Apr
14

wordpress-under-attack-cropSince 12 April 2013, the WordPress blog system world-wide is facing its most serious coordinated brute force attack. Some WordPress hosts have reported that they have blocked as many as 60 million requests against their hosted WordPress customers in a single hour.

This attack, which targets administrative accounts, appear to be coming from a sophisticated botnet that may have as many as 100,000 computers, based on the number of unique Internet addresses the attacks are coming from.

…And Internet security experts have estimating that the botnet has the power to test as many as 2 billion passwords in an hour.

WordPress users should always make sure that their passwords, especially for admin accounts, are long and not guessable from a password list. Of course, that’s good advice for just about any password you use, but it’s especially applicable right now.

While it’s difficult to tell what the aggressor is trying to accomplish with this current round of password cracking, the consequences could be disastrous. It has been suggested that the perpetrator could be trying to upgrade a botnet composed of ordinary PCs into one that is made up of servers.

Last year, a brute force attack against Joomla sites created a server-grade botnet, created with a tool called Brobot, that overwhelmed US financial institutions with DDoS attacks.

One risk is that personal bloggers that set up WordPress installations might not have thought to set up a highly secure password. However, it’s not just the blogger’s posts that are at stake, as the attacker could potentially use the login to gain access to the hosting server, a more valuable prize that could cause even more damage.

This botnet is going around all of the WordPress blogs it can find trying to login with the “admin” username and a bunch of common passwords.

If you still use “admin” as a username on your blog, change it, use a strong password, and better still change the name of the admin account to something else, which will certain block the botnet attack.

I personally run 7 WordPress blogs, excluding this GERGABlog, and a year or so ago, after a attack crippled 3 of the sites, I removed the default “Admin” account and had set very strong passwords on all of them.

On Friday evening I installed a small plugin, recommended by my hosting company, which blocks an Internet address from making further attempts after a specified limit of retries is reached. I set the plugin to log all Internet Addesses that had been locked out, and after barely 30 minutes, 3 of my 7 blogs had logged more than 5 Internet addresses that has tried to attack my blog and had been locked out. I could see that the attack was underway and was very glad that my paranoia had paid off!

Mar
02

Moodle and Blackboard are both popular online LMS solution (Learning Management System) with which the Faculty of Health Sciences can develop complete online courses that can include multimedia content.

How do the two compare to each other and what are the benefits unique to each course delivery system?  Let’s explore some of these benefits of  Moodle and Blackboard.

Firstly let’s clear the deck and note what Moodle and Blackboard are.

Moodle is an Open Source Learning Management System that is provided freely and can be run on many operating systems. According to the Moodle website it is “free to download, change, share, improve, and customize to whatever you want it to be,”. Therefore, any lecturer can use it to build or supplement a course.

Blackboard on the other hand is a proprietary Learning Management System and its use is typically limited to institutions like the university which pay a sizeable fee each year to take on a license agreement for its use. Each and every student at the university pays a small amount every year for the licencing.

Moodle’s is definitely the gawky teenager here. It is constantly in a state of development and improvement, there’s no waiting for the company to fix a bug or impove the program. Being “open source” each and every user has a unique opportunity to contribute to the development of the product.

The new features of Moodle mostly centre around increased usability, these include: easier navigation, improved user profiles, community hub publishing and downloading, a new interface for messaging, and a feature that allows teachers to check student work for plagiarism. Text formats will also allow plug-ins for embedded photos and videos in text (but Blackboard allows for this too).

A major improvement over previous releases is that anyone can set up a community hub, which is a public or private directory of courses. Another notable feature is that Moodle now allows teachers to search all public community hubs and download courses to use as templates for building their own courses. Also, teachers can now see when a student completes a certain activity or task and can also see reports on a student’s progress in a course.

Many small scale open source platforms require that users support the product themselves, getting their “hands dirty” tweaking and improving the hard way – of course using the open source community as their primary resource. However Moodle has an advantage, it has become so popular that a small industry has evolved around it, providing a wide range of support and services. Two of the most popular support and hosting services are  Moodlerooms and Remote-Learner.

Blackboard Learn is Blackboard’s newest and most innovative upgrade to its Blackboard Learn package.

Improvements in its uses for higher education include course wikis (Moodle improved theirs as well), blogs and journals that stimulate conversation and reflection on a course, and group tools that make group collaboration and communication easier than the previous version. Its most notable feature is its Web 2.0 interface, which makes it easy for educators to navigate when adding content to an online course and for students to navigate when accessing course content.

Blackboard Learn now incorporates Blackboard Connect (of course at an additional cost), which alerts students to deadlines, due dates and academic priorities within a course. The new release also allows educators to more easily incorporate videos and photos directly into text for a more complete learning experience.  Finally, Blackboard features Blackboard Mobile Learn (also at an additional cost – and why am I not surprised), which lets students connect to their online courses using various handheld devices, such as the iPhone or iPad.

So, what are the biggest differences?

Features & Functions: Both of these tools have a lot of different functionality available, either natively, or through add-on types of functionality. If different functions are going to be the deciding factor in selecting one of these versus the other, you will really need to drill in and compare and decide for yourselves which features and functions will make the difference for the Faculty.

Cost: This is clearly different. As an open source product, Moodle is simply less expensive. Blackboard is sort of the “Rolls Royce” of today’s LMS, and there are users of the product who would tell you that if you want the best LMS money can buy, you should make the financial commitment to Blackboard. On the other hand, if you want a premier product for a much lower cost, Moodle is really the way to go. Another thing to be aware of is that Blackboard builds substantial annual increases into their pricing model, since they are continually procuring and integration additional products into their offerings, with the intent of adding value for their users.

Product/vendor model: As indicated above, Moodle and Blackboard are very different products with very different vendor models. One is open source, and there are many support and service vendors to choose from, while the other is proprietary and there is just the one company to work with. How that impacts your decision is up to you and your institution to determine.

If you were born after 1960 or so you will realise how frightengly rapid technology is progressing and changing. In the first half of the 2000s, retailers were buzzing about the wonders of MP3 players and netbooks, but by the end of the decade, those products had largely been replaced by smartphones and tablets.

We will all have to face the facts – some of the gadgets you may currently rely on will disappear or made obsolete by the end of this decade in 2020, no longer be produced for a mass-market audience.

In this largely speculative article we ask the question: Which popular products today will join the likes of VCRs, cassette players and transistor radios disappearing from the shelves and our lives forever? (except perhaps in an antique collection)

Standalone GPS Systems

The days of spending R1500 or more on a standalone GPS device won’t last much longer, analysts say. “Portable navigation devices like those sold by TomTom and Garmin will probably not be sold in 2020, just because mobile phones will have taken on that function themselves and because GPS systems will be standard equipment in cars,” says Charles S. Golvin, an analyst at Forrester, a market research firm. So here won’t be much of a need to buy a product whose only function is to tell you directions. If there is a demand for these GPS systems, it will likely come from a very specific segment of consumers, like mountaineers climbing Mount Everest or long-distance truckers or the military, but for the vast majority of consumers, standalone GPS systems will be irrelevant and redundant.

E-Readers

The e-reader has already undergone significant changes in its short history, evolving from a product with a keyboard to one with a touchscreen and more recently being integrated into a kind of a tablet-hybrid, but according to Golvin, the market for e-readers will mostly disappear by the end of the decade. “The tablet will largely supplant the e-reader in the same way that the iPod increasingly gets displaced by smartphones,” Golvin says. “Tablets will take on the e-reader function of handling magazine, newspaper and book reading.” In essence, spending money on an e-reader that can only handle reading when tablets can do this and more will come to seem as useless as buying a GPS system that can only look up directions when other technology does this as well. Just how small the e-reader market becomes may depend somewhat on advancements in display technology. One of the biggest incentives for consumers to buy a pure e-reader is to have an e-ink display (like reading from a book) rather than a backlit display (like reading from a computer screen), but according to Golvin, manufacturers are already working on ways to merge the two reading experiences and create a tablet that doubles as an authentic e-reader. Even then, there may be still be some e-readers on the market at the beginning of next decade, but not many. “It could be that by 2020 you can still buy a super cheap e-reader for R160, but by and large, the volume of sales will be so close to zero as to be indistinguishable, like CD players are now,” he says.

Feature Phones

A feature phone is a mobile phone that, like smartphones, combines the functions of a personal digital assistant (PDA) and a mobile phone. Today’s models typically also serve as portable media players and camera phones with touchscreen, GPS navigation, Wi-Fi and mobile broadband access.

Several of the products that are likely to be phased out will ultimately be the victim of advances to smartphones, and none more directly than feature phones. Tim Bajarin, a technology columnist and principle analyst with Creative Strategies, predicts that 80% of all phones sold in 2015 will be smartphones and every phone sold in 2018 will be a smartphone. This rapid decline will come about thanks to a drop in prices for consumers and an increase in revenue opportunities for carriers. “Even today, the money that is made is not on the phone itself but on the services,” Bajarin says, noting that carriers will opt to “fade out” their feature phone option in favor of smartphones with more services.

Low-End Digital Cameras

When Apple unveiled the iPhone 4S, smartphone competitors probably weren’t the only ones beginning to sweat. Digital camera makers also have much to be worried about. Apple’s newest phone has a killer 8-megapixel camera that takes in more light and records video at 1080p HD video. Until recently, those kind of specs were unique to digital cameras, but increasingly smartphones are taking over the market. “Flip cameras went bye-bye and now low-end camera functions are being taken over by smartphones,” says Rob Enderle, principle analyst for the Enderle Group. Going forward, consumers will have less incentive to carry around a camera when they already have a phone in their pocket that takes quality pictures. “The point-and-shooters – and particularly the cameras that sell for under R1500 – will eventually go away and be replaced by cellphones that do the same thing.” On the other hand, Enderle predicts more expensive and high-tech cameras may have a brighter future, though not by much, as a smaller market of photo enthusiasts seek out professional-quality cameras that go above and beyond what’s offered on a phone.

DVD Players

DVD players are in the process of being phased out now by Blu-ray players and will likely be erased from the consumer landscape by the end of the decade. “The DVD player should be replaced by digital delivery,” says Ian Olgeirson, a senior analyst at SNL Kagan, who points to streaming movie services like Netflix as being the future. “Blu-rays and whatever the next generation high-end movie format emerges could prolong the lifespan because of challenges around streaming, but eventually the disc is going to be phased out.” The idea of placing a disc into a DVD player to watch a movie will eventually seem as outdated as placing a record on a turntable.

Recordable CDs and DVDs

Using CDs and DVDs to view and store content will soon be a thing of the past. “CDs are clearly not going to make it over the next 10 years because everything will shift over to pure digital distribution, so all those shiny discs will be gone,” Bajarin says. This will be due in part to more streaming options for music and movies and a greater reliance on digital downloads, combined with more efficient storage options for consumers, including USB drives, external hard drives and of course the cloud. “All a CD is is a medium for distribution of content … and within 10 years, you won’t need a physical transport medium,” Bajarin says.

Video Game Consoles

Popular video game systems such as the Wii, PlayStation and Xbox may still be in homes next decade, but they will look much different. Rather than buy a separate console, Enderle expects that consumers will instead buy smart televisions with a gaming system built into it, not to mention tablets and smartphones that will continue to ramp up their gaming options. “It looks like analog game systems won’t make it until the end of the decade,” Enderle says. “You are already seeing the Wii have a tough time holding on to the market and PlayStation has been struggling for a while.” The gaming systems that will succeed in the future will be those that manage to move away from being focused solely on video games and more on other entertainment options such as movies, evolving from a traditional game console into more of a set-top box.

By Seth Fiegerman, MainStreet

Oct
07

Steve Jobs – CEO and co-founder of Apple – who passed away on 5th October – hasn’t even been buried yet and already there are numerous scams using his name and company to extort information and money.

As an example, the stevejobsfuneral.com site, attempts to collect e-mail addresses for a supposed lottery with a 1-in-15 chance to win a Macbook. And it links to an online store selling Apple products as way to pay tribute to Jobs, by buying Apple products.

Conveniently for the site, this link also contains affiliate advertising info that brings revenue for any purchases made though the link.

It is probably needless to say that people should avoid stevejobsfuneral.com, which was already registered on September 20th. The vultures have been circling around for quite a while.

Criminals have gotten pretty good at making fake Web sites (for PayPal, eBay, Facebook, etc.) look like the real thing. But what they can’t fake quite as easily is the location of the Web server that’s hosting their fraudulent site. You might be looking at a perfect replica of, say, Bank of America, but if the site is hosted in Uzbekistan, it’s a good bet you shouldn’t input your password.

Flagfox for Firefox makes this kind of detective work simple: it determines the Web server’s physical location and pastes the corresponding country’s flag at the end of the address bar. Clever!

If you’re wondering how it works, Flagfox bases its flag choice on the actual location of the server you’re connected to, rather than just the nationality of the domain name–which may be different.

After installing the plug-in and restarting Firefox, just head to any site and you’ll see the flag at the right end of the address bar. If you click the flag, you’ll get a new tab containing detailed geographic information about the site.

If you right-click the flag, Flagfox pops up a list of other handy tools, including Whois, SiteAdvisor, Web of Trust, and URL-shortener bit.ly. Head to the settings (via Tools, Add-ons) for the plug-in and you’ll find a dozen or so other options you can add to the list.

This is a great little addition to Firefox, one that combines convenience with added security. What’s not to like?

By Rick Broida, PCWorld

So you have gone out and purchased a computer (or a laptop)! Congratulations! It probably cost you a pretty penny and exhausted your bank balance for years to come, and when you start it up, you realise that although you might have a computer, you have no software for it apart from the basic operating system. (like Windows 7) How do you type a document, or create a spreadsheet to manage your budget, or you need to protect your computer against viruses. What can you do when your budget is tight?

Working for the university does has its advantages. You can get this software for really low prices but the licencing terms of that software mean that when you leave the university, you no longer “own” that software. Secondly only you as personnel or a student have the right to get cheap software. Members of your family who are not university students or personnel are excluded!

I did a quick survey of a basic word processing program like Microsoft Word (part of the Microsoft Office suite) and a decent anti-virus software that will protect your computer against viruses and clean up existing infections:

  • Microsoft Office 2010 (Home & Student version – which is as basic as you can get) costs between R550 and R750 retail.
  • An anti-virus program (usually called a security suite) like Norton, McAfee or BitDefender will cost you between R400 and R700 annually (you have to buy an annual subscription so you can download the latest virus definitions to protect your computer)

So you have to fork out between R900 and R1400 for the absolute basic software that you require…Ouch!

But there is a solution – open source or freeware software.

“Open Source” software  refers to any program whose source code is made available for use or modification as users or other developers see fit. Open source software is usually developed as a public collaboration and made freely available. Freeware is software you can download, pass around, and distribute without any initial payment.

Instead of buying Microsoft Office, you might consider downloading and installing LibreOffice.

LibreOffice is the free power-packed Open Source personal productivity suite for Windows, Macintosh and Linux computers, that give you six applications for all your document production and data processing needs: a word processor, a spreadsheet creator, a presentation creator, a vector based drawing program, an equation editor and a database creator. What is more is that it is 100% compatible with Microsoft Office files and can both read and write files that will work and display on computers with LibreOffice…

Cost: R0.00!

Instead of buying an anti-virus program like Norton AV or McAfee, download either the Avira or Avast! free versions of anti-virus software. Both Avira and Avast! are complete anti-virus and anti-spyware solutions for Windows PCs, and they not only protect you from unknown online threats, they also scan your PC to get rid of the junk that’s already there.

Avira and Avast! perform scheduled scans, and provide real-time protection against viruses coming from email, web browsing, instant messaging and peer-to-peer file sharing. Their web shields keeps suspicious websites from loading, and  I like Avast’s “sandbox” that lets you isolate programs and keep them from changing anything on your computer.

Cost R0.00!

That is a good start for now. I will post some more articles on some pretty useful “free” software later on!

Dec
02
Filed Under (Reviews & Opinions) by dw on 02-12-2010

1: There are only 200-300 hardcore spammers worldwide.

They account for the overwhelming majority of junk e-mail. This idea is a staple of mainstream media. But I’ve never encountered anyone able to source this stat—and I’ve asked. DMA head Bob Wientzen cites it often. On a recent panel discussion, he was asked where the figure came from. He replied just that week he’d “talked with the FBI.” This neither answers the question nor addresses the fact he and others have bandied the figure about for years.

My guess is the assertion had its genesis in the ROKSO list of known spam operations. These are spammers who have been booted from ISPs three times or more. Although the list doubtless includes plenty of nasty characters, ROKSO’s methodology hasn’t changed in years. Meanwhile, spammers’ techniques are increasingly sophisticated and elusive. If the figure isn’t wholly untrue, it’s certainly unproven.

2: Most spam comes from outside the U.S.

Maybe it does, maybe it doesn’t. So what? Where spam comes from is of significantly less interest than where it originates. Europeans claim most spam is American. Americans point to Asia, Eastern Europe, and Latin America. It’s reminiscent of Germans dubbing a certain malady “the French disease,” while the French called it “the English disease.” Speaking of English—as long as it’s the broadly spoken international language and the lingua franca of large, wealthy nations, rest assured English-language spam will proliferate, wherever it comes from.


3. Spam legislation can end the problem.

No, it won’t (see no. 2, above). But a federal law can help lay a foundation of rhyme, reason, and consistency. International cooperation will help even more. New technology is also essential. There really is no silver bullet.

4. The definition of spam is…

Congress hasn’t enacted federal spam legislation, in part because a definition hasn’t been reached. Anti-spam absolutists will tell you spam is e-mail from anyone unknown to the recipient (even a friend of a friend). The Direct Marketing Association (DMA) has defined spam as “only porn and scams, sent fraudulently.” (This definition makes a federal law superfluous; these are already covered by legislation.)

Spam will be defined. And redefined. The Supreme Court hasn’t been able to nail the definition of “obscenity” for the past 50 years. As Justice Stewart so infamously said, “I know it when I see it.”


5. Legitimate marketers don’t spam.

Oh, yes they do. This is true only for those whose definition of spam is the egocentric “e-mail sent by others, not by us.” Former ClickZ contributor Nick Usborne coined the term “white-collar spam” in a recent New York Times interview to describe the phenomenon.

Like Mafia capos, white-collar spammers tend to engage henchmen (list outfits, renegade affiliates) to do the dirty work. White-collar spam is why the awful new California law takes pains to indemnify advertisers, not just senders. As Sen. Murray said, “We’re going after Disney, and we’re going after Viagra [Pfizer].” Current and former “legitimate” spammers (many are DMA members) include Kraft Foods, Palm, AT&T, and countless major banks and lenders.


6. Opt-in is a sufficient spam deterrent.

No, it isn’t. Opt-in can cover marketers’ and publishers’ rear ends under state spam laws if they can produce records of opt-in date, time, and IP address. Soon, some clever attorney will think this through to the next step. Anyone who knows your address can opt you in to a single opt-in mailing list (happens to us at ClickZ all the time). Black Hat developers write bots that can opt you in again and again—ad infinitum, literally. One day, someone will prove in a court of law she couldn’t possibly have opted in on a particular date and time from a Fargo, ND, IP address. Double confirmed opt-in is the way to go.


7. Never opt out.

The public’s heard this so often, they accept it as gospel. A recent Bigfoot Interactive study found 58 percent of respondents believe unsubscribing from unwanted e-mail actually results in more unwanted e-mail. Bad as the spam problem is, sometimes good judgment and common sense can prevail. Educated (not just alarmed) consumers are less inclined to report as spammers known and trusted senders just to get off their lists.

(Ed. This is a very debatable and reckless point, and my experience – not what I have been told – tells me that using the opt-out options in most “automated spam” is a one-way trip to futility. If you report legitimate lists as spam just because you are too lazy to “opt-out”, the risk of this having an effect on the “poor” list will be minimal compared to a world-wide spam bot network getting hold of your “opt-out” details for further abuse, is higher!)

8. Microsoft is committed to helping end the spam epidemic.

Its executives are certainly committed to saying they are. These days, Bill Gates is front and center: testifying before the Senate; penning a Wall Street Journal editorial; putting millions up in bounty for spammer arrests; building a Web page for consumers; and forming an Anti-Spam Technology & Strategy Group, “fighting spam from all angles—technology, enforcement, education, legislation and industry self-regulation.”

When I meet members of that group, I always ask the same question. Every version of the Windows OS that shipped prior to XP’s release last year is configured—by default—as an open relay. Millions have been upgraded to broadband. Ergo, most PCs on planet Earth emit a siren call to spammers: “Use me! Abuse me!” Why won’t Microsoft tell its millions of registered customers how to close the open relay?

I usually get a stunned, rather slack-jawed reaction to the query, but never an answer. Yet their boss told the Senate to “capture all bad actors involved in sending unlawful spam, including those who knowingly assist in the transmission of unlawful spam.”


9. A do-not-e-mail database will stop you from getting spam.

Bovine Faecal Excrement!. Do-not-call works because relative to e-mail addresses, there are very few phone numbers (most belong to families and businesses, not to individuals). And every phone number is tied to a name and address. The average Web user has three e-mail addresses, not necessarily tied to any personal identification. These can be acquired and discarded as casually as Kleenex. Many services promote “disposable” e-mail addresses. Once shucked, there’s nothing to stop an address from being used by someone else. As the Federal Trade Commission will tell you, there’s no way this can work under present circumstances. E-mail isn’t the telephone.


10. Spam can take down the whole Internet.

No, say the experts at the Internet Engineering Task Force. But spam can take down your business or ISP. A hacker can cripple a network with an e-mail-distributed DoS attack—or a worm or virus. Servers overload or crash. Networks clog with traffic. Spam doesn’t “break” the Internet, but it can make it seem that way.

by Rebecca Lieb

Oct
14
Filed Under (Editorial, Reviews & Opinions) by dw on 14-10-2010

There’s One Born Every Minute – Or is There?

So why do people fall for these hoaxes? A lot of it goes back to the noble desire to help others. Who wouldn’t want to warn others about a disaster? And it’s so easy to send the warning to hundreds of people at one time: with just a click, you’ve saved your friends from a virus!

Another consideration is the uncertainty that people feel in dealing with computers. Look at the jdbgmgr.exe hoax, which is actually quite ingenious in its fashion. By asking users to confirm that the file is on their computer, it makes people feel like they are participating in their own computer security. Most computer users typically can’t “see” a virus, just the aftermath. This, coupled with the anxiety many people feel about their computers — these large, complicated machines that they really don’t understand — leads to a feeling of certainty when the jdbgmgr.exe file is found on their machines. “Aha!” they think, “Caught one! And there’s the proof — right in front of my eyes!”

It’s funny, but most people would never fall for such a trick in real life. Let’s say I walked up to the same people that fell for the jdbgmgr.exe trick and said, “There are terrorists in this neighborhood. If you see a man in a black hat, call the police, because he’s a terrorist!” Minutes later, a man in a black hat walks by. Would these people call the police? Probably not. They would use their common-sense, their experience of the normal everyday rhythms of life, to judge whether or not someone is a threat.

Computers, however, are the equivalent of a foreign country for many people. When someone is in a country with which they are not familiar, perhaps feeling anxiety because they don’t understand the language (“nth-complexity infinite binary loop”, anyone?), they are more likely to grab onto signposts that will help them. In such a situation, they might be far more likely to fall for my false warning about terrorists.

And if the warning came not from a stranger, but from a friend or acquaintance, as happened when jdbgmgr.exe warnings arrived in email inboxes, then the likelihood of falling victim to a hoax skyrockets. After all, in a foreign country, isn’t the sight of a fellow countryperson always welcome?

Another reason people fall for hoaxes is because they know that anti-virus programs, unfortunately, do not always work. Many viruses spread so quickly that they overwhelm users before anti-virus vendors can update their software. The “Melissa” and “I love you” viruses are good examples of this phenomena. So when users “see” — or think they see, a la jdbgmgr.exe — evidence of the “virus” on their computers, but their anti-virus software says there is no virus, many users are going to believe their eyes and not their software.

Even worse, many users pay no attention to the neccessity of updating their anti-virus software. I have seen office computers with anti-virus databases that are years out of date. When I ask these users why they haven’t updated their software, they typically respond with a blank stare and a plaintive but accurate excuse: “I didn’t know I needed to do that.”

Not Just Harmless Fun – The Real Dangers of Hoaxes

Virus hoaxes are not real viruses, by definition, but that doesn’t mean they don’t have negative effects. In fact, virus hoaxes can be quite damaging in a number of different ways.

First, it is quite possible that a hoax may end up damaging your computer. The email itself won’t have caused the damage. Instead, the email will have convinced you to damage your own computer, as my story about the the jdbgmgr.exe email demonstrates. The folks  responding to the hoax were ready to remove files from their computer that they in fact did not need to remove. They were fortunate that they really didn’t need the file in question, but what about next time? What if the hoax author had more malicious intentions and had instructed gullible recipients to remove a key system file or directory?

Second, a virus hoax results in a waste of resources. The victim wastes valuable time dealing with garbage, and time, after all, is money. People sending the message to friends, family, and colleagues waste bandwidth on the Internet and mail servers. Since these emails usually arrive chock-full of email addresses in the “To” and “CC” fields, spammers treat such warnings as a free gift full of new, valid email addresses they can exploit, further compounding the problem of wasted resources. So remember: if you forward that virus warning, you’ve just multiplied all of the losses above to include everyone else in your address book.

A virus hoax can damage your reputation, or at least make you the butt of jokes. When I receive an email from an acquaintance warning me about jdbgmgr.exe and its dangers, I just shake my head and think “Newbie!” … before I help them. If you forward that email along to 100 folks thinking you’ve done your duty, you’re going to feel pretty sheepish having to send another email letting them know you just made a foolish mistake — and a mistake that could have been prevented with just a little bit of checking on your part first.

Finally, virus hoaxes can have a corrosive effect on security. How? Consider the story of the boy who cried wolf. Similarly, virus hoaxes can undermine the attention that end users pay to rigorous security measures. As a result, users may fall into lax security habits, underestimating the dangers of real viruses because of the frequency of false alarms represented by hoaxes.

By Scott Granneman of Symantec

by Erik Larkin

whoownsl You’ve cleared away most of the web of myth. You know that today’s evil viruses and other malware exist to make money, that antivirus alone is no guarantee of safety, and that neither is your own good sense (as important as that is). And you know that some of the best protection comes from keeping your software and your operating system up-to-date.

Now it’s time to make sure you don’t fall for the final and potentially worst myth: That the crooks own the Internet, and that the only good option is to use it as little as possible. Denying yourself the cornucopia of benefits the Internet can bring out of fear of its dark side.

Yes, you can get nailed. But that shouldn’t stop you from venturing online, any more than the potential for getting the flu should prevent you from ever leaving your house. If you know the risks and prepare for them adequately, you can weight the odds heavily in your favor and confidently enjoy what the Web has to offer.

You can’t ever eliminate all risk, no more than you can guarantee complete safety in the real world. But with these simple steps you can give yourself very good odds.

  1. Know the score. Know that the crooks are out for money, and that they can make money stealing anything from files to credit card numbers to Webmail passwords.
  2. To combat drive-by-downloads and other attacks that take advantage of hidden software flaws, keep your software up-to-date. Use Automatic updates wherever possible, and for finding and patching the rest I’m a big fan of the free Secunia PSI.
  3. To guard against con jobs (aka social engineering), double-check any e-mail attachment or download you’re not 100 percent sure about. Heck, even double-check those. Virustotal.com offers a terrific free service that will scan any file you send (up to 10MB in size) with 37 different antivirus engines. There’s still the potential for a very carefully crafted targeted attack to slip by all those engines, but the odds on that – and on your being the target of such a labor-intensive attack – are pretty slim.
  4. Protect your passwords. If you have to type one on a risky PC – especially at an Internet cafe or other public PC – change it as soon as you get home. That goes for Webmail, online games, and pretty much anything else – crooks can and will abuse any of them for profit.
  5. Use a good antivirus product. Their ability to detect and block malware varies greatly, so make sure yours is in the top tier for detection results. Check reviews from PC World and other sites and publications to make sure you’re well covered.

You don’t have to be a tech guru to cover any of these steps, and none of them will take much time either. But following them will go a long way towards denying the crooks without denying yourself.

by Erik Larkin

pjlighthouse-security-tip-trick-vulnerability-seo It’s a beloved phrase, used by the wise and the lazy alike in response to everything from potential construction to technical work: “If it ain’t broke, don’t fix it.”

I hear it plenty from people who’ve been bitten in the past after applying a recommended patch for a piece of software, only to see that software break or suddenly conflict with something else on the PC. After that kind of a hair-tearing experience, it’s a natural reaction to not want to mess with a setup that’s working and seemingly stable.

But there’s just one problem. These days, a recommended patch is often, even usually, meant to close a security hole. Going without it can mean leaving the door open to a drive-by-download (see Myth #3) – and a system vulnerable to a drive-by is very, very broken.

You can take care of many risks by enabling built-in automatic update features for things like Firefox and Windows (I prefer to have Windows download updates, but not install them until I say so, on the off chance that an update does something odd). But some of the biggest risks come from things like old ActiveX controls that don’t update, and often don’t give any indication that they’re sitting there putting a big bulls-eye on your PC.

To catch those little buggers, I always recommend a great free tool from Secunia. The company’s free Personal Software Inspector can scan your system, notify you about insecure old software, and usually offer a patch download link or other fix right within the program. You can nab it from the PCWorld download site.

Secunia PSI will run all the time by default and keep track of your software installs and removals, but if you’re a gamer or anyone else eager to conserve every drop of system resources you can allow it to run at system startup, let it run a scan, and close it after resolving any issues it finds. That’s my usual approach to using the software.

Myth #4: dead and buried, and good riddance to it. On to the fifth, and final, dangerous fable.