Counter Assertion

Spyware is camouflaged software installed without user knowledge or consent. It compromises the user’s experience with pop-up ads; tracking their web activities and keystrokes, and it can transmit sensitive information like credit card and social security numbers back to the manufacturer. Spyware steals network resources, and the end result is the network being slowed down to a crawl or virtually stopped all together. The program sneaks in by attaching itself to “free” downloads like calendar applications and the like (porn sites, games, etc). Additionally, it often manifests in hard-to-access system folders, and resists extraction. It is autonomous but not a virus. Viruses are fleeting. Spyware has stamina.

Transmission:

Spyware can be transmitted via e-mail, although it is not spam. It can change your browser homepage and transmit from the Web onto your system with no provocation whatsoever. Hence, the term “drive-by download.” Spyware is elusive. It can affect some systems and not others, dependent on individual configuration. Some systems are more permeable, and get infested by visiting certain websites. File sharing applications like Kazaa, a peer-to-peer networking system with virtually no security can transmit spyware.

Adware:

Spyware has an abbreviated, less intrusive version called adware. This version generates targeted pop-up ads, but is permission-based. By agreeing to end user licensing agreements without actually reading them, users subject themselves to adware. This practice is comparable to online telemarketing, but subject to no formal restrictions.

Detection Software:

The proliferation of spy/adware has propagated a lucrative new industry of a different kind of solution provider, or “spy-buster.” Spy-busters like Ad-aware, Spychecker, Spyware, and Webroot are dramatically increasing their customer base since the advent of spy/adware. They depend on customers identifying new variants of offending files and new types of malware so that they can update their solution products. Egregious advertisers churn out invasive tools as fast as solution providers can update their products. They mislead users implying they can wipe out offending files, then merely replace it with their own product.

As if that weren’t bad enough, now a “watcher” file transmits along with the offending code; generating a monotonous loop until no other option exists but to agree to a download. Some spyware even re-installs itself with every re-boot.

Summary:

Users can arm themselves against this cyber-predator by taking precautionary measures. Users are under the misconception they are protected by anti-virus utilities. Anti-viral products only remove spyware if they are expressly configured to do so. Some solutions sweep away virtual footprints; some actually extricate offending programs. Users must take the time to comprehend their browser’s security settings. Settings must be high enough to protect systems from automatic installations, which constitute a fundamental invasion of privacy. However, what is the expectation of privacy in cyberspace? The Federal Trade Commission (FTC) is asking this and many similar questions in court, and has just passed anti-spyware legislation. Meanwhile, users should only install software from a trusted source, or download for free at their own risk.

About Jonathan Coupal:

Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice” implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice.
Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.

About ITX:

ITX Corp is a business consulting and technology solutions firm focused in eight practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies, IT Solutions Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at http://www.itx.net or contact us at (800) 600-7785.

When you find yourself in need of a reliable, compact, affordable and dependable surveillance system, a DVR surveillance security system should be at the top of your list of products to check out. This type of surveillance equipment is easy to operate, simple to install, and can be utilized for a variety of purposes. Most of these systems are also economically priced.

Many of the DVR surveillance security systems on the market today offer many of the same universal features. Some of these systems offer units that can be placed on the dashboard of a vehicle for monitoring outdoor events, placed in your pocket for easy portability, and units that can also be used in homes as well as offices.

If you have hired help who are in your home when you are not, and suspect that something is just not right, or just need piece of mind, you will want to find a DVR surveillance security system that features wide angle views, covert pinhole lenses for the camera unit, a motion detection sensitivity mode, a time and date stamp as well as a searchable play-back mode.

Some DVR surveillance security systems available today even feature television playback so there is no need for software or transferring the information recorded to a VCR tape in order to be viewed. Most units operate on batteries, but it is important to remember that an A/C adapter will come in handy. Make sure that this common accessory is included with the system that you decide to purchase. A DVR surveillance security system that is to be used in the home or office with the aforementioned features will cost approximately a few hundred dollars.

There are also professional DVR surveillance security systems that are used by corporations, large companies, and places where large masses of people gather such as shopping malls, hospitals, and government buildings. Systems such as these feature advanced software, central station managers, numerous channel sensor inputs, as well as multiple video capabilities.

Smaller DVR surveillance security systems, like those used for the home, can be purchased at any major electronics retailer, and at finer camera shops specializing in security recording equipment. The larger systems utilized by corporations can be purchased through professional security companies dealing in recording equipment, and cost thousands of dollars.

The World Wide Web offers those looking for either type of DVR surveillance security system many options. There are a variety of online vendors, many of whom offer special pricing, from which a security system can be purchased.

No matter what your surveillance security needs are, you can rest assured that there is a DVR surveillance security system that will be just what you are looking for.

CCTV Video Equipment Surveillance

www.ssnt.com/

I recommend the following basic security ‘best practices’…

If you spend any time online, you need a security toolkit consisting of:

. anti-virus software

. anti-spyware AND anti-key-logging software

. spam blocker

. anti-phishing tools

. firewall (preferably a combination of both software and hardware firewall if you’re on a high-speed connection.) Note: some anti-virus software packages include a firewall

Whichever products you use, keep them up to date - not monthly, but at least weekly, and preferably daily.

Use Windows Update to keep your operating system and Internet Explorer patched. On average, six updates to patch security bugs are released for Windows every month.

Keep informed of Security issues - keeping informed dramatically reduces your exposure to risks.

If you receive an email asking you to verify account details, don’t use the link in the email. Visit the site by typing its address in your browser, then check for a link to update your details. If in doubt, contact the site directly by phone.

Avoid dangerous spots: chat rooms, peer-to-peer networks, crackz and warez, porn sites, hacker sites, anything illegal.

Stay alert. Check your browser’s status bar; don’t click on a pop-up window or dialog box without first reading it; watch for unusual browser behaviour, such as a window that quickly opens and closes, or an atypical response when you type a search string in the address box.

Don’t open email from unknown sources. Keep preview panes switched off in your email client. Never click a link in a spam email.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Train employees not to open attachments unless they are expecting them.

Keep your browser’s security settings set to high.

Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. Choose an alphanumeric password that is at least seven characters long and uses a mix of uppercase and lowercase letters, numbers, and non-alphanumeric symbols such as (@#$%^&). This will help prevent unauthorized access to your computer.

Encryption should be used to protect sensitive information from “unauthorised eyes”.

Only conduct Internet transactions that have secured processing.

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services can become avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

Do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Website can cause infection if certain browser vulnerabilities are not patched.

If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

Have your computer system independently reviewed, addressing any security risks.

David Furlong is a qualified and experienced IT specialist and Technical Trainer. His list of credentials includes MCSE, MCSA, Dip IT, and he is one subject away from completing a Masters in Networking and Systems Administration.
http://www.avg-antivirus.com.au

Let me ask you a question: you get a letter in the mail box, delivered by a postman,
asking you to send it on to ten friends or else you will get bad luck.

What do you do? Do you sit down, write out ten copies, get ten envelopes, ten
stamps and then send the ten copies, or do you consign it to the ’round filing
cabinet?’

Most people would put their hands up and say, ooh, ooh, the bin!

Let me take you a step further: you get a letter into your email inbox, delivered
electronically, telling you some sad sack story, bad news, virus alert, good news,
whatever, and it asks you to send it on to everyone in your address book.

What do you do now? If you’re like every other average internet user you’ll go oh, I
should pass this warning on, I don’t want to take the chance that a friend might get
caught with this. So, you trawl through your address book, insert all those email
addresses, hit send and whammo, you’ve just helped spread the latest (or oldest)
email hoax.

Why do people do this? Why, because it’s easier to pass on a hoax and pretend to
yourself that you are ‘protecting’ others, than it is to spend thirty seconds doing a
cursory browser search for that email subject line.

I had a friend who sent me the java debugging email hoax. This hoax tries to
encourage you to delete a legitimate Windows file from your computer. Jdbgmgr.exe
is the file to which the hoax refers, and it is the Microsoft Debugger Registrar for
Java.

Being of a suspicious mind when it comes to emails I ring Microsoft in Australia to
find out if it is correct. When I ring my friend to advise her of this hoax, she wails
down the phone to me, ‘but I’ve already deleted it!’

So how do you know if you have a hoax or not. Well, a genuine virus/trojan/worm
won’t tell you about it, will it? Hoax emails are designed to spread confusion, create
unwarranted traffic with your ISP and clog up the system. They perpetuate and
survive because people don’t use their commonsense and check before hitting that
forward and send set of buttons.

If we all took sixty seconds to check, the world would soon see the end of hoax
emails being spread. It’s probably like seeing the end of smallpox, if we educate
ourselves, our friends, and everyone we knew about these they would soon stop. If
we send back hoax information then we help to educate those who sent it to us in
the first place.

Be considerate. Be careful. Be watchful, but most of all, be well educated for your
own safety.

The answer is really simple. To protect your own computer from damage, and to prevent your computer from being used to pass on infections to other machines without your knowledge.

Many people are reluctant to shell out the cash for decent antivirus software. I’ll agree that at roughly $50 for a decent antivirus program, it isn’t exactly small change. But, let’s look at the costs more closely for a moment:

Computer $600-$4,000
Monitor $250-$1000
Software/Games $500-$5000
Internet Connection $25+/month
Personal/Business Data Priceless

So, on the low end of the scale we are looking at an investment similar to an older used car, on the higher end, a computer investment similar in price to a newer used car.

Maybe I’m wrong, but I’m guessing that you wouldn’t buy a used car that had all the locks removed and didn’t need a key to start it, and comes with a free “STEAL ME” sign on it too.

Having a computer that does not have up-to-date antivirus protection is absolutely the same. You are simply asking for trouble.

And trouble WILL find you.

How can I be so sure? Simply because that is what viruses, worms, malware etc. are made to do. Their ONLY job is to find unprotected computers and attack and hijack them without your knowledge. These things are VERY good at what they are built to do, and they NEVER stop. If your computer isn’t protected, and you share disks or go online, it will get infected.

The top antivirus software programs cost as little as 2 months internet connection. They all include constant and unlimited automatic updates that keep your system safe and clean.

If you can afford $1500+ on a computer, $300+/year on internet connections, you can definitely afford another $50 once to make it safe (and prevent it from being used to spread viruses and Trojan horses behind your back).

Anything less would be uncivilized!

P.S. Some people have started to make claims that if you don’t use antivirus software you should be held legally responsible if your machine be used as part of an attack (even if you did not know about it).

Learn how to remove black worm virus and how to easily block trojan horses, spyware, computer viruses, and other malicious software in the future. Growing library of Computer Security Articles

What is a Firewall?

The term “firewall” illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network.

The primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise. It wards off intrusion attempts, Trojans and other malicious attacks.

Personal Firewalls:

They are meant for the home user in a networked environment. They aim to block simple attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end. There are many ways to implement a firewall, each with specific advantages and disadvantages.

Are they really needed?

Nowadays organizations and professionals use Internet technology to establish their online presence and showcase their products and services globally. Their endeavor is to leverage digital technology to make their business work for them.

All the organizations and professionals are shifting from Dialup to broadband and getting a fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you pretty safe.

Now if your machine was under attack, you must have wondered what went wrong making your system crash suddenly. So I would rather like to say, it’s not necessary for anyone to actually know about you or your IP address to gain access to your system.

If you system is infected or prone to intrusions, then beyond the anonymity of your Dialup connection or a dynamic IP, your system can be hacked.

Types of Attacks

Intrusion:

There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, cracked or guessed passwords are some of the more common. Once access is attained, the intruder can send email, tamper with data, or use the system privileges to attack another system.

Information Theft and Tampering:

Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.

Service Attacks:

Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. “Mail bombs” are one example in which an attacker repeatedly sends large mail files in the attempt at filling the server’s disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:

Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the machine as a platform to attack others. It may be difficult to detect intrusion on a system that is used for this purpose. If the log files are modified, and if everything appears to be working, you may never know.

Vandals:

A vandal is malicious. They break in to delete files or crash computer systems either because they don’t like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and target your privacy.

“In an incident a Trojan was being used to operate the web cam. All the activities being done in the house were being telecasted on the websites.”

Spies:

Spies are out to get secret information. It may be difficult to detect break-ins by spies since they will probably leave no trace if they get what they are looking for.

A personal firewall, therefore, is one of the methods you can use to deny such intrusions.

How Firewalls work?

Firewalls basically work as a filter between your application and network connection. They act as gatekeepers and as per your settings, show a port as open or closed for communication. You can grant rights for different applications to gain access to the internet and also in a reverse manner by blocking outside applications trying to use ports and protocols and preventing attacks. Hence you can block ports that you don’t use or even block common ports used by Trojans.

Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent computers on the network from accessing your data. Firewalls often use a combination of ports, protocols, and application level security to give you the desired security.

Firewalls are configured to discard packets with particular attributes such as:

• Specific source or destination IP addresses.

• Specific protocol types

• TCP flags set/clear in the packet header.

Choosing a firewall:

Choose the firewalls which have the ability to ward of all intrusion attempts, control applications that can access the internet, preventing the malicious scripts or controls from stealing information or uploading files and prevent Trojans and other backdoor agents from running as servers.

The purpose of having a firewall cannot be diminished in order to gain speed. However, secure, high-performance firewalls are required to remove the bottleneck when using high speed Internet connections. The World-Wide-Web makes possible the generation of enormous amounts of traffic at the click of a mouse.

Some of the good firewall performers available in the market are below:

• BlackICE Defender

• eSafe Desktop

• McAfee Personal Firewall

• Neowatch

• Norton Personal Firewall

• PGP Desktop Security

• Sygate Personal Firewalls

• Tiny Personal Firewall

• Zone Alarm

• Zone Alarm Pro

Most of these firewalls are free for personal use or offer a free trial period. All the personal firewalls available can’t ensure 100% security for your machine. Regular maintenance of the machine is needed for ensuring safety.

Some of the tasks advised for maintaining system not prone to intrusions:

• Disable file and print sharing if you are not going to be on network.

• Update your antivirus signature files regularly.

• Use a specialized Trojan cleaner.

• Regular apply security patches to your software and operating system.

• Don’t open email attachments if you have don’t know the contents it may contain.

• Don’t allow unknown applications to access to the internet or to your system.

• Regularly check log files of your personal firewall and antivirus software.

• Disable ActiveX and java and uninstall windows scripting host if not required.

• Turn off Macros in Applications like Microsoft Office and turn macro protection on.

• Check the open ports of your system and see them against the common list of Trojans ports to see if they are being used by some Trojan.

• Log Off from your internet connection if not required. Being online on the internet for long duration gives any intruder more and sufficient time to breach system security.

• Unplug peripherals like web cam, microphone if they are not being used.

About The Author

Pawan Bangar,
Technical Director,
Birbals,India
ebirbals@gmail.com