Your Daily Computer Security Tips

Recently, AVG issued an antivirus update that knocked out Apple’s iTunes. The new definitions incorrectly fingered two iTunes files as a Trojan, and quarantined them. So iTunes would not work. AVG quickly sent out another update, fixing the problem.

What to do: If your iTunes is giving you problems, just update your AVG antivirus. That should do it. If not, visit the AVG site for more detailed instructions.

By the way, the latest version of iTunes is 8.2.1. Make sure that is the version you currently have. If it is not, update now. Watch out for all that other stuff that comes with iTunes updates, such as the Safari browser. You can just uncheck the appropriate boxes.

Security breaches, lapses, holes and gaffes are so frequent nowadays on the social networking sites that I cannot bring each one to your attention. For example, the Privacy Commissioner of Canada has serious concerns about the, er, privacy (and I use that word loosely) policies of Facebook.

Facebook has some 200 million users around the world, including 12 million in Canada. That means, unbelievably, that one in three Canadians are on Facebook! As always, there are grave concerns about the information these users are revealing, and what Facebook does with it.

But another serious matter is getting rid of that data. It is easy to deactivate your account. But your details will remain on the Facebook server. The social network claims that about half the people who deactivate their account, change their mind and reactivate it.

However, if you want to completely and truly remove yourself from Facebook, go here. Sign in to your account, then enter your email address. Read the warning, then click Submit.

Your info should now be really, completely, actually, in fact deleted, not just deactivated.

Mozilla launched the new Firefox browser version 3.5 just recently, on June 30. It did not take long for the first bug to be found. It is in the TraceMonkey JavaScript engine that comes with the browser. An attacker could exploit it by enticing or tricking you into visiting a malicious Web site, and then hijacking your computer.

Danish security company Secunia considers the flaw “highly critical”, its second-highest ranking. Others say the problem was largely self-inflicted, since details of the bug were on the Mozilla bug and change database Web site. Mozilla claims it was already working on a fix last week, when details of the vulnerability hit the, er, … fan.

What to do? Stay with Firefox 3.0 a while longer, if you have not updated yet to 3.5. If you have, you can disable the relevant part of the TraceMonkey engine. Enter “about:config” in the address bar, enter “jit” in the filter box, and double-click “javascript.options.jit.content”. This sets it to “false”. Also, if you have the NoScript extension, it will take care of the problem for you.

Back on April 24, I told you about that long-standing flaw in Google Gmail. Google was refusing to fix this two-year-old Cross-Site Request Forgery bug, claiming it was not a threat.

Well, Google did indeed recently fix the security hole in its Gmail program. That’s the good news. But they did not tell anyone, not even their own security staff or engineers! In any event, Google claims to be unaware of any exploits using this vulnerability.

It’s nice to see Google springing into action so promptly, even if it is two years late.

Here is a very useful and clever idea which was entered as a comment to my recent post of April 2, 2009, entitled Conflicker, You and Your PC.

The writer says that if you have been infected by Conflicker and therefore cannot access security sites to get updates and removal tools, do this: Type the URL ALL IN CAPITALS.

This is supposed to exploit a weakness in the worm. I have not tried this myself because I have not been infected with Conflicker. If you have been attacked or know someone who has, this is certainly worth a try!

Read the original post and comment here.