Phishing is one of the most common forms of social engineering attacks.   The word “phishing” is a spin-off of the word “fishing”; the idea is that bait presented by the attacker knowing that most will ignore it but a few will bite on it.  Phishing attacks usually involve an attacker sending an email or displaying a fake web page that claims to be from a legitimate business in an attempt to trick the victim into giving up personal information.

Many times the victim is directed to a website where they are asked to update their personal information, password, credit cart number, bank account number or other information that a legitimate company would have access to.  Unfortunately, the web site is fake and is actually stealing the user’s information.

The Anti-Phishing Working Group (AWPG) reported that the number brands hijacked per year is on the rise.  In August of 2009, there were a record high number of unique phishing sites at 56,362.

One of the reasons why phishing is so dangerous is because both the email and fake websites look legitimate.  They contain the logos, color schemes, and wording used on the real sites and within the organizations that they are impersonating.  This makes it difficult to tell that they are fake.

In addition, there are several different kinds of phishing attacks.  These include:

• Spear phishing: Typical phishing attacks are sent like spam to many users while spear phishing attacks target specific users.  The emails are customized to each victim using their real names and personal information.
• Pharming: Instead of sending a fake email and asking users to visit a bogus site, pharming automatically redirects users to the attacker’s site.  This is done by the attacker actually taking control of the legitimate business’s website or web servers.
• Google phishing: This is when an attacker sets up a fake search engine and redirects traffic to fake sites.  Some of the search results may go to the legitimate sites while searches for specific online banking and financial sites may be impostors.

Phishing sites tend to appear and disappear suddenly to avoid being traced.  According the APWG the average time a site is online is only 3.8 days.  The United States has overtaken China as the top country hosting phishing sites with over three quarters of the World’s hosted sites.

Because phishing uses social engineering to trick victims into responding to an email message or into visiting a fake site one of the most effective forms of defense is to teach users how to recognize phishing attempts.  We will cover these signs and other techniques to protect yourself against phishing attacks in our next post.

Many RATs mimic the functionality of legitimate remote control programs but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games, screensavers, and other seemingly useful programs that unsuspecting users then run on their computers. Typically, exploited users either download and execute the malicious programs or are tricked into clicking email attachments.

In many cases, hackers can customize their RAT program.  They can:

• Set IP port numbers to use
• Decide how it hides
• Decide whether it uses encryption
• Determine when and how the program communicates

After setting up the RAT’s behavior, the intruder generates the program and then tricks the victim into running it.

Once an attacker has control of a system they can do anything a full administrator can do, including sending spam or  using multiple machines to launch coordinated distributed denial of service attacks.  If your PC has a microphone or Webcam many RATs can turn them on and capture your conversations and video. Everything you say and do around the PC can be recorded!

Enterprising intruders are known to collect thousands of compromised machine IP addresses to sell or trade to other criminals.

Popular tools for remote administration include SubSeven and the now infamous Back Orifice, which allowed a user to control a computer across a TCP/IP connection, on a local LAN or across the Internet.  Once installed on the victim’s computer it concealed itself and did not show up in the task list or close program list.

Back Orifice ran every time the computer started.  Its’ developers claimed that, “it gave its’ user more control of the remote Windows machine than the person at the keyboard of the remote machine.”

Another more recent remote administration tool is Bandook.  It is a backdoor Trojan horse that infects Windows 2000, XP, 2003, and Vista.  Not only does the Bandook RAT allow remote access to another computer but it also includes features that can be used maliciously, such as a screen capture utility, keystroke logger, and process and file manager.

If a virus or email worm has ever infected your computer, it is a prime candidate for a RAT. Typical antivirus scanners are less likely to detect RATs than worms or viruses, even though the best anti-malware weapon is an up-to-date, proven antivirus scanner.

A clear sign of a RAT infection is an unexpected open IP port on the suspect machine.  When you think that a PC has been infected, disconnect the PC from the Internet so that the remote intruder can’t do more damage and investigate any suspicious ports using a good port enumerator.

If your work is mission critical with little tolerance for risk it is advisable to completely reformat any compromised machines.

If you would like to know more about the other types of malware, read the following resources.  To find out more about viruses go HERE, worms HERE, rootkits HERE and finally for spyware go HERE.  Now, lets continue with Trojan horses.

What makes a Trojan unique from other types of malware is that it masquerades as a program that performs a useful function.  For example, the victim thinks that they are getting a screensaver of their favorite singer, free software, or music when in actuality it is also installing a backdoor to allow remote control of your computer system.

The term, Trojan horse, comes from the Greek story of the Trojan War, where the Greeks give a giant wooden horse as a gift to their besieged foes, the Trojans who are inside the city of Troy. After the Trojans drag the horse inside the city walls, Greek soldiers sneak out of the horse’s hollow belly and conquer the city.

Similarly, when an unsuspecting victim installs that useful new utility they may be literally opening a can of worms. The effects of a Trojan horse can be as benign as changing your background or installing silly icons on your desktop.  Unfortunately, it can be as dangerous as allowing complete or administrator level control of your system.

Trojan horses can be classified based on how they breach systems and the damage they cause. Some of the main types of Trojan horses include:

• Remote Access Trojans (RATs)
• Data Sending Trojans
• Proxy Trojans
• FTP Trojans

Remote access Trojans are arguably the most dangerous malicious code used by hackers.  They are designed to run invisibly on victim’s computers and give an intruder complete remote access and control.

Data sending Trojans can look for specific pre-defined data such as credit card numbers or passwords or they could simply install a keylogger and send all recorded keystrokes back to the attacker.

A proxy Trojan is a type of Trojan horse designed to use the victim’s computer as a proxy server that sits between the attacker’s computer and a real server.  This gives the attacker the ability to do everything from your computer, including the possibility of conducting illegal activities such as sending spam or use your system to launch attacks against other networks.

A FTP Trojan is designed to open port 21, the port for FTP transfer, and lets the attacker connect to your computer using File Transfer Protocol, FTP.

Due to the growing popularity of botnets among hackers, Trojan horses are becoming more common.   Recent surveys assert that Trojan horses account for 83% of the global malware detected in the world.

The best Trojan horse and anti-malware weapon is an up-to-date antivirus scanner.  Good antivirus software is designed to detect and delete Trojan horses, as well as prevent them from ever being installed.

Although it is possible to remove a Trojan horse manually, it requires a full understanding of how that particular Trojan horse operates. In addition, if it is possible that a hacker has used a Trojan horse to access a computer system, it will be difficult to know what damage has been done. In situations where the security of the computer system is critical, it is better to simply reformat the hard drive and reinstall the operating system and software.

There are some spyware programs that are particularly nasty and can disable the firewall and antivirus programs. This leads to the installation of more spyware on your computer. Here, you have to ensure that the antispyware programs run properly and are updated. You always need to look out for fake messages from Windows Security Center. There is some crafty spyware with pop up messages in the system tray that look like the real deal.

Extra Desktop Icons: This is one of the obvious signs of a spyware infection. Never click strange icons on the desktop. Things may become worse when trying to uninstall or delete the icons. To remove these programs, a spyware remover is best.

Costly phone Bill: Although, this is less common, it still does happen and can affect anyone who still uses dialup Internet access. These programs use the computer’s modem, to place expensive long distance calls. Unfortunately, it is a hard symptom to spot. This is one of the reasons why operators need to perform regular spyware scans on their system.

Key loggers: These are one the scariest forms of spyware. From passwords, to sensitive personal details, to credit card numbers, they record everything you do on your computer system. Theft of such data leads to financial hardship and privacy invasion. In case people notice any strange activity on their credit cards or bank accounts, it is important to contact your financial institutions and immediately run a spyware scan.

Good spyware removal utilities have three critical facilities that include a scan, repair, and a registry backup function. It is important that your spyware cleaner makes a good registry backup in case the system fails to function properly after the spyware cleaner runs.

These cautionary steps may save you a ton of money and despair down the road. Regular spyware scans in combination with good firewall and antivirus program will keep you worry free and safe while you enjoy surfing online.

Many protections are built into devices, such as allowing users to set a strong, five-digit PIN code for Bluetooth devices so that access is harder to crack, and most digital phones have encryption capabilities, which reduce the chance of someone latching onto a conversation. Mobile anti-virus software is also becoming more available, which is used for various device platforms.

Cell phone use varies around the world. In Japan, cell phones are used for financial transactions similar to a credit/debit card. Other uses include watching live TV, gaming, picture enhancement, and GPS navigation. On average, Japan is approximately five years ahead of the U.S. in regards to cell phone technology.

With the advanced use of cell phones in Japan, security capabilities are advanced as well. For example, NTT DoCoMo’s P903i includes security features such as face recognition and password protection in order to make financial transactions. Another protection has the owner of a cell phone keep a security chip in their pocket or purse, and anytime the cell phone is out of range, it will lock and prevent usage. These methods, plus the protections mentioned for the U.S. above, can provide greater security, however, the risk of using the Internet and data being hacked during transmission is still high. Additional protection by cell phone service providers and manufacturers need continuous improvement because the wireless technology, and threats against it, is here to stay.

Cell-phone viruses downloaded from the Internet spread the same way as a computer virus. Infected files are downloaded using the phone’s Internet connection, or downloaded to a computer and then synchronized or transferred to the phone. In order to protect a cell-phone from this type of exploit the user should verify the authenticity of downloads to make sure they are from trusted sources. In addition, users should consider using mobile antivirus software and synchronize files selectively since frequent synchronizing gives the maximum opportunity for transferring infected files.

Bluetooth wireless connection threats occur when a user receives a virus via Bluetooth while the phone is in discoverable mode, thus the user should turn off Bluetooth and discoverable mode until it is needed. In order for a virus to spread via an MMS message it must be included as an attachment. In order to stop a virus propagated in this manner, the user should not open unexpected attachments.

Users should be vigilant in keeping their software current by regularly checking for new versions of operating system and applications. In addition, they must exercise caution towards suspicious attachments, downloads, and activity.

Multiple levels of defense create the most effective protection. The first layer should secure the cellular infrastructure, including transmission towers and the mobile telecommunications switching office. The second level of protection resides with phone manufacturers and software developers. The third level of protection is the end user’s responsibility.

A simple step end users can take is to monitor their battery usage, since one telltale sign of active malware is a quickly drained battery. Also, users should lock their keypad when not in use to prevent unauthorized access and change passwords frequently.

About the Author:

This article was written by Michael Linn. He  is a computer security professional with experience protecting small business and home networks. He also teaches the basics of computer network security by authoring numerous articles and creating educational materials related to information security.

Sources:

1. http://www.microsoft.com/protect/yourself/mobile/bluetooth.mspx
2. http://ringtone-download-review.toptenreviews.com/avoid-cell-phone.html
3. http://www.wired.com/techbiz/media/news/2006/10/72027
4. http://www.japaneselifestyle.com.au/culture/japanese_cell_phone_culture.html
5. http://juniperresearch.com/shop/viewpressrelease.php?pr=40
6. http://www.howstuffworks.com/cell-phone-virus.htm
7. http://www.microsoft.com/smallbusiness/resources/ArticleReader/website/default.aspx?Print=1&ArticleId=Cellphonevirusthreatswhytheyshouldntbedismissed

One common method of attack involves saturating the target machine with communications requests, so that it cannot respond to legitimate traffic, or responds so slowly that it is effectively unavailable.

During normal network communications using TCP/IP, a user contacts a server with a request to display a web page, download a file, or run an application.  The user request uses a greeting message called a SYN.  The server responds with its own SYN along with an acknowledgment (ACK), that it received from the user in initial request, called a SYN+ACK.  The server then waits from a reply or ACK from the user acknowledging that it received the server’s SYN.  Once the user replies, the communication connection is established and data transfer can begin.

In a DoS attack against a server, the attacker sends a SYN request to the server.  The server then responds with a SYN+ACK and waits for a reply.  However, the attacker never responds with the final prerequisite ACK needed to complete the connection.

The server continues to “hold the line open” and wait for a response (which is not coming) while at the same time receiving more false requests and keeping more lines open for responses.  After a short period, the server runs out of resources and can no longer accept legitimate requests.

A variation of the DoS attack is the distributed denial of service (DDoS) attack.  Instead of using one computer, a DDoS may use thousands of remote controlled zombie computers in a botnet to flood the victim with requests.  The large number of attackers makes it almost impossible to locate and block the source of the attack.  Most DoS attacks are of the distributed type.

An older type of DoS attack is a smurf attack.  During a smurf attack, the attacker sends a request to a large number of computers and makes it appear as if the request came from the target server.  Each computer responds to the target server, overwhelming it and causes it to crash or become unavailable.  Smurf attack can be prevented with a properly configured operating system or router, so such attacks are no longer common.

DoS attacks are not limited to wired networks but can also be used against wireless networks.  An attacker can flood the radio frequency (RF) spectrum with enough radiomagnetic interference to prevent a device from communicating effectively with other wireless devices.  This attack is rarely seen due to the cost and complexity of the equipment required to flood the RF spectrum.

Some symptoms of a DoS attack include:

• Unusually slow performance when opening files or accessing web sites
• Unavailability of a particular web site
• Inability to access any web site
• Dramatic increase in the number of spam emails received

To prevent DoS attacks administrators can utilize firewalls to deny protocols, ports, or IP addresses.  Some switches and routers can be configured to detect and respond to DoS using automatic data traffic rate filtering and balancing.  Additionally, application front-end hardware and intrusion prevention systems can analyze data packets as they enter the system, and identify if they are regular or dangerous.

Sources:

1. http://www.us-cert.gov/cas/tips/ST04-015.html
2. http://www.pentics.net/denial-of-service/white-papers/smurf.cgi
3. http://www.denialinfo.com/dos.html
4. http://www.cert.org/tech_tips/denial_of_service.html
5. http://en.wikipedia.org/wiki/Denial-of-service_attack
6. Network Security Fundamentals, Third Edition, Cengage Learning

There are many types of rootkits that are programmed to perform various differing actions.  Some variations have the capacity to capture and transmit sensitive data, such as, PINs, account passwords, and credit card numbers.  Another troubling aspect is that many rootkits have been designed to replace or overwrite important parts of operating system software, which may then be used to hide processes or programs that the attacker installs.

A rootkit is designed to seize control of an operating system at its core, usually by exploiting kernel-level vulnerabilities.  It is common for a rootkit to attempt to erase the system event logging of the operating system in order to erase any evidence of their activities.

Many times rootkits act as Trojan Horses and masquerade as a useful program.  Acting in this capacity an attacker attempts to trick the target into installing and running the malicious software on their computer system.  A rootkit may install a “back door” within the target system by replacing the login mechanism with a similarly acting but malicious sub-program that accepts a secret login combination, thereby allowing an attacker access to the host system, typically as the root user.

Rootkits have been discovered on numerous operating systems including:

• Windows
• Mac OS
• Linux
• Solaris

A true rootkit cannot escalate an attacker’s privileges before it runs on a system.  Therefore, the first thing an attacker must do is install a penetration mechanism to enter the target system.  Second, the actual rootkit payload must be installed by a user with admin privileges.  This administrator is typically the attacker using a privilege escalation exploit or an unwitting user that has been duped.

A system with a successfully installed rootkit is said to be “rooted”.  Rootkits are hard to detect with common antivirus programs therefore scanning with specialized software is necessary to uncover them.  Some free rootkit scanners include:

• Microsoft’s RootkitRevealer
• F-Secure’s Blacklight

Unfortunately, the results of these scans can be a bit cryptic and require a lot of research and posting to forums to understand whether a rootkit is present.  Many times the safest route is to reformat your drive and reinstall your software to a safe state if you think that you have been rooted.

Rootkits are quite powerful.  And since they must be installed by an attacker with root-level access it is worthwhile to have safeguards in place to prevent the attacker from getting root in the first place.  Some precautions include:

• Using difficult to guess passwords
• Applying security patches
• Closing unused ports.

These security measures are very helpful in preventing attackers from gaining root and installing rootkits however you are still not 100% safe.  An attacker may still be able to find some unknown hole in your system and gain root.

Perhaps the best way to defend against rootkits is to use program integrity checkers like Tripwire.  These integrity-checking tools create a cryptographically protected digital fingerprint of your critical files.  You can then compare a trusted baseline version of your system against any suspect later versions and analyze what has changed.

Sources:

1. http://www.rootkit.com/
2. http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci547279,00.html
3. http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
4. http://www.f-secure.com/en_EMEA/security/tools/blacklight/
5. http://www.informit.com/articles/article.aspx?p=23463&seqNum=3
6. http://www.tripwire.org/

The insidious nature of cross-site scripting or XSS comes from how the attack occurs.  The website you are visiting is actually used by hackers to attack visitors.  The malicious code that steals your data is presented in the form of simple links, online forms that you fill out, or just visiting by infected sites.

XSS doesn’t look suspicious to the naked eye because of the variety of methods available to present the malicious attack to users.  Common XSS delivery types include:

• JavaScript
• VBScript
• ActiveX
• Flash
• Even HTML!

Each of these types of software code is essential to building websites and perform numerous functions to ensure proper functionality.  Attackers search for vulnerable websites and applications to fool users in order to gather confidential data from them. Using XSS fraud, everything from account hijacking, identity theft, changing user settings, redirecting the browser to a different location, or showing fraudulent content delivered by the website being visited is possible.

Attacker’s favorite targets include message board posts, instant messages, and web chat software. Sometimes the unsuspecting user is not required to interact with any additional site or link; just simply viewing the web page containing the malicious code can delivery the payload.

Some ways to protect yourself from Cross Site Scripting attacks are to only follow links from the main website that you wish to visit. Avoid clicking on unsolicited links and hyperlinks even if they look innocent. For instance, if you come across a link that says that it will re-direct you to CNN’s website, instead of clicking on that link, type CNN’s URL into the browser and visit the website on your own. In addition, be sure to keep your plug-ins, such as your Flash Player, and Java up-to-date.

XSS can be executed automatically when you open an email or email attachment, or when you read a guestbook or bulletin board post. If you plan on opening an email or read a post on a public board from a person you don’t know BE CAREFUL. One of the best ways to protect yourself is to turn off JavaScript in your browser’s settings. In Internet Explorer, turn your security settings to high.

It is tough to avoid XSS holes; they have plagued even the most credible websites. Some of the websites that have been infected include:

• FBI.gov
• CNN.com
• Time.com
• Ebay.com
• Yahoo
• Apple
• Microsoft
• MySpace
• Wired.com

What precautions do you take against cross-site scripting attacks? Leave a comment below.

Sources:

1. http://en.wikipedia.org/wiki/Cross-site_scripting
2. http://projects.webappsec.org/Cross-Site+Scripting
3. http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw
4. http://www.cgisecurity.com/xss-faq.html

There are two main types of firewalls.

1. Hardware Firewalls
2. Software Firewalls

A hardware firewall is generally considered to be more secure than a software firewall.  This is because a software firewall is integrated into the vulnerable operating system of the target machine.  Whereas a hardware firewall uses an obscure proprietary operating system programmed by the manufacturer.

Since the software firewall is more common this post will cover the following details of firewall software.

• Functions
• Configuration
• Types

Functions of Firewall Software:

The function of firewall software within a network is  similar to that of a building with fire doors. Just as a firewall of a building is meant to prevent the fire from spreading to adjacent building structures, firewall software prevents intruders and malware from infecting your computer or network.

Firewall software permits the flow of relevant data and blocks all irrelevant and suspicious data from entering. Relevant files such as legitimate communications, video files, music files, or photo files which are retrieved while browsing or surfing on Internet, are allowed to enter into your computer or network.

Irrelevant or bad data such as hacker scripts or programs that are placed on the Internet to corrupt important files, steal personal information, or hijack your system are blocked. Hackers generally attempt to invade computer files through your computer’s ports.

A Firewall forms a protective layer and takes the responsibility of monitoring your computer ports. It also regulates the flow of incoming and outgoing data. It acts as a barrier to hackers.

Many people have the misconception that antivirus software is completely protecting their computers from hackers. However, antivirus software can fail to protect your computer against severe hacker attacks.

Regardless of the type of Internet connection (dial-up, DSL, or broadband connection), your computer is at great risk while it is hooked up to the Internet.

Many software firewalls come with a user interface that is easy to understand and preset security levels. In addition, hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and ethernet hub for broadband connections can be found for well under $100.

Proper Configuration of Firewall:

Firewall software can be worthless if it is not properly configured. Standard security procedure usually follows a default DENY rule.  Which means that only selected network connections are allowed. Unfortunately, use of such a configuration requires a thorough knowledge of your network’s application and its end points, and the day-to-day activities of your organization.

Deficient of such knowledge, many businesses therefore use a default ALLOW rule. This rule blocks only specified traffic and allows the flow of non-specified traffic. Such a configuration can cause unwanted network connections and the system is also more susceptible to being compromised.

Your best bet is to read the documentation and instructions and configure your firewall according to the needs of your organization or network. Additionally, you should periodically review the logs to see who has been trying to connect to your network and adjust your firewall’s setting accordingly to mitigate new threats.

Once you have a firewall in place, you should test it. A great way to do this is to go to www.grc.com and try their free Shields Up! Security test. You will get immediate feedback on just how secure your system is!

Sources:

1. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1127065,00.html
2. http://www.webopedia.com/TERM/F/firewall.html
3. http://www.microsoft.com/security/firewalls/faq.aspx
4. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html
5. http://computer.howstuffworks.com/firewall2.htm
6. http://en.wikipedia.org/wiki/Firewall_(computing)

Spyware can also install other spy software such a keyloggers and even redirect your web browser. For instance, you may think you have arrived at your usual websites. However, in reality, spyware directs you to a fake website that looks the same as that of the original sites. This is called a browser session hijack.  The purpose of this is often to steal your private or financial details.  They can also redirect users to advertisements where the hijacker earns commissions when an unsuspecting surfer pays a visit to the site.

Another problem is that spyware can affect the efficiency of a computer. So when a user tries to open their home page, it shows some sort of error or displays some malicious script to users. It can also change the settings of your computer, resulting in a slow Internet connection and loss or corruption of important data and programs.

The symptoms of spyware vary. For instance, the speed of the computer may be affected or the hard drive may make strange sounds. Another symptom to look out for is pop-up ads. If secret, spyware is residing on your computer, these pop-up ads may spring up every few seconds, while surfing the Internet.

You also need to watch out for other tale-tell signs like unfamiliar icons, web browsers and menus. In some cases, the cursor of the mouse floats across the webpage, the page displays weird error codes, or you receive spam emails in your inbox.

Spyware software is usually installed onto your computer by piggybacking on a piece of desirable software such as Kazaa, or by tricking you into installing it.  Some spyware programs masquerade as security software.  The distributors of spyware usually presents the program as useful software, for instance, as a “Web accelerator. Users download and install the software without suspecting that it could cause harm.

The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment makes it an obvious point of attack into Windows.

The advent of spyware started when Internet advertisers and marketers decided to trail the surfing behavior of Internet customers. They thought that by knowing this, they would know what consumers look for when purchasing products over the Internet. This way businesses could sell their goods more effectively and it would be beneficial for Internet customers in a sense that, consumers get exactly what they were looking for. It was supposed to be win-win situation for consumers as well as for advertisers when the spyware served the customers with targeted advertisements or sites.

Unfortunately, the software has fallen into the wrong hands. It has become a favorite tool of Internet hackers. Unscrupulous people started infiltrating into other private activities and areas of peoples’ computers which lead to severe problems such as identity thefts, security threats, password theft, and so on. These problems lead to the introduction of different antispyware solutions such as spyware removal software and antispyware software.

An attacker or malware only requires three elements to exploit the vulnerability:

1. A flaw in the system.
2. An attacker’s access to the flaw.
3. The attacker’s ability to exploit the flaw.

In a recent experiment conducted in the United States, several new Windows XP computers were connected to the Internet using a DSL connection. They had the latest operating system patches but no anti-virus and no firewall. They recorded an average of 300 security intrusions per hour at the end of the first day!

Some of the common yet dangerous computer and network vulnerabilities include:

• Unsupported or unpatched operating systems. Windows 95, 98 and NT Networks are no longer supported by Microsoft. XP Home or Windows Me are never appropriate for office usage. Only Windows XP Professional or Vista Business is recommended for office usage. Make sure that your operating system has the latest service pack updates installed.

• Even though anti-virus software is installed on 95% of the computers, in 90% they are not configured properly. Then what’s the point of having anti-virus SW? Make sure that you download and install periodic updates from the Internet.

• Never go for free or cracked anti-virus software to save a few bucks and expose your computer to serious threats.  Free AV is only recommended for light computer use.

• If you are an Internet junkie that engages in risqué habits (i.e. pornography, black-market, and underground sites) then it is imperative that you install a hardware firewall as opposed to just a software firewall.

• Most of the time it is we who expose our computer or network to vulnerabilities by downloading and installing peer-to-peer file sharing software like Kazaa, Limewire, Morpheus etc.

• Downloading and installing screensavers and playing online games can also be threatening to your computer due to patchy software with vulnerable holes.

• Installing Freeware or software that is free. We do it because…well…they are free! But they can be also dangerous, you just don’t know where it came from or if it is being properly maintained and updated.

• Not backing up your data is a disaster waiting to happen.  All hard drives will eventually fail.  So, unless you are backing up your data regularly, be prepared for it to vanish.  There are companies that can recover your data but they are expensive!

Also, power spikes and outages are also extremely dangerous for your computer and network. So using a UPS will prevent this, and prevent disconnections from the net.

If you have a wireless network, you should be even more careful with your network. It is extremely easy to sneak up on wireless networks and go undetected. And since a wireless connection is popular nowadays, you probably have even noticed, while you are checking your mails sitting in your bedroom; your neighbors network! Some ways to protect your WiFi connection are:

• Use preferred encryption methods in this order:

1. WPA2
2. WPA (been cracked)
3. WEP (been cracked). Use WPA and WEP if you have no other choice.

• Change your SSID code every two weeks and keep it something obscure that is hard to guess.
• Keep the ‘broadcast SSID’ option in your WiFi turned ‘off’.
• Turn off your WiFi when you are not using it and use an alternative.
• Disable DHCP on the entire network.

Install a web filter. This device controls access to certain websites and content. If you have children in the house, you might want to keep this turned on. There are some open source web filters available on the web like:

B Gone

K9 Web Protection

Privoxy

Parental Filter

Install a spam filter, desktop firewall software, and antivirus and make sure that you update and maintain these regularly.

Installing encryption software will prevent prying eyes from gaining access to your personal data. Apple has harddrive encryption functionality built-in. It is called FileVault. However, it does not work with Time Machine.?

There are also various password management software that let you create and remember extremely complex passwords. A useful tip: never use a single password for everything. Never use the password you use for your emails and bank accounts on open source software.

It is also important to install a back-up and recovery system. So that if, unfortunately, your computer crashes, you will still have all the important data and files intact.  These few tips will go a long way toward maintaining a secure home network.  The rest involves staying up to date on the latest security threats and acting accordingly.

The very first computer worm was unleashed accidentally in 1988 by Robert Tappan Morris. Another well-known computer worms was the SQL Slammer Worm of 2003, which owing to vulnerability in the Microsoft SQL, spread itself across the Internet.

The Blaster Worm used the Microsoft DCOM RPC, which is a technology for communication among software components across networked computers, in order to spread itself.

Some worms like the 1999 Melissa Worm, the 2003 Sobig Worms and the 2004 Mydoom worms used email to spread. These worms had some qualities of Trojans whereby they attached themselves to an email attachment and prompted the end user to open the attachment thereby causing infection to the computer.

To prevent computer worms infection and spreading:
• Keep the operated system, hardware, and software patched and up to date.
• Never open unsolicited email attachments because there could be a Trojan-like worm inside. The worms in attachments are not just limited to .exe files but can also be contained in Word and Excel sheets.

Worms can also spread through Instant Messaging services. There also may be links, which lead to malicious sites. Once clicked, the worm may be transferred through the network to your computer.

However worms are not always malicious. There have been ‘good’ worms as well! For example, the Nachi family of worms had been created to perform useful functions like download and install patches from Microsoft’s website to fix vulnerabilities in the host system.

However, the most important protection against this especially dangerous type of malware is caution and good antivirus software.

‘Virus’ is the most commonly uttered word in cyberspeak! But we often utter it without knowing what it actually means. Technically, a virus is a malicious program or a piece of code that is loaded onto your computer without your knowledge and runs against your wishes. They can replicate themselves and spread all over the network and into other networks by doing so.

Viruses are dangerous because they can use up all available memory or make your computer crash. An even more dangerous type of virus is one that can breach security systems and travel to other networks.

The earliest virus was the Creeper virus back in the days of the ARPANET (Advanced Research Projects Agency Network – a primitive version of the Internet) in the 1970s.

It was a self replicating program written by Bob Thomas at BBN in 1971. Creeper gained access to the DEC PDP- 10 computers running the Tenex Operating System through the ARPANET. It copied itself to the remote system where the message: “I’m the Creeper, catch me if you can…” was displayed. Later a program called the Reaper was used to delete the Creeper!

The more common type of viruses are Macro-viruses which have become common since the 1990s. Most of these viruses are written in the scripting languages of Microsoft programs, such as Office, and infected Word documents and spreadsheets.

But a virus may also be sent as a web address link over the Internet. An innocent user may think that the link is from a trusted source. And upon clicking, the virus will then execute on the system, unleashing it’s payload.  The most common way of delivering viruses to potential victims is through attachments on emails.

Once a computer has been infected by a virus, it is generally unsafe to continue using it without removing the virus and restoring it to a safe state.  In worst case scenarios it may require reinstalling the whole operating system. The System Restore option in Windows comes in handy because it restores the registry and critical system files to a previous checkpoint.

Here are some easy ways to spot if your computer is infected by malware. For your convenience, we will divide the symptoms in two broad categories: Symptoms found during surfing the net and symptoms found while generally working on the computer.

While Internet browsing, your computer may be infected if:

• Excessive pop-ups that keep popping up no matter whatever you are browsing. Also if these pop-ups are X-rated, you can be sure that something is not right!
• You are greeted with a homepage that you don’t recognize or don’t remember having set it. If repeated attempts at changing the settings fail, you should definitely be concerned.
• Your browser crashes unexpectedly or presents error messages mentioning unusual file names.
• Browsing speed is slow. But in certain countries owing to a difference in bandwidth, browsing speed maybe naturally slow. What I mean is, if your browsing speed is slower than usual and if you find pages taking an eternity to open, you should definitely scan your computer for infections.
• Your bookmarks or your favorites have changed without your knowledge.
• The search engine preferences have been changed without your knowledge.

While general use, your computer may be infected if:

• Your computer becomes slow, programs do not respond to commands and machine hangs.
• You notice unfamiliar icons and shortcuts on your desktop which weren’t there before. Also if there are significant changes in your desktop appearance, color schemes wallpaper, font size etc.
• Your computer shuts down unexpectedly.
• Your taskbar vanishes.
• You notice unfamiliar message boxes.
• While shutting down, your machine notifies you that there are ‘other users’ connected to the same network.
• Your machine freezes without warning.

We are cognizant of the fact that each computer user will have their own preferences when it comes to choosing the antivirus software that is best suited for them. While one user may want fast scanning another may require a built-in firewall.

Without getting into a pointed row, we want to give you our suggestions for the top free antivirus software available. These three were chosen because of their popularity and our own personal experiences. We will not try to rank them but instead randomly present them along with their respective benefits and faults.
So, when it comes to the best FREE antivirus software, the A’s win hands down. They are, in no particular order:

• Avast Home Edition Anti-Virus
• Avira Free Personal Anti-Virus
• AVG Anti-virus Free Edition

Lets begin with Avast. The user interface is relatively simple, functional, and customizable with loads of features. It has an ‘active protection’ feature that monitors seven different ways a virus could enter your computer which includes Internet browsing, checking emails, file sharing and so on.

Avast lets you scan the computer upon boot up. However, if you choose to scan on start up, the booting process may take a longer than usual.

Avira lacks the built-in anti-spyware detection system that Avast boasts, but it has a higher virus detection rate than Avast. The anti-spyware is available only with the paid version of Avira.

AVG is the most popular free antivirus software on the market. Its interface is polished and easy to use.

Although AVG detects viruses as well as spyware, its detection rate is slightly slower than Avast.

A lot of functionality is left out of the free version of AVG and is available only in the paid version. Despite this, AVG still provides good overall basic protection for your machine.  In the end you will have to choose for yourself depending on your needs.  The price is right so you can give all three a try.

The links where you can pick them up are below.

Avira

Avast

AVG

What are your suggestions for free antivirus software?