Your Daily Computer Security Tips

I’ve talked before about backing up your files and data. Bad things happen in this world, and sooner or later one of them will happen to you. So you need to be prepared. You can read about flash or thumb (USB) drives here:
http://mypcsecurityblog.com/featured/flash-drives-handle-with-care

Two other options are to use an external hard drive or an online storage service. The latter is popular, as many free services can be found on the Net. But I have never liked them much, because your data is out of your control. Bad things can happen to these services, just as well as to you.

Recently, on Aug. 8 to be exact, one of these services called The Linkup (formerly MediaMax, an offshoot of Streamload) shut down. The company had about 20,000 paying customers, and says it saved about half the data entrusted to it. I’m sure those users are not too happy about the other half that is missing in action.

In the long run, I think your best bet for the average home backup is a USB drive or external hard drive. Get one of them, do your backups on a regular schedule, and you will sleep much better at night.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Dear Friends & Visitors,

I am away on a short vacation with my family, so there will be no posts to this blog till next week.

While I’m gone, please think about how we can make this wonderful thing we call the Internet a safer place for us all. Especially our children.

Take a look at my new SaferSurfing Project here: http://SaferSurfingProject.com and consider joining. Send that link to your friends. If we all do our bit, the Web will be a better place for each and every one of us – including you!

Happy (and safe!) surfing,

Syd

The U.S. Federal Bureau of Investigation (FBI) is warning that a new wave of that pesky Storm worm is hitting the Internet. The spam emails may contain the Subject Line “F.B.I. vs facebook” or similar.

You are asked to click on a link to read the article. Of course, clicking the link downloads malicious code onto your computer. Your machine then becomes part of a botnet that can further infect your PC or attack other computers.

A worm is a program that sends copies of itself to other computers. Unlike a virus, it does not need to attach itself to a file or other program or application.

As always, do not open spam emails, and above all do not click on links in the body of the message. Keep all your security programs up to date, including Windows.

You may have heard of that serious (some say critical) flaw in the Internet Domain Name Server system (DNS) over the last week. Microsoft, Cisco Systems and other vendors are scurrying to fix the problem, which could be exploited to redirect Web traffic to malicious sites.

How does the DNS system work? Well, when you wanted to find this site, you entered http://MyPCSecurityBlog.com into your browser. But the Internet works with numbers, called Internet Protocol (IP) addresses.

So your computer goes to a large, powerful computer on the Internet called a Domain Name Server, to translate http://MyPCSecurityBlog.com into a string of numbers. Then it uses the numbers to go get the site for you.

If a hacker breaks into these DNS computers, he could associate a different IP address with http://MyPCSecurityBlog.com Then requests for this blog would be redirected elsewhere.

Microsoft also confirmed that there is a Zero Day bug in Word 2002. Zero day means a new flaw, for which no patch is available. Unless Microsoft issues an emergency patch, we may have to wait until the next regularly scheduled Patch Tuesday on Aug. 12 for a fix.

To quickly and easily check for updates in your programs, go to http://secunia.com/software_inspector/ and click Start Now. Click “Enable thorough system inspection” and click Start. In a few minutes you will get a report on the unpatched software on your PC, as well as instructions on how to fix it.

If you have Word 2002, use it sparingly for the next month. Disconnect from the Internet if possible. Or get the OpenOffice.org suite of programs. It includes a word processor similar to, and compatible with, Word.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

A new survey reports that over 10,000 laptops are reported lost each week at 36 of the largest U.S. airports. Laptops are easy to lose, and can disappear in an instant. They are a favorite target for thieves, who can easily resell them. More sophisticated thieves are after the data that is on your laptop, rather than the machine itself.

They are looking for passwords, bank account info, credit card numbers or confidential corporate data. Three-quarters of people surveyed said they had no hope of recovering a lost laptop, while 65% said they took no measures to protect all this information. Security checkpoints were the places where laptops were most frequently stolen, perhaps because it is easy to lose track of them.

Keep a firm grip on your laptop at all times. If you put it down, keep it in sight. Have a current backup at the office. Get and use anti-theft devices such as motion detectors, bells, whistles, locks and software that reports the machine’s location if connected to the internet. An ounce of prevention is worth it to keep you from having a bad day!

One of the reasons the Web can be a dangerous place is that people are not keeping their software up to date. The Swiss Federal Institute of Technology has published a study showing that only about 60% of Internet surfers had browsers that were fully patched and current.

If your browser is not up to date, it can be infected with viruses, trojans, worms, etc., or hijacked and used to infect other computers. So everyone who surfs the Net has a public duty to protect their computer, and so in turn protect others and minimize malware.

Firefox users were the best at upgrading their browser in the study, probably due to its autoupdate feature. Fully 83% of Firefox users were up to date (to enable automatic updates, launch Firefox and click Tools, Options, Advanced). Apple’s Safari was next, with 65% of Net surfers using the current version. Internet Explorer came in at a dismal 48% of people using an up to date browser.

Plug-ins represent a separate problem, especially for Firefox. I have said many times that you should minimize the number of plug-ins you have installed, and get them from the browser publisher or other reputable source. Why? Studies have shown that they could compromise the security of your browser. In any case, they need to be kept up to date like any other software.

An unpatched vulnerability in a plug-in can put your computer in danger of being infected, hijacked, etc. The average person may have 6 – 10 plug-ins installed. Keeping them up to date is a painful chore, right? Wrong.

Go here to read how to do it quickly and easily (and almost painlessly):
http://mypcsecurityblog.com/updates/keep-all-your-other-stuff-updated

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

You have heard me talk endlessly about good surfing practices, keeping your security programs up to date, not opening spam, etc. etc. Well, are all these precautions really necessary?

Security company McAfee thought they would find out. So it recruited 50 people around the world to throw caution to the wind and answer every spam email and popup they received. Some even gave out their postal address. McAfee provided the computer and email address that the participants used.

On average, each participant got about 70 spam messages a day. These included the familiar Nigerian scam, bank account fraud, medications, porn, “free” stuff, etc. Asking to be removed from the mailing list just made the daily deluge worse (because it confirms your email address is valid and active).

Those that gave out their home address saw an immediate avalanche of junk mail flooding their homes. One hacker tried to hijack the participant’s PayPal account. And their computers slowed down appreciably, as they became clogged with spyware and adware.

U.S. participants received the most spam, followed by Brazil, Italy, England and Australia. The most common phishing emails were fake Chase.com. More details of this experiment will be released next week. In the meantime…. You guessed it ….. keep all your security programs up to date … always!

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Microsoft is slowly getting a handle on those Windows XP Service Pack 3 problems, and a fix should be available soon. A patch is already out that should repair lost Internet or wireless connections. If you haven’t installed SP3 yet, give it a while longer. Just make sure your Windows XP is otherwise up to date.

Meanwhile, a cross-site scripting (XSS) bug has been found in Internet Explorer 6. XSS is used by sites that allow you to enter data. If not properly checked, you could be redirected to a malicious site, your computer could be hijacked or a keylogger installed on your machine, or other nasty stuff could happen to really ruin your day.

Internet Explorer 7 is reportedly not vulnerable to this flaw. Guess what? I think it is about time you IE6 users bit the bullet and upgraded to IE7, which works well now that most of the problems with it have been ironed out. Either that or switch to Firefox.

Now for the shocker: Security company F-secure took a poll asking what browser people were using. Fully 68% chose Firefox, while IE6 and 7 combined got only 14%. Opera got 12%. Firefox sure has come a long way in a relatively short time.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

That pesky Storm email malware keeps popping up, despite Microsoft’s boasts a few months ago that it had finally killed off Storm. The latest Trojan uses a wide variety of Subject Lines to entice you to open the email.

The spam email contains a link to a fake porno site. If you click the link, a popup asks for permission to install an ActiveX control to watch the porn. Of course, it is not an ActiveX control at all, but the Storm Trojan. It appears that over 8 million of these spam messages were sent out.

ActiveX controls are small programs in Windows that provide functionality to Web sites. They have been the target of malicious attack, because they give direct access to Windows.

If you accept the “ActiveX” control, Storm will usually try to hijack your computer and enlist it into a botnet, or network of compromised computers remotely controlled by a hacker. The hacker uses the network, or rents it out to other criminals, to send out more spam or other scams.

As always, don’t open spam email, and above all do not click on links inside these emails.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Michael Fiola worked for the Department of Industrial Accidents in Massachusetts. He was issued a Dell laptop about a year and a half ago. Later, he was fired for possessing child pornography on the computer.

After fighting the charges for a year and having his life ruined, the charges were dropped. State investigators determined there was insufficient evidence to prove that Fiola himself had in fact downloaded the porn.

To get the charges dismissed, Fiola had to hire his own investigator, who made some shocking discoveries. The Microsoft software used to keep the laptop up to date was not working, and neither was the antivirus program. So, not surprisingly, the machine was found to be chock full of malicious software that may have installed the child porn.

Or, says Fiola, the porn may have already been on the laptop when he received it.

In any case, if you use a company-issued laptop or Desktop machine for that matter, you had better make sure that all the security programs are working and up to date, including Windows or other o/s. When you first get the machine, run all the scans to make sure the computer is clean. Don’t forget an anti-rootkit scanner.

Then browse through the files, to make sure there is no questionable stuff lurking in its innards. If you travel across international borders with your laptop, be prepared to have it inspected by the border guards. You may even have to provide the key to encrypted files, or have the laptop seized. Make sure you have a current backup at the office.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here:
= > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.