Wednesday, February 26, 2014
McAfee, an Intel subsidiary!, releases free mobile security
McAfee was bought by Intel in 2010 (I didn't know that!). With all the hassle McAfee causes by bundling itself with updates of Adobe Reader and other downloads, you'd think that it's pedigree would be better than that. Anyway, McAfee is releasing a mobile phone version. Google "mobile smartphone free antivirus security" to see what's available. Add "McAfee" to see what is going on with that company.
Tuesday, February 25, 2014
Some interesting/necessary apps to go with Google Drive
I did not know about this. Go to the Google Drive App Store. Lots of PDF, photo, audio, etc tools you can use with Google Drive. Quite impressive collection of stuff.
Wednesday, February 19, 2014
XP Support Ending in April! How will this impact current XP users? What can you do now?
Microsoft will stop providing security patches, etc on April 8. This can put you at increased risk for malware attacks. I should hasten to add that, from a risk point of view, how you set up your browsing security and what your passwords look like are the highest risk areas and should always be your primary concern regardless of operating system. See the previous post.
But what about all the other software, such as your antivirus/antimalware, flash player, Adobe Reader, etc.?
For example, a statement from a Microsoft website regarding Microsoft Security Essentials:
Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system*. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.
With respect to these other programs, you have to expect their support to be ending sometime in the near future, probably in the same timeframe. The time has come to do something.
If your computer is still performing OK, then options include:
Windows 8.1 is the current version. Though it has some things you have to get used to, which might take a couple of hours of personal instruction from me, it is not as bad as some rumors suggest. There are compatibility problems with some very old programs. Usually those can be forced to run, but it might require a professional service and some additional software.
But what about all the other software, such as your antivirus/antimalware, flash player, Adobe Reader, etc.?
For example, a statement from a Microsoft website regarding Microsoft Security Essentials:
Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system*. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.
With respect to these other programs, you have to expect their support to be ending sometime in the near future, probably in the same timeframe. The time has come to do something.
If your computer is still performing OK, then options include:
- take that computer off the internet. Use it as a local computer.
- purchase and install Windows 7... (issues could include performance) That might cost over $100 and, if you can't do it yourself, an installation cost of perhaps $90.
- install another free operating system that will continue to be supported and that is secure; first among these is Ubuntu (I taught a class on converting from XP to Ubuntu with very detailed notes. This class is in the form of a blog, found here.)
Windows 8.1 is the current version. Though it has some things you have to get used to, which might take a couple of hours of personal instruction from me, it is not as bad as some rumors suggest. There are compatibility problems with some very old programs. Usually those can be forced to run, but it might require a professional service and some additional software.
Saturday, February 15, 2014
Status of Malware Detection and Prevention 2014
The word "ecology" is used in common discourse to refer to "the relationships between a group of living things and their environment" (Webster). However, the word is now used as shorthand for the idea of a complex web of relationships between technology entities and human entities. In computer security some of the entities are malware (the software), malware wholesalers, malware creators, identity distributors, websites in general, social websites in particular, antimalware (the software), antimalware developers, the internet infrastructure, security administrators (from corporate level to the individual homeowner), users, the intranet infrastructure, individual computers, flash drives and other "vectors" of intrusion, and on and on.
I found a fairly technical article on the status of "ecology" of Malware and its prevention. Though technical, I thought some readers might find it interesting. The article's title is "The Changing Face of Advanced Malware Detection." To summarize the article:
I found a fairly technical article on the status of "ecology" of Malware and its prevention. Though technical, I thought some readers might find it interesting. The article's title is "The Changing Face of Advanced Malware Detection." To summarize the article:
- The typical defenses for a network (home or business) consist of a network-based intrusion prevention product (firewall) and desktop/laptop/tablet/smartphone intrusion prevention (firewall) product, and a desktop/laptop/tablet/smartphone virus scanner
- 2014 Malware is getting harder to detect because malware makers are selling suites of specialized malware tools, called "crypters" and "packers" that make it very easy "to create (within seconds) custom code destined for a particular desktop."
- "The effect of this "individualized" approach is that signature scanners are ineffective, making zero-day attacks, such as the November Windows XP privilege escalation attack, increasingly difficult to stop. Ransomware is also becoming more popular." (Ransomware is the most common intruder I deal with. Existing desktop "antivirus" does a poor job at detecting and preventing ransomware.)
- Companies need to be able to detect intrusions in real-time and have a systematic global detection tracking and systemic response to that individual attack. This doesn't just mean fix that one problem; it means reconfigure and adjust your entire security infrastructure based on that occurrence and the distribution of occurrences in that timeframe.
- This applies to individuals as well. If you have a malware attack, you need to "reassess and recalibrate" your entire security setup and approach. It is not enough to remove that single piece of malware; assume that the malware makers have received some information about your computer and network configuration and, depending on what information they have about you, your business, your contacts, etc., they may be reconfiguring their malware suite for another, potentially more successful, attack. More successful means that you don't detect it, or you can't get rid of it.
- Antimalware makers are delivering solutions that monitor the entire intranet for "silent" attacks;" eg those that go undetected, the ones that are collecting information about your infrastructure and you in order to later send malware that has a high probability of "success." The article spends a good deal of time on vendors that provide such software for businesses.
- Users, whether corporate or individual, must increasingly and actively establish environments that have "air gaps" between the internet and the individual computers; that is, the computers aren't connect directly to the network or the configuration of their user account makes it impossible to sustain an attack.
- (my comments) Home solutions include:
- using non-administrator accounts for browsing (I don't find this too convient- who wants to log off of an administrator account and log back on to a non-admistrator- standard- account every time they browse?)
- configuring browsers for "in-private browsing" or "incognito browsing"
- if a USB drive is used on any other computer outside your control, scan it before using it (See this old but instructive video.) Assuming you have any kind of antimalware on your computer, when you right click (or Ctrl Click) on the USB device in "My Computer" or "This PC" or "Finder" you will find an option that says something like "scan for viruses." Since I use AVG, mine says "scan with AVG."
- Browse only from ethernet connected computers. Turn off any wifi connections.
- Use the sandboxing feature of your browser. (Google Chrome is sandboxed by construction.)
- Use https: whenever possible. You can set your browser to do this. (Google ssl along with your favorite browser name for the specific way to set this.) Here is an interesting article where a marketing blogger is complaining about the impact of https on their web information harvesting efforts.)
- Use very long passwords; eg 25 characters if the website allows. Please! You're short ones will be found out and sold to the highest bidder.
- Use a different password for each web site. (I know, you're saying "That's crazy. I can't remember where I left any of my 5 pairs of reading glasses." My response: Use a secure password manager that can automatically fill in user ids and passwords for every web site. Use that manager to generate the awful passwords. You can google "secure password manager" for options and reviews. I use Lastpass.
- Don't ever save passwords in/on your browser using their "save password" function.
- Don't save bank account or credit card on your computer either, unless it is in a program that has strong security protection.
- Users, whether corporate or home, should have a guest account on their router. Anyone, including kids in the house, should use this account. (Side comment: If you have an older router, seriously consider upgrading it to a latest one, which has better security, including wifi WPA2, a serious firewall, and a guest signal.)
- Really, really be concerned about information on any of the social websites. (google social media security tips; eg this article). Get rid of your personal information. Malware distributors and malware identity wholesalers are trolling these sites to create profiles of individuals. Even without direct access to your business accounts (whether at home or at work), the aggregate of information can be so significant that they can construct phishing emails that are "irresistable."
- For businesses, the IT organizations should have detailed plans, plus appropriate software, to gracefully degrade and morph their IT infrastructure in the face of detected and projected security conditions.
- For businesses, the greatest threat can come from within: sometimes a malicious act by an employee or an innocent mistake, either in browsing or bringing a device "inside" the outer "mote". Devices include wearable intelligent devices, not just cellphones. (Homeowners: this can be your problem too. In fact, thinking about it... 2014 could see significant expansion of this mode as a way into your home network.)
- Keep your software, ALL OF IT, up-to-date. Obviously, the operating system, but also your other programs.
- Homeowners: audit all your electronic equipment- computers, routers, tablets, cellphones- for current versions once a month. Apple users: you just as vulnerable as Microsoft users now. You do browse the internet, don't you? And Safari is vulnerable and often the last to be "patched." Mac Users: if you haven't updated to Mavericks, do so. It contains a new, more secure, Safari. Better yet, use Firefox as your main browser.
Tuesday, February 4, 2014
How To Manage AT&T Subaccounts- something you might not know even exists!
When you first signed up for ATT internet service- DSL, UVerse, Dial-up: whatever- you were given a userid and password. You will find your userid on your DSL bill. Some customers don't actually use that email as their "primary email." They may have also created, some time or another, accounts for their spouse, their kids, or other accounts.
Over time, they forget that these accounts are there or how they were created. Sometimes it gets to be a real mess, with all the accounts and not knowing why your email is acting up.
So, I encourage you to look on your ATT bill and find your primary email address. Then I encourage you to log on to the ATT.com (not .net) web site and review the accounts you have. When you log on to the ATT.com website, you use the user id and password for that site, not your email account.
You might be surprised at what you find. Also, you can create other sub-accounts that you can use as "throw away" accounts for shopping, etc.
Instructions, with screen shots, are found here.
Over time, they forget that these accounts are there or how they were created. Sometimes it gets to be a real mess, with all the accounts and not knowing why your email is acting up.
So, I encourage you to look on your ATT bill and find your primary email address. Then I encourage you to log on to the ATT.com (not .net) web site and review the accounts you have. When you log on to the ATT.com website, you use the user id and password for that site, not your email account.
You might be surprised at what you find. Also, you can create other sub-accounts that you can use as "throw away" accounts for shopping, etc.
Instructions, with screen shots, are found here.
Sunday, February 2, 2014
All the documentation on Gmail account security (eg compromised account)
From the http://gmailaccountrecovery.blogspot.com/
If you're suspicious about the safety of your account, have a look at these two resources:
If you're suspicious about the safety of your account, have a look at these two resources:
How to re-secure an account that was compromised:
http://gmailaccountrecovery.
Account Security Checklist
Subscribe to:
Posts (Atom)
Printfriendly
