Thursday, February 28, 2008

Websense recognizes 22by7's expertise

Websense Awards Indian Partners at February Channel Meets
By : ChannelsTech2.0 Staff | Feb 27,2008
Websense Inc, from mid-February this year rolled out channel meets and roadshows in Chennai, Delhi, Mumbai and Bangalore, one after the other to lay off the roadmap of the company post acquisition of SurfControl. The security solutions provider also awarded good performing partners at these gatherings.

The list partners who bagged the awards in Northern India are- Best Sales Manager, Vishal Bhadani, Wipro Infotech, Best Pre-Sales Consultant, Harsh Bhasin, Taarak India, Best Pre-Sales Consultant, Sukhpal Singh Sandhu, ACPL Systems, Best Marketing Support, Select Technologies, Best Partner, Wipro Infotech and Futuresoft Solutions, Special Recognition Award, Rohit Sobti, Select Technologies, and the Best Emerging Partner, ACPL Systems.

All categories of The Best Sales Manager, Best Pre-Sales Consultant, Best Marketing Support and Best Partner in Western India went to MIEL e-Security. The Chennai and Hyderabad winners include- Best Sales Manager, Rupa Parekh, Wipro Infotech, Best Pre-Sales Consultant, Prasad Raghuram, Wipro Infotech, Best Pre-Sales Consultant, Srikkantan Venkatesh, Digital Track Solutions, Best Marketing Support, Veeras Infotek, Best Partner, Wipro Infotech, Best Emerging Partner, Raksha Technologies, Special Recognition Award, Secure Network Solutions India.

The southern India winners include Best Sales Manager, Ashutosh, Gemini Communication, Best Pre-Sales Consultant, Jeevan Shetty, Wipro Infotech, Best Pre-Sales Consultant, Vinay, 22by7 Solutions, Best Partner, Wipro Infotech and Kinfotech, Special Recognition Award, Avanti Shirur, Select Technologies.

There were National awards also handed over to partners that included Best National Sales Manager, Vikramjeet Bhatti, MIEL e-Security, Best Pre-Sales Consultant, Srikanth N V, Select Technologies, Best Pre-Sales Consultant, Sajith Rahman, Inflow Technologies, Best Marketing support, Najeeba, Inflow Technologies, Special Recognition Award, Ajit Zanjad, MIEL e-Security, Best Partner, MIEL e-Security, Best Partner, Softcell Technologies, Valued Distributor, Select Technologies, Inflow Technologies and Foresight Software Solutions.
Source:

Sunday, February 17, 2008




India's web security levels vulnerable
17 Feb 2008, 1321 hrs IST,PTI

NEW DELHI: India, where internet penetration is increasing fast, is also the most vulnerable to spammers and virus attacks, a study has said.

"Virus activity increased across a number of countries in January, including India, which takes the number one spot with 1 in 30.5 emails," a study conducted by a web security services firm MessageLabs said.

Apart from virus attacks, spams are now proving to be the most disruptive element in the e-mail traffic. The study conducted in January this year found the global ratio of spam mail was 73.4 per cent, which means one in every 1.36 email was affected.

Interestingly, virus attack on the western countries are far less than on India, the leading provider of integrated messaging and web security services said in the study.

In New Zealand, web security levels were pretty good as one out of 768 mails had Virus, while for Australia, it was one for every 298.7 mails. In the US, one in every 191.5 email had a virus while the same in Canada was found in every 158.4 e-mails.

Among other Asian countries, Japan was at the lower end of the table, where one in every 273.7 mails had virus in them. However, China was better placed than India as one virus attack was reported for every 92.7 mails there.

Virus levels for nearly all industry sectors increased in January. In the finance sector, virus level was low in comparison with other segments where one in every 177.9 mails was affected while for the IT services sector, the figure was 143 and in retail 1 in every 125.6 emails received had a virus.

The global ratio of email-borne viruses in e-mail traffic was one in 131.4 emails.

Source: Times of India

Friday, February 15, 2008

What does a wan accelerator appliance do?

There are several things this sort of appliance can accomplish. In a nut shell, the appliance can; enforce quality of service rules, compress data, compress IP headers, accelerate TCP, accelerate CIFS (Common Internet File System), mitigate lost packets with forward error correction and cache repeated data patterns at the byte level.

At a higher level, this sort of new product can enable server consolidation to a central site. This is accomplished by providing lower latency and higher throughput where some applications wouldn't otherwise be usable across a LAN.

Consider this article from Silver Peak Systems


The Emergence of Local Instance Networking (LIN)

By Craig Stouffer

As enterprises grow in size and enterprise applications become more critical to business operations, CIOs are faced with a design dilemma: should branch office infrastructure be centralized or distributed?

In a distributed implementation, e-mail servers, file servers and databases are placed locally within each branch location. While this typically provides the best possible performance to end users, it results in server sprawl,which can be costly to implement and creates a variety of management, security and compliance challenges.

The alternative is to consolidate server infrastructure into a select number of data centers, which enables all maintenance, troubleshooting, security policy enforcement, backups and auditing to be performed centrally. While this solves most of the challenges associated with server sprawl, it does not address one of the most important ones' performance. Most applications simply do not perform well over a wide area network (WAN) due to bandwidth and latency constraints.

Given the compelling arguments for server centralization, various solutions have emerged to try and improve application performance over enterprise WANs. WAN optimization products leverage compression and Quality of Service (QoS) techniques to maximize bandwidth utilization and prioritize enterprise traffic; application acceleration products employ application-specific caching and latency mitigation tools to improve performance on an application-by-application basis. While both generations of products have benefits, neither addresses the full set of challenges facing enterprise IT staff from cost and performance to security and management.

A breakthrough approach is required to solve existing performance and scale limitations, while preserving application transparency. This is accomplished with Local Instance Networking,the first technology that provides all of the benefits of a centralized approach, without compromising performance. LIN is the first network technology to improve application delivery while settling the centralized vs. distributed debate.

1ST Generation: WAN Optimization WAN optimization products are most often deployed as bandwidth band-aids, providing short-term benefits on congested WAN links where it is infeasible or too expensive to buy additional bandwidth. Although each vendor has their own proprietary implementations, WAN optimization solutions rely on two underlying technologies: compression and Quality of Service (QoS).

Compression Compression is used to reduce the bandwidth consumed by traffic traversing the WAN.

The gains realized by compression techniques vary depending on the mix of traffic traversing the WAN. Text and spreadsheets, for example, are easy to compress, so they typically yield 25x performance gains. On the other hand, pre-compressed content, like zip files, cannot be compressed much further. On average, most enterprises deploying compression technology will see around a 50 percent improvement in WAN utilization, which is the equivalent of doubling the effective WAN bandwidth. This is often not enough performance improvement to justify the additional hardware expenditure and operation costs.

QoS In an effort to maximize WAN utilization, most enterprises will oversubscribe their network. When demand exceeds the capacity of a WAN link and all traffic is contending for the same limited resource, less important traffic (such as Web browsing) may take bandwidth away from business-critical applications. To prevent this, most 1st generation WAN optimization solutions implement Quality of Service techniques to classify and prioritize traffic based on applications, users and other criteria.

By using a combination of compression and QoS techniques, 1st generation WAN optimization products enable enterprises to get more out of their congested WAN links. In some instances, this saves money by delaying the purchase of additional bandwidth. However, this is often a short-term gain. It also does not address latency issues across the WAN, which has a significant impact on application performance.

It is important to note, however, that while compression and QoS are not sufficient on their own for enterprise-wide application delivery, they are essential components of newer, more comprehensive application acceleration solutions, such as Local Instance Networking.

2nd Generation: Application Acceleration A second generation of products emerged to address some of the shortcomings of WAN optimization solutions. These application acceleration solutions can provide significant improvements by optimizing the performance of specific applications. However, the tradeoff is ease of use, manageability and long-term interoperability. There are two broad techniques used for application acceleration: application proxies/caches and latency compensation.

Application Proxies and Caches Application proxies are used to locally simulate an application server, enabling specific content to be delivered locally with LAN-like performance. One example of a proxy-type device is the Web cache, which stores local copies of requested Web pages so that subsequent requests for the same URL could be serviced from the local appliance disk rather than from the remote Web server. This technique provides a reasonable boost for static content. However, it does not work well for dynamic content or applications that require up-to-date information. Unfortunately, as most enterprise applications have been Webified, and Web content is expected to be very dynamic in nature, Web caches have reached a roadblock in terms of overall effectiveness.

More recently, similar proxy approaches have been extended to file services. Wide Area File Services (WAFS) emerged as a way of implementing proxy file servers in distributed offices. By configuring clients to point to a WAFS share, the proxy file server can make remote content appear local. These devices terminate CIFS sessions, and then examine requests to see if the requested filename can be delivered locally. To achieve this, WAFS servers must replicate file locking semantics.

Although WAFS offers a number of specialized features, like the ability to authenticate users and read and write files even when the data center is unreachable (e.g., due to a network event), they create an enormous management burden. The branch office, in effect, is supporting a full blown file server. This requires user and password updates and can lead to coherency issues when multiple versions of the same file exist in the network at the same time. In addition, they must be constantly updated to support the latest changes to file system protocols. As a result, rather than simplifying the branch office, these approaches can actually make things more complicated by introducing another vendors implementation of a file system.

If performance gains are to be achieved across all applications, WAFS and Web caches have to be implemented in conjunction with other application-specific acceleration tools. In addition to being cost prohibitive, this is not scalable, as the applications themselves frequently undergo changes that require significant modification to those products that are used to accelerate them. This dynamic has already been witnessed in the e-mail space, where a variety of MS Exchange acceleration products were rendered obsolete when Microsoft moved from Exchange 2000 to Exchange/Outlook 2003.

Latency Compensation An alternative approach to application acceleration is to reduce the amount of latency created by underlying protocols, like TCP. Latency results when chatty protocols communicate frequently with a server and are required to stop and wait for a response before the next step can proceed. The more steps, the longer the end users perceived response time.

While these latency mitigation techniques are transparent at the application level, they still require termination and re-injection of TCP streams. Theoretically, this should not be an issue. However, in practice, this can be problematic because routing is often asymmetric packets can take different inbound and outbound paths when communicating between different locations.

Fortunately, some of the latency compensation techniques that operate at the protocol level can provide non-intrusive benefits. These are leveraged by 3rd generation approaches to application delivery.

3rd Generation: Local Instance Networking In addition to accelerating application performance, Local Instance Networking addresses server sprawl by providing a viable mechanism for centralizing branch office infrastructure while localizing information delivery.

Local Instance Networking inspects all WAN traffic and stores a local instance of information in an application independent data store at each enterprise location. The local instance is transparently populated based on day-to-day usage, containing a subset of the enterprises working data set that is most relevant to each location. Each piece of information is stored only once per location, enabling an appropriately sized LIN appliance to hold weeks worth of data.

Local Instance Networking appliances examine outbound packets to see if a match exists in the local instance at the destination location. If a match exists, then the repetitive information is not sent across the WAN and instructions are sent to deliver the data locally. If the data has been modified, only the delta is transmitted across the WAN, maximizing bandwidth utilization and application performance.

In a LIN implementation, all authentication, authorization, file and record locking is performed centrally by the native applications. This ensures 100 percent application coherency and future compatibility with new version of applications. By working at the network (or packet) level, a Local Instance Network transparently supports all enterprise applications and transport methods, allowing for exceptionally simple deployments that provide immediate improvements to a wide variety of enterprise applications.

LIN appliances deliver the performance of distributed servers, without the cost and complexity. By operating at the network layer, they are completely transparent to all transport protocol (e.g., TCP, UDP, etc.), and provide significant benefits to all enterprise applications. By localizing information, yet centralizing management and control of branch office infrastructure, Local Instance Networking puts an end to server sprawl and the management, security, cost and compliance headaches that accompany it.

Source : http://www.bandwidth.com/wiki/article/What_does_a_wan_accelerator_appliance_do%3F

Thursday, February 14, 2008

Unmonitored Surfing is not Safe!!!

Websense reveals findings of `State of Security’ survey

India Infoline News Service / Mumbai Feb 12, 2008 15:19

The survey findings highlight that a majority of employees today spend a significant time on the Internet when at work. However, the majority of these employees are not aware of and hence not worried about the security threats arising from the Internet

Websense, Inc. a global leader in Web security and content protection announced the findings of the SOS ‘State of Security’ survey conducted in India. The survey commissioned by Websense and undertaken by The Nielsen Company, India, assesses the impact of the Internet at work and gauges awareness of Internet security risks among employees.

The study of employees working in 450 organisations across Delhi, Bangalore, Chennai, Mumbai and Hyderabad, surveyed employees with Internet access at work in large businesses and small and medium enterprises.

“The survey findings highlight that a majority of employees today spend a significant time on the Internet when at work. However, the majority of these employees are not aware of and hence not worried about the security threats arising from the Internet,” said Surendra Singh, Regional Director, SAARC, Websense Inc.

Key findings of 2007 State of Security India, employees survey:

1.Unsafe IT behaviour leads to unintentional loss of confidential information:

63% of respondents from Delhi use their personal email ID for work purposes against the average of 36%. Delhi and Bangalore also have the highest proportion of respondents (32%) who send work documents to personal e-mail accounts versus the average of 23%. Given the nature of data that BFSI deals with, 42% of employees in this vertical use personal e-mail for work-related activities. In Bangalore, an average of 17% of respondents admitted to clicking on links in e-mail sent from unknown sources and 22% on pop-up ads highlighting a significant section of Internet users who are ignorant of online threats.

2.Leaking information a job threat:

57% employees feel leaking sensitive company information or infecting their company with malicious spyware or viruses (38%) puts them at greater risk of losing their job than not adhering to their organisation’s Internet policy (20%). Almost one-third employees (31%) believe they will lose their job on viewing adult content at the workplace and 22% said they would lose their job if found downloading unauthorised software.

3.Employees surfing behaviour:

64% of respondents admitted they are bit fearful of the security dangers of the Web and hence surf only safe Web sites. However, 39% of all respondents agreed that they download movies, music, software etc. while at work. Significantly, 30% said they surf aimlessly with no particular destination in mind and about the same proportion of respondents said they surf without bothering about online security.

4.Internet — A critical work enabler:

All employees surveyed spend an average of 4.25 hrs per day on the Internet. Employees spend 45% of their time (3.5 hours) per day surfing work-related Web sites, the highest being in Chennai, 50% (4.25 hours) and Hyderabad, 65% (5.5 hours). The average time spent on non work-related Web sites is 5 hours per week. Enterprises incur a productivity loss of approximately Rs. 160,000 per employee per annum due to non work-related surfing.

5.Organisation’s Internet security:

Almost 70% of employees in India appeared confident of their IT department’s capabilities to protect them against every Internet security threat.

6.Web is biggest source of infection:

52% of all employees surveyed believe that the Web is a key source of infection followed by e-mail (39%) and instant messaging (4%). In similar findings, IT managers also believe the Web (48%) to be a key source of network infection followed by e-mail (46%).

7.Data leakage:

35% of employees feel most worried about losing both personal as well as work-related information. However, 28% of employees do not feel worried at all about any personal or private information being stolen or accessed from their work PC.

Source :

http://indiainfoline.com/news/innernews.asp?storyId=58837&lmn=1

Thumbs down for Thumbdrives!

Thumb Drives Replace Malware As Top Security Concern, Study Finds

A survey of IT managers showed that while more than half use a USB flash drive on a daily basis, many still view portable storage devices as a huge security threat.

A worker calls up a sensitive investor list and downloads it on her thumb drive, slips it into her pocket, and walks out, smiling and waving to her boss and the security officer stationed at the front door.

This is just one of the scenarios that security professionals and IT managers are increasingly worried about. According to one recent study, IT managers said portable storage devices, such as thumb drives and MP3 players, have surpassed even malware to become a top concern.

The study, which polled 370 IT professionals, showed that 38.4% of IT managers say portable storage devices are their top security concern. That's up from 25.7% in 2006.

"It is very easy to download information to them quickly," said Bill Piwonka, VP of product management for Centennial Software, which conducted the survey at this spring's InfoSec security conference in London. "If there isn't a defined acceptable use policy or controls to prevent the download and transfer of sensitive data, managers do not know if and how such data is leaving the building. Also, USB sticks are frequently lost. If sensitive data isn't encrypted on these devices, it would obviously be very easy to obtain."

To make matters worse, 80% of respondents admitted that their organizations don't currently have effective measures in place to combat the unauthorized use of portable devices. And 43.2% cited no control at all. Only 8.6% have a total ban on portable devices.

Piwonka said in an interview that that danger with portable storage devices lies in not knowing what files have been maliciously or even unintentionally downloaded to them, and how that data is being used. And if it has been lost, who has the information?

A worker easily could download corporate information -- sales figures, customer lists, marketing plans -- onto a small storage device, slip it into their bag or even a pocket, and just walk out the door with it. It makes stealing information much easier since it's not a matter of printing anything out or even walking out of the office with a laptop slung over a shoulder.

While IT managers fear what users might do with a portable storage device, they also really like them for themselves.

The study showed that 65% of IT managers use a USB flash drive on a daily basis.

"Portable devices do have a function in the workplace," said Piwonka. "They are an easy way to share, transfer, and store information. Managers need to create an acceptable use policy and share it with their employees to further control the handling of sensitive data."

By Sharon Gaudin, InformationWeek

URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=199300021

Wednesday, February 13, 2008

What is CAS?

Storage managers are quickly realizing that not all corporate data is alike and different data must be handled in ways that benefit the business. While storage arrays are often employed for fluid or transaction-based corporate data, they generally fall short with long-term or archival storage tasks. Content-addressed storage (CAS) is one emerging disk-based storage technology that promises to improve the storage of long-term fixed content by lowering storage costs, ensuring file authenticity and reducing storage requirements.

CAS systems are designed to store fixed data that rarely, if ever, changes and is only called for infrequently. For example, a corporate Oracle database must be continuously accessible from high-performance Fibre Channel storage. Yet, a vast amount of business data, like patient medical images or legal documents, is only needed occasionally. Consequently, CAS platforms can offer lower storage costs using inexpensive high-density SATA or SAS hard disks -- similar to other second-tier storage solutions.

"CAS is really used as a lower cost tier of storage typically used as an online digital archive," says Tony Asaro, senior analyst at the Enterprise Strategy Group. "Customers put files, e-mail and even database data on CAS as a large repository."

Increasing regulatory demands and litigation are also prompting corporations to examine their data integrity. Today, it's not enough to simply store data. Storage managers must implement strategies to ensure that files can be located promptly by auditors and legal staff on demand, and prove, often in a courtroom, that e-mails, documents and other types of data have not been changed or tampered with. CAS ensures data integrity, because in CAS systems data exists as annotated "objects" that cannot be duplicated or modified.

Still, CAS has its downsides. CAS platforms are yet another addition to the storage infrastructure that must be managed and maintained. CAS is not an appropriate solution for high-performance transactional storage tasks -- it's strictly a secondary storage system. Software is also a vital component of CAS operation and management, so it's important to consider the overall quality of hardware, software and network integration prior to any CAS acquisition. The following article outlines the essential ideas of CAS, offers vendor and user insights into existing products, and examines potential future directions of the technology.

more : Link

Top security breaches - 2007

Every year gets its share of major, jaw-dropping security blunders. This is a retrospective for the 21st century so far, with special attention on 2007.

The UK privacy breach: An employee of Her Majesty’s Revenue and Customs Office mailed two CDs containing confidential data on about 25 million UK citizens, including names, addresses, insurance account numbers, and bank account details for claimants in the national child benefit database. These CDs never made it to their destination. Just in case you think someone having your bank account number is no big deal, you should read about what happened to Top Gear TV series host Jeremy Clarkson when he published his account information in a newspaper to “prove” that having someone’s bank account will do nothing for a malicious party. At least Clarkson owned up to the mistake and started advocating disincentives for such poor security practice. I particularly like when he said “we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy.”

Embassies confuse anonymity with security: Swedish security consultant Dan Egerstad showed that people all over the world, most notably certain embassies, tend to assume that using the Tor anonymizing network means they’re secure. Somehow, they’ve missed the importance of encryption to protect their data. One must wonder why governments are so bad at security. By the way, the Swedish equivalents to the FBI and CIA raided Egerstad’s apartment for undisclosed reasons, accused him of several crimes, then released him without charges.

The iPhone runs everything as root: As Wired put it, IPhone’s Security Rivals Windows 95. This is very bad — and, of course, the root password for the iPhone was cracked in just three days. It had to happen eventually. To be fair, Windows Mobile devices all run everything as the administrative user as well, but this is not exactly unexpected (so it’s less notable). Credit to the fine folks at Metasploit for figuring it out, and figuring out how to make use of that fact.

Sears installs spyware on customer computers: The depth and breadth of harvested data is truly frightening, and you just have to read it to believe it. Do not join the “My SHC Community”. Worse yet, if you follow the update link at the beginning of the article, you’ll find out that Sears (KMart is involved, too) is playing some pretty sketchy games with privacy policy presentation, based on whether the spyware is installed on your system. Considering this example, that’s probably reason enough to avoid ever getting mixed up in any online Sears community, but that’s not all. . . .

Your Sears buying habits may be public knowledge: In short, by joining the Sears “Manage My Home” community, you can search through the Sears purchase history of anyone whose name and address you know. Not only should you avoid joining online Sears communities but, it seems, you should avoid shopping there as well. Apparently, major corporations are as bad as government agencies when it comes to security — especially Sears.


Link: http://blogs.techrepublic.com.com/security/?p=389&tag=rbxccnbtr1

Tuesday, February 12, 2008

What is Data Deduplication?

Data deduplication (often called "intelligent compression" or "single-instance storage") is a method of reducing storage needs by eliminating redundant data. Only one unique instance of the data is actually retained on storage media, such as disk or tape. Redundant data is replaced with a pointer to the unique data copy. For example, a typical email system might contain 100 instances of the same one megabyte (MB) file attachment. If the email platform is backed up or archived, all 100 instances are saved, requiring 100 MB storage space. With data deduplication, only one instance of the attachment is actually stored; each subsequent instance is just referenced back to the one saved copy. In this example, a 100 MB storage demand could be reduced to only one MB.

Data deduplication offers other benefits. Lower storage space requirements will save money on disk expenditures. The more efficient use of disk space also allows for longer disk retention periods, which provides better recovery time objectives (RTO) for a longer time and reduces the need for tape backups. Data deduplication also reduces the data that must be sent across a WAN for remote backups, replication, and disaster recovery.

Data deduplication can generally operate at the file, block, and even the bit level. File deduplication eliminates duplicate files (as in the example above), but this is not a very efficient means of deduplication. Block and bit deduplication looks within a file and saves unique iterations of each block or bit. Each chunk of data is processed using a hash algorithm such as MD5 or SHA-1. This process generates a unique number for each piece which is then stored in an index. If a file is updated, only the changed data is saved. That is, if only a few bytes of a document or presentation are changed, only the changed blocks or bytes are saved, the changes don't constitute an entirely new file. This behavior makes block and bit deduplication far more efficient. However, block and bit deduplication take more processing power and uses a much larger index to track the individual pieces.

Hash collisions are a potential problem with deduplication. When a piece of data receives a hash number, that number is then compared with the index of other existing hash numbers. If that hash number is already in the index, the piece of data is considered a duplicate and does not need to be stored again. Otherwise the new hash number is added to the index and the new data is stored. In rare cases, the hash algorithm may produce the same hash number for two different chunks of data. When a hash collision occurs, the system won't store the new data because it sees that its hash number already exists in the index.. This is called a false positive, and can result in data loss. Some vendors combine hash algorithms to reduce the possibility of a hash collision. Some vendors are also examining metadata to identify data and prevent collisions.

In actual practice, data deduplication is often used in conjunction with other forms of data reduction such as conventional compression and delta differencing. Taken together, these three techniques can be very effective at optimizing the use of storage space.

-- by Stephen J. Bigelow

Link

Monday, February 11, 2008

Beware of RealPlayer

RealPlayer Installs Badware

According to StopBadware.org, the latest version of RealPlayer is tricking the users installing, once with it, the Rhapsody Player Engine required to access RealNetwork's online music service. The problem appears when Rhapsody Player Engine can’t be removed, even if you uninstall the RealPlayer.
[adsense]In a report, Maxim Weinstein, StopBadware's manager, stated that users are not aware of this installation and the computer's hard-drive space or processing power are used, or, a security risk is present due to the possible bugs from Rhapsody.

Badware has become synonym with RealPlayer 11 and the older RealPlayer 10.5 software.

When downloading Real Player 10.5, users, if not completing the RealNetworks product registration page, receive Message Center, a way to get ads or, as Weinstein said, "a piece of adware".

Ryan Luckin, RealNetworks spokesman, confirmed it, but added that a check box announces the users about the installation of Message Center.

The problem was solved in the RealPlayer 11 case, but the 10.5 version is downloaded via the Firefox browser's "Missing Plug-in" feature.

StopBadware advises the customers to avoid downloading this player, especially after Luckin declared it "an oversight".

Many users regarded RealPlayer as a substitute for QuickTime and Microsoft's Windows Media Player. But, in 1999, the computer security consultant Richard Smith, noticed that the RealNetworks servers obtained information through the Message Center software.

Though RealPlayer also runs on Mac OS X and Linux, StopBadware, it is working only for the Windows versions of RealPlayer's software.

In order to protect the costumers, Google, Lenovo, and Sun Microsystems sustains StopBadware with funding.

Weinstein advised Real Networks to solve not only the RealPlayer 10.5's Message Center problem because "It's hard to say that one is worse".


Source: http://www.bestsecuritytips.com/news+print.storyid+480.htm

Security Departments Are Wasting Their Time

 
About a third of current security practices are useless, according to ICSA chief scientist and Verizon exec

FEBRUARY 6, 2008 | By Tim Wilson Site Editor, Dark Reading

WASHINGTON -- Computer Forensics Show 2008 -- Peter Tippett thinks it's time for security professionals to wake up and stop wasting their energy.

In a presentation here yesterday, Tippett -- who is vice president of risk intelligence for Verizon Business, chief scientist at ICSA Labs, and the inventor of the program that became Norton AntiVirus -- said that about one third of today's security practices are based on outmoded or outdated concepts that don't apply to today's computing environments.

"A large part of what we [security pros] do for our companies is based on a sort of flat-earth thinking," Tippett said. "We need to start looking at the earth as round."

For example, today's security industry focuses way too much time on vulnerability research, testing, and patching, Tippett suggested. "Only 3 percent of the vulnerabilities that are discovered are ever exploited," he said. "Yet there is huge amount of attention given to vulnerability disclosure, patch management, and so forth."

Tippett compared vulnerability research with automobile safety research. "If I sat up in a window of a building, I might find that I could shoot an arrow through the sunroof of a Ford and kill the driver," he said. "It isn't very likely, but it's possible.

"If I disclose that vulnerability, shouldn't the automaker put in some sort of arrow deflection device to patch the problem? And then other researchers may find similar vulnerabilities in other makes and models," Tippett continued. "And because it's potentially fatal to the driver, I rate it as 'critical.' There's a lot of attention and effort there, but it isn't really helping auto safety very much."

Similarly, many security strategies are built around the concept of defending a single computer, rather than a community of computers, Tippett observed. "Long passwords are a classic example," he said. "If you take a single computer and make the password longer and more complex, it will be harder to guess, and that makes that computer safer."

But if a hacker breaks into the password files of a corporation with 10,000 machines, he only needs to guess one password to penetrate the network, Tippett notes. "In that case, the long passwords might mean that he can only crack 2,000 of the passwords instead of 5,000," he said. "But what did you really gain by implementing them? He only needed one."

Tippett also suggested that many security pros waste time trying to buy or invent defenses that are 100 percent secure. "If a product can be cracked, it's sometimes thrown out and considered useless," he observed. "But automobile seatbelts only prevent fatalities about 50 percent of the time. Are they worthless? Security products don't have to be perfect to be helpful in your defense."

This concept also applies to security processes, Tippett said. "There's a notion out there that if I do certain processes flawlessly, such as vulnerability patching or updating my antivirus software, that my organization will be more secure. But studies have shown that there isn't necessarily a direct correlation between doing these processes well and the frequency or infrequency of security incidents.

"You can't always improve the security of something by doing it better," Tippett said. "If we made seatbelts out of titanium instead of nylon, they'd be a lot stronger. But there's no evidence to suggest that they'd really help improve passenger safety."

Security teams need to rethink the way they spend their time, focusing on efforts that could potentially pay higher security dividends, Tippett suggested. "For example, only 8 percent of companies have enabled their routers to do 'default deny' on inbound traffic," he said. "Even fewer do it on outbound traffic. That's an example of a simple effort that could pay high dividends if more companies took the time to do it."

Security awareness programs also offer a high rate of return, Tippett said. "Employee training sometimes gets a bad rap because it doesn't alter the behavior of every employee who takes it," he said. "But if I can reduce the number of security incidents by 30 percent through a $10,000 security awareness program, doesn't that make more sense than spending $1 million on an antivirus upgrade that only reduces incidents by 2 percent?"








Powered by Qumana


Friday, February 8, 2008

Social Network Security Hazards

Employees often let their guards down on LinkedIn or MySpace.
Here’s how to solve social-networking security threats through policy.
Emily Post’s "Etiquette" made her an authority on proper home, business and political behavior nearly a century ago.
Unfortunately, Post was decades too early to write about norms for social-networking sites like MySpace, Facebook and LinkedIn.
It’s too bad — she would probably supply good advice on what information users should share about themselves and their work online.
The definition of professional behavior on social networks remains wide open.
People will always use them to socialize as well as do business, hopefully with common sense as their guide.
However, two aspects of social-network use do need to be addressed: technical security and user security.
At a technical and functional level, social-networking services don’t do much that’s new — they just enable users to connect with others more quickly and less formally than by email (which itself was once hailed as the latest in speed and informality).
As with other electronic communications, social networks tend to allow users to send file attachments (especially photos) and use peer-to-peer programs for chats and phone calls, but these tools’ properties are well-understood and system administrators can filter them or even block certain URLs if necessary.
From a user-security standpoint, the major problem with social networks is also their strength:
They encourage open interaction among users who may know each other but who could also be very loosely connected.
Under the umbrella of LinkedIn or MySpace, though, the barriers people normally maintain against interacting with near-strangers may be lowered.
Excessive blabbing on social sites can generate unwanted gossip about your company and its plans, while unscrupulous competitors can social-engineer employees into revealing intellectual property.
Your employees’ mere presence on social networks also sends a signal: job titles, experience, friends and family, and contact information can all be combined to where competitors can draw reasonably accurate org charts of your company and its suppliers, partners and clients.

Ways to Handle Risk
Realizing that perceived security gaps could lead individuals and companies to shun their sites, big names like Facebook and LinkedIn allow you to adjust how much information about you — posts,photos, online status and other factors — others may access.
Facebook’s privacy site describes several such controls. Users can reduce what appears in their profile and what information about their online activities is public, such as their use of specific Facebook applications.
Users can also block specific Facebookers from seeing more than a limited profile, or from finding you via search.
Facebook also limits the ability of search-site Web crawlers to harvest user information, saying in its privacy policy, “Facebook limits access to site information by third party search engine ‘crawlers’ (e.g. Google, Yahoo, MSN, Ask). Facebook takes action to block access
by these engines to personal information beyond your name, profile picture, and limited aggregated data about your profile (e.g. number of wall postings).”
LinkedIn is the most business-y social network, and its users seem generally aware of the need to behave professionally. The site provides a wide range of tools for customizing others’ views of you,
such as the ability to change whether people you’re connected to can see just those you both have connections with, or your entire connections list.
Another feature that keeps your cards closer to the vest is the ability to choose whether others can see that you’ve viewed their profile. You can set this feature so that no one knows, so that only your name and headline show, or so that only anonymous profile characteristics such as your title and industry appear.
These types of features increase social networks’ corporate usability.
However, at the end of the day, specific company policies that limit what employees may share online might create the biggest payoffs, like resistance to social engineering, preservation of the company’s and employees’ reputations, and preservation of trade secrets and internal company structure.

Top 5 Identity Theft Prevention Tips

There are some important proactive steps that every consumer can take to safeguard their identity. We like to recommend these top five things everyone should do, or at least know about, to protect themselves and their family from becoming a victim of identity theft.
  1. Buy a shredder: Shredding all your personal information before tossing it in the trash will prevent dumpster divers from fishing out your pre-approved credit card offers. Shredders that cut lengthwise and crosswise are ideal as it minimizes the chances that potential thieves can tape your documents back together.

  2. Change your passwords monthly: Do you bank online? Or store personal information on your laptop? If so, it would be wise to change your password at least once a month and try to select passwords that will not be obvious to potential hackers (birthday, anniversary, pet name, etc.).

  3. Freeze your credit: If your data has been breached (electronically or via dumpster divers), there is not much an identity thief can do if your credit has been frozen... there is no way someone can open a line of credit (credit cards, house/car loans, etc) without access to your credit information, and you can say good-bye to those pesky and potentially dangerous pre-approved credit card offers.

  4. Beware of phishing scams: Scam artists "phish" for victims by pretending to be banks, stores or government agencies. They do this over the phone, in emails and in the regular mail. Don't give out your personal information, unless you made the contact. Don't respond to a request to verify your account number or password. Legitimate companies do not request this kind of information in this way.

  5. Protect your computer from spyware and viruses: Spyware programs can collect many different types of personal information about you like passwords and credit card numbers. Always use firewall, virus and spyware protection software that you update regularly like Norton Internet Security 2006. Only download free software from sites you know and trust.
Source : https://www.trustedid.com/html/identity_theft_protection_resource_010.php

       

Thursday, February 7, 2008

How To Configure Internet Explorer Security

Internet Explorer offers four different zones to help you classify security level depending on
how well you know or trust the site: Trusted, Restricted, Internet and Intranet or Local.

Classifying the sites you visit and configuring your Internet Explorer security settings
for each zone can help to ensure you can safely surf the Web without fear of malicious ActiveX or Java applets.

Difficulty: Average
Time Required: 10 Minutes

Here's How:

1. Click on Tools on the menu bar at the top of Internet Explorer
2. Click on Internet Options from the Tools drop-down menu
3. When Internet Options opens up, click on the Security tab
4. Internet Explorer begins by categorizing sites into either Internet, Local Intranet,
Trusted Site or Restricted Site zones. You can specify the security settings for each zone.
Select the zone you wish to configure.
5. You can use the Default Level button to select from the pre-defined security settings
Microsoft set up in Internet Explorer. See Tips for details of each setting.
6. MEDIUM is most appropriate for the majority of Internet surfing.
It has safeguards against malicious code, but is not so restrictive as to prohibit you from viewing most web sites.
7. You can also click on the Custom Level button and alter individual settings,
starting with one of the Default levels as a baseline and then changing specific settings.

Tips:

1. LOW -Minimal safeguards and warning prompts are provided -Most content is downloadable
and run without prompts -All active content can run -Appropriate for sites that you absolutely trust
2. MEDIUM-LOW -Same as Medium without prompts -Most content will be run without prompts
-Unsigned ActiveX controls will not be downloaded -Appropriate for sites on your local network (Intranet)
3. MEDIUM -Safe browsing and still functional -Prompts before downloading potentially unsafe content
-Unsigned ActiveX controls will not be downloaded -Appropriate for most Internet sites
4. HIGH -The safest way to browse, but also the least functional -Less secure features are disabled
-Appropriate for sites that might have harmful content

What You Need:

* Computer
* Internet Explorer
by: Tony Bradley, CISSP, MCSE2k, MCSA, A+

http://netsecurity.about.com/cs/tutorials/ht/ht020203.htm

Beware of Internet Urban Legends

Those Emails Are Probably Not Legitimate
By Judy Hedding, About.com

You have probably heard the phrase 'urban legend' but you might not have really known what an urban legend is.
According to David Emery, the About Guide to Urban Legends and Folklore1,

Urban legends are popular narratives alleged to be true, transmitted from person to person by oral
or written communication (including fax and email). Said stories always involve some combination of outlandish,
humiliating, humorous, terrifying, or supernatural events – events which always happened to someone else.
For credibility, the teller of an urban legend relies on good storytelling and the citing of
an "authoritative" word-of-mouth source (typically "a friend of a friend") rather than verifiable facts.
And sometimes, but not always, there's a moral to the story, e.g.: "behave yourself, or bad things will happen."

If you receive email, chances are that you have received one involving one of these hoaxes.
I know that I have received every single one of these:

* Bill Gates is not giving you $1000, and Disney is not giving you a free vacation.
* There is no baby food company issuing class action checks.
* Big companies don't do business via chain letters and there are no computer programs
that track how many times an email is forwarded, let alone by whom.
* Proctor and Gamble is not part of a satanic cult or scheme, and its logo is not satanic.
* The Gap is not giving away free clothes. There is no need to pass it on "just in case it's true."
* There is no kidney theft ring in New Orleans. Or Chicago.
Or anywhere else in the world. No one is waking up in a bathtub full of ice,
even if a friend of a friend swears it happened to their cousin.
David Emery reports, "The National Kidney Foundation has repeatedly issued requests for actual victims
of organ thieves to come forward and tell their stories." None have. Zero. Zip. Nada. Not even your friend's cousin.
* Neiman Marcus doesn't really sell a $200 cookie recipe. And even if they do, we all have it.
And even if you don't, you can it here2. Then, if you make the recipe, and decide the cookies are that awesome,
feel free to pass the recipe on.
* There is no gang initiation plot to murder any motorist who flashes headlights at another car driving at night without lights.
* Craig Shergold in England is not dying of cancer and would like everyone to stop sending him their business cards.
He is no longer a little boy either.
* The "Make a Wish" foundation is a real organization doing fine work, but they have had to establish
a special toll free hot line in response to the large number of Internet hoaxes using their good name and reputation.
It is distracting them from the important work they do. Also, the American Cancer Society does not give 3 cents
for each person you forward e-mail to. How would they even know?
* Women really are suffering in Afghanistan, but forwarding an e-mail won't help their cause in the least.
If you want to help, contact your local Legislative Representative, or get in touch with Amnesty International or the Red Cross.
* KFC did not change their name from Kentucky Fried Chicken because they use genetically engineered
chickens instead of real ones. KFC really does use real chickens with feathers and beaks and feet.
Why did they change their name? Now that we are more health conscious, KFC determined that the word 'Fried' denoted
something less than appealing. With the help of a focus group, they picked the name KFC. It's short,
doesn't offend dieters and it's easy to remember.
* There is no bill pending before Congress that will allow long distance companies to charge you for using the Internet.

So what's the harm in passing along all these emails to your friends, relatives, co-workers and acquaintances?
They are, at best, annoying and a nuisance. They are, at worst, illegal. David Emery provides this analysis:

Basically, these amount to rumor mongering by chain letter. Such messages typically include a plethora of
capitalized words and exclamations points, little or no substantiating evidence, and, in the majority of cases,
downright false information. The true intent behind them is to provoke fear rather than to inform.
People who forward them may do so with naive good intentions, but it's hard to credit the anonymous
authors of email scare messages with any but cynical or self-serving motives.

Here's the bottom line: if you receive an email that requests that you pass it along to everyone you know,
or 10 people you care about, or anyone, don't do it. If you receive an offer that seems too good to be true,
it probably is just that, so don't respond. Don't even send an email back. No one will read it, or worse,
you'll end up on another email list. If you want to investigate some claim being made, the best
place to check it out is at David Emery's web site on Urban Legends and Folklore.
If you can't find it there, post the inquiry to the forum at his site.



Wednesday, February 6, 2008

Best Practices for Preventing Security Risks

  1. Configure systems, from the first day, with the most secure configuration that your business functionality will allow, and use automation to keep users from installing/uninstalling software
  2. Use automation to make sure systems maintain their secure configuration, remain fully patched with the latest version of the software (including keeping anti-virus software up to date)
  3. Use proxies on your border network, configuring all client services (HTTP, HTTPS, FTP, DNS, etc.) so that they have to pass through the proxies to get to the Internet
  4. Protect sensitive data through encryption, data classification mapped against access control, and through automated data leakage protection
  5. Use automated inoculation for awareness and provide penalties for those who do not follow acceptable use policy.
  6. Perform proper DMZ segmentation with firewalls
  7. Remove the security flaws in web applications by testing programmers security knowledge and testing the software for flaw

How to choose a firewall


There are several different types of firewalls on the market today. Choosing one for your organization can be a daunting task – especially in an industry filled with buzzwords and proprietary trademarks. Let's take a look at the basics of firewall technology and five questions you should ask when choosing a firewall for your organization.

  1. Why are you implementing a firewall? Sure, this sounds like a simple question. You're probably thinking to yourself, "Because we need one!" But it's important that you take the time to define the technical objectives that you have for firewall implementation. These objectives will drive the selection process. You don't want to choose an expensive, feature-rich firewall that's complicated to administer when your technical requirements could be met by a simpler product.

  2. How will the firewall fit into your network topology? Will this firewall sit at the perimeter of your corporate network and be directly connected to the Internet, or will it serve to segment a sensitive LAN from the remainder of the organization? How much traffic will it process? How many interfaces will it need to segment your traffic? Performance requirements such as these contribute a significant amount to the total cost of new firewall implementations, making it easy to under- or over-purchase.

  3. What type of traffic inspection do you need to perform? This is where the buzzwords start to come into play. Every vendor out there has a different trademark for their traffic-inspection technology, but there are essentially three different options (listed in order of increasing complexity and cost):
    • Packet-filtering firewalls use simple rules to evaluate each packet they encounter on its own merits. They maintain no history from packet to packet, and they perform basic packet header inspection. The simplicity of this inspection makes them speed demons. They're the most inexpensive option, but they are also the least flexible and vulnerable. There's a good chance you already own equipment capable of performing packet filtering – your routers!

    • Stateful-inspection firewalls go a step further. They track the three-way TCP handshake to ensure that packets claiming to belong to an established session (i.e., the SYN flag is not set) correspond to previous activity seen by the firewall. Requests to open the initial connection are subject to the stateful-inspection firewall rulebase.

    • Application-proxy firewalls contain the highest level of intelligence. In addition to stateful inspection, they broker the connection between client and server. The client connects to the firewall, which analyzes the request (including application-layer inspection of packet contents). If the firewall rules indicate that the communication should be allowed, the firewall then establishes a connection with the server and continues to act as an intermediary in the communication. When combined with Network Address Translation, both hosts may not even be aware that the other exists – they both believe they are communicating directly with the firewall.

  4. Is your organization better suited for an appliance or a software solution? Appliances are typically much easier to install. You normally just plug in the appropriate Ethernet cables, perform basic network configuration and you're ready to configure your firewall rules. Software firewalls, on the other hand, can be tricky to install and require tweaking. They also lack the security that's often built into the hardened operating systems of firewall appliances. What's the tradeoff? You guessed it! Appliances are more expensive.

  5. What operating system is best suited for your requirements? Even appliances run an OS and, chances are, you'll need to work with it at some point in your firewall administration career. If you're a Linux jockey, you probably don't want to choose a Windows-based firewall. On the other hand, if you don't know ⁄dev⁄null from ⁄var⁄log, you probably want to steer clear of Unix-based solutions.

While I can't recommend a specific type of firewall to you without knowing your needs, the process of answering these questions can help you solidify your thoughts and put you in the right direction. With these answers in hand, you should be able to intelligently evaluate the cost/benefit tradeoff for the various products available on the market today. - Mike Chapple

Source: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1113533,00.html

Email Security Tips

Attachments

Do not open an attachment unless you trust the source.

  • Do you know the person who is sending you this file? If not, don’t open it. E-mail addresses can be “spoofed” – the “from” address can be faked.
  • Once the message is open does the content match the sender? If not, send it back and ask for clarification.
  • Does it make sense that they are sending it to you? If not, send it back and ask for clarification.
  • Microsoft NEVER sends operating system patches as e-mail attachments. They will ask you to visit the Microsoft Web site to download any software.

Sending Personal Information

E-mail is not secure. Think of it as sending a postcard written in pencil. As the card is delivered it makes numerous stops and can be altered or read by various people. Personal information should never be sent via e-mail – ssn, credit card, name, phone, address, and date of birth in combination. Don’t send anything you wouldn’t want on a billboard.


Phishing

“Phishing is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient.”

Examples would be a message from your bank that asks you to update your account information. You click on the link, the legitimate bank site opens, then a page opens up on top asking you for your account info. This info page DOES NOT belong to the legitimate site. If you fill out your personal information and submit it, the info will go to the “phisher” to be sold or used to steal your identity.

Source: searchSecurity.com Definitions

Tuesday, February 5, 2008

Back up your Data!

PC and Data Safety Tips
To quote a friend of mine, "There are only two kinds of hard drives: the ones that have already crashed
and the ones that will eventually crash."
This is a very true statement. If this hasn't happened to you yet, don't worry - it will.
To be prepared for a disaster like that, you should back up your data - ALL your data.
To make this process easier, you should have your data well organized on your hard drive.
That My Documents folder in Windows is there for a purpose. You should keep all your files in that folder,
no matter if they are Word documents, Excel spreadsheets, pictures, whatever.
That way you can simply backup just that folder instead of having to go hunt on your hard drive trying to
remember where you put all your files.
You can actually set up almost every decent program to save its files into a folder you specify.
Take a few minutes to do that, you will be grateful later.

You probably noticed that I said earlier "most of your data".
Most people forget that there is more than just your Word documents.
What about your bookmarks that you accumulated over the years? Your e-mail addresses?
The saved game of Quake that took you three months to get to that level?
Unfortunately, this type of data cannot be stored in the My Documents folder.
So be sure that you don't forget to back up that information as well.

Backup Methods

If you don't have much on your PC, you might get away with copying a few files to a few floppies.
Chances are though, that you need a lot more space.
Thankfully there are several options that make it easy.
A very popular tool is the Iomega zip drive. It holds 100 MB of data per cartridge and can
easily be transported.
Tape drives are relatively cheap, but slow, and the tapes are very sensitive to heat etc.
Another possibility is to back up to another hard drive, either a second drive in your PC or another
hard drive in another PC if your PC is connected to a network.
A new and increasingly popular way is to back up to a CD burner.
You can get a re-writeable CD burner that will let you reuse the same CD for your
backups over and over.
You can also use the CD burner to make your own personalized music CDs.
My personal recommendation is the Hewlett Packard 8100i.

Make an Emergency Disk
If your hard drive crashes or your PC won't boot anymore
for whatever reason, you need a bootable floppy disk.
You can create this easily in Windows 98 by going to
Start/Settings/Control Panel/Add Remove Programs/Startup Disk/Create Disk.
This will create a bootable floppy with CD ROM support that will be very valuable to you when
that moment comes.
In Windows 95, this process is a little more complicated as the floppy will not automatically support the
CD ROM drive.
You need to manually copy the drivers to your boot disk.

Power Protection A very important factor that is often neglected is the supply of power to your PC.
If you live in an area with frequent power outages, regular brownouts or in a house with bad wiring,
this could cause data loss on your PC.
To prevent this, you should consider getting an uninterruptable power supply, or UPS.
It will alert you when the power drops or completely disappears, and provide you with 5 to 10 minutes
(depending on the model) of battery power to give you time to save your data and shutdown your PC
properly.
My personal recommendation is APC.

Cooling
There is a lot of heat produced inside your PC, mainly by the main processor, but also by other
devices like CD drives, hard drives, video cards, etc. If the temperature gets too high,
your PC will start behaving very oddly including crashes.
Make sure that you have proper cooling inside the case, preferably one fan that blows cool air
into the case and another fan that pushes the warm air out.
Your PC should have some room to breathe, don't cram it into a tight corner.
Check that the fans are not cover by dust.

Virus Protection Every time you download a file from the Internet, get a floppy from a friend,
bring a file home from work, you expose your PC to the risk of getting a virus.
Viruses can be very devastating on your PC, including corrupted files, deleted files and erased hard drives.
To protect yourself, you should install a professional virus checker, such as Norton Antivirus from Symantec.

Stay Current
If you are running old programs that were designed for Windows 3.x you should
see if there is a newer version available that was designed for Windows 95/98.
Also, about once a year you should make a list of all the hardware that you have installed on your PC,
such as video card, printer, sound card, etc. and visit the manufacturer's web site to see if there are
newer drivers available.

Keep it clean
The more programs you run, the higher your chances for crashes are.
Don't install programs without doing some research first.
If you don't use a program anymore, uninstall it.
If it is a beta version, it does not belong on a PC that has important data on it.
Be especially careful with little unknown or custom written programs that you download from the Internet.
It could contain a virus or could be written by a hobby programmer with good intentions but bad QA skills.

Third Party Utilities
Be careful with all those third party utilities out there, such as uninstaller,
diagnostic, optimization and other programs.
A lot of them are very intrusive on your system and cause more problems than they fix.
The only party benefiting from them is the manufacturer who rakes in your cash.
Windows 98 already comes with many diagnostic tools that make most of the third party utilities redundant.
The only two tools that don't come with Windows and that have proven to be invaluable for me are
Symantec's Norton Antivirus and Power Quest's Partition Magic 4.0.

Source : PC911

Monday, February 4, 2008

How To Recognize and Avoid Spyware

What is spyware?

Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware."

It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

* What information is being gathered?
* Who is receiving it?
* How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

* you are subjected to endless pop-up windows
* you are redirected to web sites other than the one you typed into your browser
* new, unexpected toolbars appear in your web browser
* new, unexpected icons appear in the task tray at the bottom of your screen
* your browser's home page suddenly changed
* the search engine your browser opens when you click "search" has been changed
* certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)
* random Windows error messages begin to appear
* your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window.

Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar.

Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.

Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows.

Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.

How do you remove spyware?

Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically (see Understanding Anti-Virus Software for more information).

Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Webroot's SpySweeper, PestPatrol, and Spybot Search and Destroy.

Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems (see Coordinating Virus and Spyware Defense for more information).

Authors: Mindi McDowell, Matt Lytle
Copyright 2004 Carnegie Mellon University.
LINK

2008 InfoSec Calendar

Managing Corporate Infosec Risk