a pandemic situation.  For example, we only allow company configured machines to connect to our network, even over a VPN connection.  However, not all of our employees have laptops so many, therefore, cannot work at home.   It must be reinforced that information security policy is still policy even in a pandemic, and employees who do not have company laptops must not use email to send documents or data to themselves to work on using their home (or any non-company owned) computer.  This is the same for taking work home on portable USB drives or other media.  Even if you have the best intentions and only want to help your company, you are putting your company at risk of your data being intercepted, copied or lost resulting in a privacy breach.

Why be so paranoid?  Our employees are only trying to be more efficient and effective in a time where 20%-30% of the company might be out sick.  It can't be that bad, right?  Wrong.  A big reason why is “endpoint protection”.  Your company’s endpoints (workstations and laptops) have known, approved and licensed software on them, they have anti-virus software running on them, they are regularly patched for security vulnerabilities and they are free of peer-to-peer sharing software.  Some of your employees' home machines MAY be up to your company’s standards, but what if even one is not?  When your employee is done with their work, are you sure that no backup or temporary files will linger behind?  How many of your employees have children that use the home computer to share music or files?  How about viruses or malware infecting your corporate network once this work is brought back into your production environment?  What if the employee actually loses the USB drive?  Not to mention the risk of a shared or compromised gmail or yahoo mail account.

All of these scenarios can cause data leakage or data loss that can lead to a privacy breach.  According to the most recent Ponemon study that reports on the costs and causes of privacy breaches, “Over 88% of all cases this year involved incidents resulting from negligence.” This leaves only 12% as a result of malicious activity.  This 88% is composed of employees who think that they are doing the right thing, are trying to help and believe that nothing bad can happen.

So, please reinforce to your employees and peers that it is not safe to trust public networks, infrastructure or non-company owned equipment to store or work on company confidential materials.   Even in a pandemic situation were your workforce may be diminished and people are looking for innovative ways to “keep the lights on”, information security policy is still in effect and information security risks, and their consequences, outweigh lost productivity.

Posted by Bill Murray | | Comments (0) | TrackBack (0)

| | | |

20 April 2009

A/S/L/P - Bridging the Internet Generation Gap

April 23, 2009 is national “Take Our Daughters and Sons to Work” day.  This day was founded in 1993 as a way to introduce children and young adults to career opportunities as well as demonstrate how skills learned at school will be applied later in life.

As much as our daughters and sons can learn about our careers; there is much that they can teach us about the Internet and Internet safety.  I propose as an extension to “Take Our Daughters and Sons to Work” day, that parents spend an extra hour or two at home with their children to learn about their world. 

If you have never watched your child, niece or nephew navigate a computer and the Internet; you will be shocked the first time you sit down with them.   Ironically, they may be able to identify ways to optimize and/or automate your daily activities.  Thank goodness for child labor laws; otherwise, your next boss would probably be twelve!  Our children are light years ahead of us when it comes to finding information on the Internet.  Unfortunately, many still lack the practical experience to determine when they encounter a dangerous or unhealthy situation.

Remember how excited you were when you received that letter from half way around the globe as your pen pal reached out to you?  Today’s children communicate daily with friends and relatives around the world.  Through social networking sites such as Facebook and My Space, long lost friends or new ones are only a few keyboard and mouse clicks away.  Twitter, Jaiku and Pownce are a few other places where kids are sharing information about their daily lives.  Using cell phones, these posts can happen anytime, anywhere giving the world up-to-the-minute updates. Celebrities like Erika Badu have gone as far as blogging their childbirth experience.

While this information is harmless when shared among friends and family; it may have serious consequences when obtained by the wrong person.  Cyberbullying and cyberstalking are examples of overt Internet crimes.  Online predators are manipulating our children to engage in dangerous and sometimes deadly situations.  Despite the popularity of news programs like NBC Dateline’s, “To Catch a Predator;” there continues to be increases in online predation.

This leads us all the way back to what started this blog; Take Our Daughters and Sons to Work Day.  This is a great opportunity to reach out to your children and learn what they have encountered on the Internet.  Find out what sites they visit regularly.  If they have a Facebook or My Space account, it might not hurt to set up one of your own to monitor their online activities.  Ensure they are not posting private information such as their address and/or phone numbers online.  Be aware when they are blogging their whereabouts.

Finally, a kilobit of prevention is worth a gigabyte of cure.  If you don’t have an Internet filter installed on your home computer(s)…get one.  There are many free ones available.  You can download a couple of them here and here.  Get involved with your children’s social networks. Besides ensuring they are not disclosing sensitive information, you may find yourself catching up with old friends and making new ones.  Keep the computers in an open location as opposed to the children’s rooms.  There is no reason to wait until somebody comes up with “Take Your Parents to the Internet” day, to start protecting our children today.

ICYC (In case you're curious), if you don't understand what the title of this post means; it wouldn't hurt to know the lingo your children use to communicate over IM (instant messenger) and txt (text messaging).  You can find a list of text lingo here.  What you find there may surprise you.  Especially when you find yourself the AITR.

Posted by John Doan | | Comments (0) | TrackBack (0)

| | | |

31 March 2009

Lock your doors, here comes the Conficker worm!

You can hardly look at any news source anymore without being bombarded by articles about security incidents, privacy breaches, worms, viruses, zombies, botnet's or a host of other Information Security related headlines.  The media really eats this Information Security stuff up.

This week’s news continues this trend.

Get ready for the “Conficker.c” worm that has already infected 5 to 10 million computers worldwide and is waiting for April 1, 2009 to awaken.  The experts predict that the payload, which is what the worm will do when it is activated, will somehow involve people being separated from their money.  This assumption is based on the knowledge that many of this worms predecessors have been targeted at convincing their helpless victims to purchase what they think is "anti-virus software" to protect their computers from the very worm that they are already infected with.

It really is all about money these days. Microsoft has even jumped in and offered a $250k reward for information leading to the capture and arrest of the worm writer.

Over the last few months the news has been filled with companies getting "hacked" and loosing their customer privacy related information (SSN & Account numbers, etc...). There have also been several companies that have just simply lost information through carelessness and bad security practices.

And over the next few months I am sure that we will continue to hear about more about companies losing information, more virus and worm scares that threaten society and more about victims who have lost money due to identity theft, phishing attacks or more worms.

I have been in the Information Security profession for a long time and while Information Security threats are ever changing, fast paced and have grown to ever increasing scales, there are some simple and basic things that companies and people can do to significantly reduce their exposure to these threats. 

Not surprisingly, they are really just common sense, don't change much over time and you already know how to do them.

  • Patch your systems and do it all the time. The Conficker.c worm exploits a vulnerability that a patch was released to mitigate in October 2008.  New patches are being released all the time.  I guarantee viruses and worms will be written to exploit them.

  • Have basic protections in place like a personal firewall that blocks nonstandard traffic and antivirus software that is regularly updated and is configured to regularly scan your computer.  We hear this all the time.  Are you doing it?

  • Don't download and run pirated software or software that does illegal things.  This includes peer-to-peer file sharing as well as pirated versions of your favorite tax software.

  • Be suspicious of everything.  And even more so if someone or something is trying to help you or give you something for free.  Nothing is free.  Come on, you know that don’t you?

 The bottom line is simple. Protect the information on your computer the same as you would protect your physical property.  Lock your doors and windows.  Don't let strangers in your house even when one comes to the door and wants to give you $100 dollars.  Change your locks if you think that someone has been inside your house.  Don't accept (or seek out) stolen property.  If you receive a recall notice for your car because of failing brakes, make a point to get them fixed as soon as possible. 

Security is security. Use the same logic with computers and information that you use to determine what you should and should not do with your valued physical possessions.  Applying this logic will avoid the majority of the Information Security problems that you hear about in the news.

Posted by Bill Murray | | Comments (1) | TrackBack (0)

| | | |

16 February 2009

Anti-Virus Software?

    Just the other day, I ran into another person who told me they don't run anti-virus software on their home computer. I looked at them in disbelief and asked why they would expose their computer/personal information to the potential danger? The response I got was, "I've never had a virus on my computer before". As I explained to this person that they have every right to not run anti-virus software, I cautioned them and asked that they looked at the risks they were taking.

     I started to ask what things were on the computer such as financial information, etc. Next, I asked if they used their machine for online banking. I started to see a look of concern on their face. I stated that getting a virus is as easy as clicking on a link in your web browser. I said I would hate to see a virus drop a keystroke logger on their computer and get their online banking credentials. Some legitimate sites could have been hacked and not know it yet.

     I know because it has happened to me. I was surfing on my children's computer and clicked on a link. Immediately, a second browser opened and my anti-virus software popped up an alert. Fortunately, I was running AV software that contained it and their computer had zero information on it. I got to spend my Sunday afternoon rebuilding their computer.

     Symantec states that “10-15 new viruses are discovered every day.” A Network World article written in May 2008 says “The total number of viruses will reach 1 million by year-end, according to security experts.” With this information alone, it makes a great argument to make sure to run anti-virus software. Anyway, a lot of Internet Service Provider’s (ISP) are giving it away for free because they don't want the potential problems inside their own networks. I guess the way I look at it is, I would rather spend a little time and maybe some money to reduce my risks of identity/financial theft than spend potentially thousands to straighten out my credit.

Good luck in whatever you choose to do.


Jeff Gibson

Vulnerability Management, Compliance & Forensics Analyst

Westfield Group

Posted by Jeff Gibson | | Comments (1) | TrackBack (0)

| | | |

09 February 2009

Experiences of a carpenter

Hi everyone, I'm Jake Harris one of the new team members who will be carrying on Westfield Insurance's Information Security Blog.  I thought I'd take a second and share with you a recent issue which I've seen quite often.

I recently had the chance to work on a friend’s computer. (Actually it was a fair trade; I'll fix your computer if you can watch my daughter for a few extra minutes)  The first thing I noticed was a little black box connected directly to their computer.  I asked "Don't you have a router?”  The response was "sure do, it's down in the garage with the other wood working tools".  I laughed as I've heard that one more than once in my travels.  But from a more serious point of view a router is a very handy piece of technology, not to mention component of securing a home network.

I'll take a few moments to explain (no not in great detail, unless you ask me for them) what a router is, why it really makes sense to get one, and how simple they really are to use.

What is a "Router"?

Well a router is a rather complex device if you start talking about all the cool things they could do in a corporate network, rather from a home network point of view a router is a device which acts as a protective gate between your home network and your internet connection. 

Think of it like this if:

·         A computer with a password is a locked building

·         Antivirus software on a computer is a security guard patrolling that building

·         Your home network is like a parking lot connecting all of the buildings

Then a router would be a protective fence surrounding your parking lot with a gated entrance.  The gated entrance is only going to let something in if it is welcome or allowed to come in.

The technology used to make this happen is called NAT (Network Address Translation), basically what that means is the router is the actual computer that gets a "public" address or “dirty” address, and then the router provides each home computer a "private" address.  The router is usually very secure from an internet point of view, so you don’t have to worry about it getting damaged.

Why should I get a router?  I don't have a parking lot, or security guards?

No, most people probably don't have parking lots or security guards, and I wonder to myself why, well point blank they can't afford it.  But a router is cheap, usually less than $50, and if you can afford that type of security for your home network maybe you should get it, not to mention you can connect multiple computers at one time to the internet and use wireless.

You just said they are complex, are you sure they are simple?

In short companies which make home routers have done a great job of making them simple to install in a home network.  In many cases all you have to do is:

·         Open the package

·         Plug power into the router

·         Plug your internet connection into the Internet port on your router

·         Plug your computers into the private ports on your router

·         Reboot your internet connection device (simply remove the power, wait 5 seconds, and plug it in)

And you’re ready to surf once again.

A few thoughts on keeping your router safe:

·         Change the administrator password

·         Update the firmware every few months or as available

·         Backup your router’s configuration

All of these tasks should be documented on a CD or paper that comes with your router.

Will a router fix all your worries, well a short answer is no.  Anti-virus, Anti-spyware, updating your software (patching) and safe web surfing practices are just as important, however a router is still an important component of keeping your home computer secure.

Well I hope my thoughts reached someone out there and made them a little more secure.  Looking forward to hearing about other’s thoughts and experiences, even if you want to tell me about that great new router you just bought or a vote for a next topic.

Thanks for reading,

Jake

Posted by Jake Harris | | Comments (0) | TrackBack (0)

| | | |

24 November 2008

Secure shopping (encore tip)

This Tip was first run in Dec 2006 when forecasters were predicting the biggest online holiday shopping season ever. Amazingly, that forecast is still true - the volume of online shopping continues to rise (though perhaps not quite as dramatically as in previous years). This "encore tip" is a reminder to shop safely during the holiday season.

Last year was the busiest online shopping year in history – and this year looks like it will be even busier. Shopping online is a convenience that we are quickly learning to take for granted. At the same time, identity theft is a steadily more serious threat. There are some risks you should consider, especially when making purchases over the Internet.

  • When shopping online, type the merchant's URL in by hand instead of following any "convenient" link in an email or instant message. Those links can be spoofed in a phishing attack which looks like legitimate advertising.
  • Look for the prefix https in the address line. This indicates that you are on an encrypted connection to the merchant's website. You can also look for the little yellow padlock icon in the bottom right of the browser. Be careful, however. Sophisticated hackers can spoof these signs.
  • Read the site's privacy policy carefully and use common sense about the offer. If it sounds too good to be true, it probably is. If you don't trust the company to protect your personal information, shop somewhere else.
  • Make sure your own protections (anti-virus, firewall, patches) are up-to-date and running.
  • Use a credit card, not a debit card. If your credit card is stolen or the number misused, federal law limits your liability to $50 (as long as you comply with the notification requirements). If a debit card number is compromised, you could lose the entire amount in the account to which the debit card is linked.
  • Check your statement carefully for charges you don't recognize. Report any anomalies to your bank and report a lost or stolen card immediately.
  • Consider keeping a separate credit card with a low credit limit just for internet purchases.

Remember that these rules apply when you are paying by telephone, too. You should always call the merchant (or utility, charity, etc). Never give someone your financial information if they called you. No matter who they say they are, you don't really know who's on the other end of that line.

Shopping online can be as safe as shopping in a physical store or through a catalog as long as you shop responsibly.

Posted by Mike Rossander | | Comments (1) | TrackBack (0)

| | | |

17 November 2008

OnGuard Online

As the holidays get closer, many of us will turn to online shopping. Done right, online shopping is about as safe as catalog shopping - and much more convenient. If you don't take basic precautions, though, you could lose your shirt. Take the time to learn about the kinds of scams and cons that are used online.

The Federal Trade Commission hosts a terrific site with lots of content on identifying and deflecting these kinds of scams. If you haven't already been out to visit www.onguardonline.gov, I strongly recommend the site. It has some excellent overview material on security at the personal and small business level. The site also has a set of games covering a variety of topics like spyware, online auctioneering, peer-to-peer, phishing and spam. Test your knowledge of internet security and safe shopping. It's well worth the time to visit the site.

The site's material comes from a number of public and private sources but is all released for public use. If you run your own personal website, you can post their games, videos and handouts to your own site and help spread the word. (Instructions are here.)

Addendum:
This tip has inspired me to create a more permanent set of links to some of the better games and awareness quizzes that I've run across. I'll try to get them posted in a permanent sidebar on the blog but in the meantime, here are a few good links.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

18 August 2008

Filesharing - defined

All the kids are doing it. And depending on which news reports you read, it's either the inevitable wave of the future or another sign of the collapse of our society - or both. But what is filesharing really?

Filesharing is the term for software designed to make it easier for you to share stuff through your computer with other people. (I use the technical term "stuff" here because you can share literally any electronic file through these tools but the most common shared files are documents, music files and videos – and viruses. More on that in a minute.) The most common form of filesharing is "peer-to-peer" (P2P) sharing, a way to share files directly from your computer to someone else's computer without needing to store it on a server somewhere. If I want to download a file that you've offered up for sharing, I reach through the internet and grab it directly off your computer.

This kind of filesharing requires special software such as Limewire, BitTorrent or Kazaa. These applications create an index of the files that you've offered for sharing and publish the index to the Internet so others can find your files. They also let you access the index and download the files you want. Filesharing is an easy way to publish documents widely and can get you access to all kinds of free content. Music is especially easy to find.

The problem with filesharing is that it exposes you and your computer to all sorts of risks that are not disclosed by the filesharing network or those "friends" who are pressuring your kids.

  • When you use P2P, it is essentially impossible to verify that the file is trustworthy. Hackers hide spyware, viruses, worms and trojan horses and other malicious code into the files. When you download the file, you infect your own computer.
  • P2P also opens up your computer to outsiders. The applications claim to only expose certain directories but 1) you don't know if the application is locking the folders down properly and 2) it's too easy to misfile a confidential document in a shared folder. Any little mistake opens up your confidential information to the world.
  • Most P2P applications require you to open up certain ports on your firewall so it can send or receive the files. Hackers exploit those open ports to attack your computer directly anytime it is connected to the internet.
  • And, of course, the big risk that got so much press when Napster was being sued into bankruptcy is the phenomenally high proportion of copyrighted material being illegally offered for "sharing". If you download pirated content, even unknowingly, you could face fines or other legal action. The Recording Industry Association of America (RIAA) is especially aggressive about finding and suing individual users who have illegally copied content on their computers.

If you run a network, either at a business or at home, I strongly recommend that you block filesharing sites. Remember, you go to jail or pay the fine whether they downloaded the illegal software with your knowledge or not. If you have kids, turn on your computer's parental controls and block those sites. Teach your kids to buy their music legitimately.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

28 July 2008

AntiVirusXP2008 warning

Last month, we wrote about scareware and hackers using fake update notices. In the past few days, we've seen a sudden increase in one of these attacks coming from one of the former Soviet republics. This group is exploiting a "DNS hole" to hijack visitors who are attempting to visit legitimate websites (such as a hotel in a common vacation destination like Hilton Head). The hacker redirects the victim to the hacker's virus-infected website, then automatically loads a virus onto your computer. From what we've seen so far, this virus first disables your existing anti-virus program, then slows down your machine and finally starts to present you with a false warning that your computer is badly virus infected and needs to run AntiVirusXP2008 to clean it up (for only $50 which they want you to send to them in Russia). The warning message lists hundreds of "infected" files on your machine. Many of those files are, in fact, on your machine but are legitimate files needed by the operating system.

At Westfield, we normally have to clean up about one infected computer a month. It's jumped to 6 in the past week. Worse, this virus has proven particularly difficult to clean out. Our IT department has found it necessary to completely reimage the machine in order to fix the problem.

At home, fix your firewall, update your antivirus and patches and practice safe surfing. If google or yahoo (or your existing antivirus program) give you a warning that you are about to go to a sight that might contain malicious code, heed the warning. Do not override it just because you think that you're going to a "safe" site like the hotel.

At work, shut your computer off every day. (Your IT department probably pushes updates to your computer's defenses every day but many of those updates can't take effect until you restart your computer. If you leave your computer on for an extended period, you will be missing those critical updates.) And, of course, practice safe surfing.

If you get one of these pop-up warnings, never allow it to scan your computer. If you think you might have triggered one of these scams, call IT.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

02 June 2008

Scareware - defined

Have you ever seen a "free" offer to scan your computer for security vulnerabilities? The most common one that I get is a pop-up ad that reads "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." It looks like a great idea. You're offering to test my machine for free so I know what, if anything, needs fixing. Doctors, mechanics, even the lawn guy offers that kind of free screening as a legitimate way to build a relationship with new customers.

Unfortunately, most if not all of these computer scanning offers are scams. They are rogue programs that will always report something that needs to be fixed or cleaned whether the flaw is real or not. They are designed to scare you into believing that there is something terribly wrong with your computer that only their software can fix.

Examples that attack Windows computers include SpySheriff, WinFixer, IEDefender and Cleanator. Interestingly, Mac users ran into this problem for the first time in January with a product called MacSweeper. MacSweeper is so "thorough" that it even finds flaws when it's run against a PC – flaws that can only exist on a Mac.

Most of these are simple attempts to con you out of money or credit card numbers. Some are more malicious and will load spyware onto the computer or even disable your existing antivirus programs.

Never run software from unknown sources. If you do suspect that your computer may be vulnerable, use your own anti-virus and anti-spyware software. Don't trust that "free" offer.

Note: The word "scareware" also includes more harmless pranks such as the program that pops up and says "Erase everything on hard drive?" with two buttons labeled "OK" and "OK". (Nothing is actually deleted in this prank.) Just ignore those pranks.

A few more popup examples:
Infosec_scarewareerrorsafe_2
Infosec_scarewaresystemdoctor_2

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

14 April 2008

Web browser security settings

Your web browser is your primary connection to the Internet, either by reading web pages directly or through applications that use your browser to function. How you set the security makes a great deal of difference for your computer's safety.

Those security settings will also affect the functionality of some web sites. Web page writers try to improve your experience by enabling different features. Sometimes they're nice but they leave your computer more vulnerable to attack. In fact, a common hacker trick is to set up an "innocent" website with attractive content but which will not work correctly unless you reduce your security settings, exposing you to the hacker's malicious content on other links. The safest policy is to disable those optional features until you decide that it's necessary and that the website is trustworthy. (In most cases, you can enable the feature temporarily.)

Note: Your IT department should control the settings for your work computer. Make sure that they have the security controls locked down so users can not accidentally expose their computer to unacceptable risks. If you use Internet Explorer, you can find the security settings by clicking Tools/Internet Options/Security. (Firefox and other browsers generally use similar paths.) If the security is properly locked down, you should be able to see but not change the settings.

Internet Explorer uses the concept of "zones" and lets you set the security level differently depending on where you are browsing. For most of us, the most important zone is "internet". This is the general zone for all public websites and is the default used when the browser doesn't have different instructions. This should be set as high as possible but never below "medium".

The "local intranet" zone is usually used for internal content. Since your own company developed the pages, it's usually safer to use a slightly lower level of security as long as there is a business reason to do so. "Trusted sites" are those that you have decided are well-designed and use good security practices. Our work computers have certain trusted business partners pre-loaded in this zone. I have none in my personal computer at home.

"Restricted sites" are those that you think might not be safe and that deserve the highest level of caution. Frankly, if you're that suspicious, you're probably not surfing there anyway. But it can be helpful to mark those sites because it will provide an extra layer of protection if your computer is calling those domains for "hidden" content like ads and pop-ups.

Your browser also has some security settings related to JavaScript, ActiveX controls and Plug-ins. You should only allow them if you are at a trusted site. See the tip on Active Content for suggestions on those controls.

You should disable cookies except for sites that you trust that require them. Add those manually to the browser's "allowed" list. Definitely block pop-ups but remember that it will break some websites. You can always allow the pop-ups on a case-by-case basis.

In general, always set your security for the highest level possible. Then lower the security only when a page fails to work properly and only as far as you need to or for as long as you need to. Once you've set the controls properly, it's not that much work to maintain. But it is a vital part of the protection of your computer and your confidential information.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

17 March 2008

Protect your computer from Spyware

Spyware is Internet jargon for advertising-supported software. This type of software often automatically installs itself on your computer without your knowledge in order to collect your personal information and provide it to a website or advertiser. Spyware is hidden in the background and keeps track of your web browsing, what information you enter into forms and even the configuration of your hardware and software. The company receiving this information may use it directly or, more likely, will sell this information about you. Based on this information, you may begin to see incessant pop-up ads, giving the false impression that the Web page being viewed is responsible for the constant annoyances.

Spyware usually is usually hidden in or behind an application that you want to use (such as a music player). When you install the software, the spyware application also installs itself.

In addition to the annoyances of increased spam and advertising, the spyware application ties up valuable computing power and can eventually make it run slower. It can create conflicts with other software on your machine causing programs to lock up or causing your machine to crash. It can even be abused by hackers to steal your password or to take control of your computer.

If you load software from the Internet, read the license agreement carefully. Some companies actually disclose that they will install an application on to your computer and may allow you the option to "opt-out". For example, RealJukebox has the ability to track how you used the program including the number of recorded songs on the computer, the format that songs are recorded in, the user's musical preferences, the quality level of the recordings, and the type of portable player connected to the computer.

You can use specialized software to find and disable spyware applications and to protect your computer. Two of the better-known free-ware applications are SpyBot Search and Destroy and Ad-Aware. Whatever anti-spyware solution you pick, be sure to keep it updated and run it regularly.

Be sure to read all "End User License Agreements" very carefully and make sure you understand what is actually going to be installed on your home computer.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

11 February 2008

Firewalls

A firewall looks for and attempts to stop forbidden communications between two computers. Firewalls work by examining each piece of traffic entering or leaving the network and blocking those which do not meet specified criteria. If the communication is an allowed type (for example, Windows passing your user name and password to the company network during login), the message is allowed through. If the communication is unrecognized (for example, a virus attempting to impersonate Lotus Notes but really sending your password out to a hacker), the traffic can be stopped.

There are two kinds of firewalls: "personal" or software firewalls and "network" or hardware firewalls.

  • Software firewalls are relatively easy to install and provide good protection. They filter traffic entering or leaving a single computer. Software firewall programs (such as ZoneAlarm, Norton or Comodo) can be downloaded from the Internet and may be available in a free version for home users. (Note: If your home computer's operating system is Windows XP or Vista, it has a built-in software firewall but Windows has not traditionally performed well in bench comparisons. Most security experts recommend replacing or at least supplementing the Windows firewall.) For more on personal firewalls and how they work, see the first page of this article.
  • Hardware firewalls require you to buy and connect a separate piece of equipment, but they provide stronger protection. They plug in between your internet connection (such as the cable-modem or DSL line) and the computer. Hardware firewalls are often built into routers, allowing multiple computers to share a single, protected connection to the internet. Hardware firewalls often also have the ability to perform network address translation (NAT) which hides the specific IP address of your computer and makes it much harder for a hacker to launch an attack against you. Hardware firewalls are available at many electronics retail stores, usually starting at $50-$75.

CERT (the Computer Emergency Readiness Team) strongly recommends the use of hardware firewalls, especially if you have a broadband or "always on" connection. See "Before You Connect a New Computer to the Internet" for more information.

Some firewalls will display a pop-up box asking if you want to allow the message. If you see one of these pop-ups, never allow the traffic unless you are sure that you know exactly what it is doing. Remember, the firewall won't do any good if you give permission for the virus to send out your password.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

21 January 2008

Patches - defined

Security geeks often talk about keeping your computer "patched". Here's what we mean and why it's so important.

In a perfect world, all the code on your computer would do exactly what it's supposed to do and nothing more. In the real world, new code was added on top of existing code to fix a problem or to add some new feature until, over time, the code became too complicated to test for every possible scenario. Hackers found ways to exploit the holes in the code. By sending just the right command in just the right circumstances, they could make the computer do something it shouldn't – like give the hacker permission to install software and take control of the computer.

When such a vulnerability is discovered, the developers who made the software have to figure out how to plug the hole – how to change the code just enough to stop the hacker without shutting down the new feature they added or interfering with some other application. "Patches" are the bits of code to be added to your computer to fix that hole. (Patches can also be used to add a new feature or fix something else in the program but for now we'll stick to security patches.)

At work, your IT team should be responsible for keeping your core applications up-to-date and fully patched. For your home computer, you should set your computer to automatically update the software whenever new patches are available. That's the safest way to be sure that you have the latest code protecting your computer. While most vulnerabilities are found in the operating system (those core instructions that the computer needs just to turn itself on), more and more vulnerabilities are being found in applications – Word, Adobe, QuickTime, RealPlayer, etc. No modern application is completely safe. In Windows, you can set the updates through the Control Panel. (Look for something like Automatic Updates or Windows Updater.) In other programs such as Quicken, you usually set the updates via Tools/Options or Preferences.

Of course, there's no such thing as a free lunch or perfect software. Sometimes, the patch will fix the program but will also break some function that some other program needed to run. When that happens, you must either decide to wait (and hope that the developers at one of the two companies will send out yet another patch to fix the breakage) or take the risk and reverse out the last patch. Unless the patch broke something that's absolutely mission-critical, you are almost always better off leaving it in place.

Incidentally, Microsoft has been releasing a packet of security updates on the second Tuesday of each month (so-called Patch Tuesday) for several years now. Some hackers are now exploiting that pattern and holding their latest virus until the second Wednesday so they have the most possible time before they are shut down. Even if you stay fully patched, there are no guarantees in life.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

14 January 2008

Most Americans overestimate their cyberprotection

Most people think that they're protecting their computers but few are as safe as they think they are. According to a poll conducted by the National Cyber Security Alliance (NCSA) and the anti-virus company McAfee, 87 percent of Americans say they have anti-virus software. When their computers were scanned (with their permission), 94% actually had anti-virus software but only 52% had updated it in the last month. New viruses are released daily. An out-of-date anti-virus package does you almost no good at all. Most anti-virus packages have an option to update themselves automatically. For almost all of us, that's the right choice.

73% of those surveyed said they had a firewall. 81% had a firewall but only 64% had it activated. That's like saying your money is protected by the steel door of the bank vault but leaving the door hanging open. Never disable your firewall.

70%t said they had anti-spyware software but only 55% actually have it.

The poll also reported that 61% believe they have anti-spam software installed but only 21% do. (In this case, the poll question may have been worded poorly. If your spam filtering is done by your ISP or your webmail provider, you may be protected from spam even though the anti-spam software is not on your specific machine.) Regardless of how you run it, the important point is to have an anti-spam solution.

Oddly, the study found that computers of older Americans tend to be more secure than those of the allegedly-more tech-savvy younger Americans.

To be properly protected, you need current anti-virus, an active firewall, up-to-date patches for your operating system and applications and at least one anti-spyware program running. If you don't, you are taking unnecessary risks with your personal information.

Click here to read the full study results.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

10 December 2007

Configuring an electronic gift

Many families will be getting new electronic devices over the holidays. A new computer will be found and attacked within minutes of being connected to the Internet. Make sure you get the new device configured as soon as you open it up.

New Computers:

  • Almost all computers will come with at least a trial version of anti-virus software. Make sure you turn on the computer and activate the anti-virus before you connect to the internet. When you do connect, immediately update the anti-virus definitions.
    You also have to decide if you will subscribe to their anti-virus program or will install your own. Whatever choice you make, be sure to do it immediately – long before the trial runs out.
  • The software that comes with the computer will inevitably be out of date by the time you get it. Be sure to immediately check for updates to the software and install all the recommended patches. If the computer has the option to automatically install updates, let it. Updates to Windows are especially important but you should also check for all the major programs on the computer. There should be a help page for each one describing that program's process for updates and patches.
  • You also need to load one or perhaps even two different anti-spyware programs to protect the computer. Some anti-virus programs now come bundled with anti-spyware capabilities but many don't – and even the ones that do may not be sufficient to protect your computer. Anti-spyware is still not as mature as anti-virus.
  • Make sure you also have a firewall running and that it is configured to tell you about anything suspicious.
  • Change any default passwords that came with the device. Pick new passwords that will be easy for you to remember but hard for a hacker to break. Whole sentences work well.
  • The computer will probably also come with a lot of trial-versions of other software. Delete anything that you're unlikely to ever use. The convenience that "maybe you'll grow into the need" has to be balanced against the risk and effort needed to protect that software from attack. Keep the programs you need and delete the rest.
  • Once you have all that up and running, use the anti-virus and anti-spyware programs to re-run full scans on the computer. That's a lot of work before you can play the first game but it's better than having to clean out malicious software later.

Video game machines

  • Most modern video game machines are really full computers. They should have some built-in protections – which is a good thing because they are often much harder to update. Again, change any passwords and disable any remote connectivity that you don't immediately need. Follow whatever instructions came with the game machine for updating the software on it.
  • Be very cautious before connecting an untrusted game machine up to your network.

Flash drives, MP3 players, cameras, PDAs, cell phones and other electronic accessories

  • For the most part, there's not much you can (or need to) do to protect these devices. They are simpler devices that are harder to attack. The main danger is that you'll pick up some malicious software which will infect your computer when you plug it back in. If your computer is properly protected, it should find and fix the problem when you reconnect the device. The worst that can usually happen to the device is that you'll need to reset it. Resetting will clean out any malicious software that crept in. It will also wipe any data you had on the device, so make backups regularly.
  • If the device has a password, change it immediately.
  • You should encrypt your flash drive (also called a thumb drive or a USB drive) so that no one can read your data when the device falls out of your pocket.

Have a happy holidays.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

19 November 2007

Recovering from a virus

Viruses, worms and Trojan horses don't get much attention anymore but they're still out there. Do you know what to do when your computer becomes infected?

  • If your anti-virus program is up and running (and there's never any excuse for it not to be), there's a good chance that the anti-virus program will be able to both detect and repair the damage. If you get an alert from your anti-virus program, take it seriously and act on it immediately.
    • Know what your own anti-virus program alerts look like. If you get that obnoxious pop-up when you're browsing the Internet that says "your computer may be infected", ignore that. It's a scam. Clicking the link will install spyware onto your computer.
  • If you are at work, call IT immediately. Do not wait. The sooner they can investigate and clean the computer, the less damage there will be to your computer and to the rest of the network. Do not do anything to the computer until IT tells you to. They may need to try to track down the hacker. Anything you do could muddy the chain of evidence.
  • If you are on your home computer, disconnect it from the Internet immediately. If you are infected, this will minimize the damage by preventing the hacker from sending any more commands to your computer or to stealing any more information from it.
    • If your anti-virus program detects but can not repair the damage, see if there's an update to the virus definitions file that might fix it.
    • If your anti-virus program still can not remove the infection, you could try manual repairs. There are websites which can walk you through the technical steps of manually cleaning up the dlls, registry settings, etc. You will need to know exactly which virus you have and you need to know exactly what you're doing or you might do even more damage to the computer. If you are uncertain, take your computer to someone who can repair it professionally.
    • In the worst case, you may need to reinstall your operating system. Look for a "system restore disk" that probably came with the computer. Reinstalling the operating system usually erases all of your other programs and data files. If you haven't backed up your files lately, it's incredibly stressful – but better than leaving the hacker in control of your computer.
  • Once you've done everything else, it's a good idea to update your anti-virus definitions (again) and run a full scan against your computer. If you haven't checked for software patches and updates lately, you need to do that, too.
  • Finally, you should assume that all your passwords were potentially compromised during the infection. This includes passwords for websites that were cached in your browser. Pick strong passwords when you change them.
based in part on CERT Cyber Security Tip ST05-006

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

15 October 2007

A Parent's Guide to Internet Safety

Every parent worries about their children – will they be safe crossing the street, what's happening at school, why aren't they home yet? In the physical world, we do everything we can to find the right balance between caution and over-protectiveness. We put wood chips or other padding under the swing set, we don't take it away. And we stay with our children at the playground until they're old enough to look after themselves.

In the electronic world, we need to find that same balance. The internet is a wonderful opportunity to tap into new sources of knowledge and gain exposure to cultural experiences that we could not even imagine when we were children. Yet those same tools can also expose children to exploitation and harm. And unlike with the swing set, few of us grew up in this environment. We all understand how the swing set works and what could happen if you lose your grip – we're not so sure about the online risks.

The FBI has a Parent's Guide to Internet Safety which focuses on the risk of sexual exploitation and includes some factors to watch for in your child's behavior. You should also be very alert to phishes and other scams designed to steal your child's identity.

Protect your children by:

  • Talking with them about the dangers. Explain phishing, spam and other scams. Don't assume that they're too young to understand the difference between good advertising and liars. But do explain it in terms they will understand.
  • Teaching them to never share any personal information online even if they think they know who's on the other end of the line. And never, never, never agree to meet someone face-to-face that you met online.
  • Keeping the computer in a common room in the house, not in the child's bedroom. Make sure that their time online is supervised.
  • Using a parental controls program to reduce the chance that they'll end up somewhere inappropriate and always keeping your computer's anti-virus, anti-spyware, firewall and patches up-to-date and active.
  • Checking their credit report regularly.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

04 June 2007

Have an information-safe vacation

Before you leave for vacation, take these steps to reduce your risk of fraud and identity theft.

  1. Clean out your wallet.
    • Plan to use traveler's checks or credit cards for payment. Leave your checkbook at home.
    • Leave your debit card(s) at home. Under federal law, your liability is limited if your credit card is misused. If your debit card is stolen, you could lose all the money in your checking account.
    • Take an ATM card that does not have debit card privileges. Your bank should be able to issue you an "ATM only" card.
    • Never carry your Social Security card in your wallet.
    • Leave any unneeded credit cards and any other unnecessary documents at home.
  2. Photocopy your wallet and keep the copy in a safe place. If your wallet is stolen, the copies will tell you who to call to get your cards canceled. Note: If you will be gone for a long time, consider leaving a copy with someone you trust who can help you cancel the cards while you're still on the road.
  3. Stop your newspaper delivery and have the Post Office hold your mail (or ask a trusted neighbor to collect them for you). The bills and account statements in your unlocked mailbox are a goldmine for an ID thief. And the packages and newspapers piling up on your front step are a sure sign to a burglar that you are away.

While on your vacation:

  • Don't leave your wallet, passport or any identifying documents in your hotel room unattended. Use the hotel safe if it's available.
  • Guard your credit card receipts and rental car agreements, especially if they contain your full credit card number or driver's license number.
  • Use ATMs at banks or credit unions and which are in well-lit areas.
  • If you are taking your laptop with you, be very careful when using it for on-line banking and other password-protected services, especially if you are connecting to a wireless hotspot.
  • Be equally cautious of cyber-cafes and other public-access internet facilities. Anyone could have left a keystroke logger on the machine in order to capture your ID and password.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

02 April 2007

How do you get rid of an old computer?

It's time for spring cleaning and you finally want to get rid of that old computer that's been gathering dust for so long. What will you do with the old one? You can't just give it away or sell it. There are thieves who specialize in buying used computers on eBay just to search them for private or financial information before reselling them.

Even if you remembered to delete your files, the data is not really gone yet. (When you delete a file in Windows, all that really happens is that the file information is removed from the computer's "table-of-contents". The data is still on the hard-drive and will stay there until Windows decides that it needs to overwrite that particular space with a new file. That can take months or years.) Even re-formatting the hard-drive does not sufficiently wipe the data. You might hide it from a casual hacker that way but a determined attacker using the latest techniques will be able to reconstruct your hidden information. Read this PC World article for more.

You also can't just put the old hardware out on the curb with the weekly trash. Even if it doesn't get taken from your trash by some passerby, there are hazardous materials within most of the devices that should be properly disposed of. Here are some steps you should take:

  1. Make a couple of backup copies of important data and programs by writing the files to CDs.
  2. Use one of the free or relatively inexpensive software programs available that will write over the data on the hard drive. This ensures that no one will be able to access your personal information later even if they try to use data-restoration software. Click here for a review of several common programs.
  3. If you can, donate or recycle the equipment. Computer manufacturers often have suggestions on their websites (see for example, Dell or HP) and may even offer free pick-up and will work with local agencies in order to donate or recycle the equipment. You can also look for local donation sites at websites such as Earth 911. Finally, many counties offer computer hardware drop-off locations at their hazardous waste collection and recycling sites (e.g., Medina, and Summit counties) .

Note: Several donation programs ask that you not delete the operating system or software from your computer, arguing that schools can't afford to replace the software. This is in general untrue. Most schools, like most corporations, buy "site licenses" and can reinstall the operating system at a fixed, discounted rate. If you do want to donate the software along with the hardware, give them the original installation disks and let them install the software themselves. Always wipe the drive before you donate it.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

Next »