Computer Virus and Security Protection Tips

The internet has its fair share of threats and dangers that could harm your PC and access your personal and confidential information without your permission. Computer security entails both detection and prevention from such people and programs. "Prevention" would help in keeping you safe from all such malicious attempts whereas "detection" would inform you whether someone attempted to access/harm your system, either successfully or unsuccessfully and what harm they may have caused.

Why bother about your computer's security anyway? Well, nowadays computers are used for almost everything from shopping to banking and from having casual conversations through internet chat to investing. Yes, much of your information may not be that confidential but you still won't want someone sending forged emails on your behalf or reading your personal or official documentation, like financial statements and bank account information. On a more serious note, an intruder or hacker/cracker may gain access to your computer to launch attacks on other computer systems. With access to your computer they are able to hide their true location while they launch attacks on high profile computer systems, like those of banks and other financial institutions.

Computer hackers / crackers are always looking for weaknesses or holes in the system. Developers are not always able to run comprehensive tests on their softwares because of its ever growing complexity. Later on when these holes are brought to the developer's notice, they create patches to address the problem. So, the number one tip to all computer users is to make sure you obtain and install the patches and security fixes regularly. Some software like chat programs actually allow other users to execute commands on your system which could open the window to all kinds of harmful programs. Therefore there is a need to be more careful when using chat programs of various kinds.

Install a firewall. Hackers/crackers are constantly scanning for known holes or vulnerabilities in the system. Software or hardware based firewalls can provide good protection from such attacks. Having said that, no firewall is capable enough to keep out all threats, therefore having a fire wall is not quite enough.

Use Antivirus software on each PC that connecting to the internet but an anti virus software that is not updated may do little or no good. Some antivirus software comes with automatic update options - these are thoroughly recommended.

Disable JavaScript, Active X and Java if possible. By disabling these scripting languages you will keep your system safe from malicious scripts. By disabling these options you may degrade the functionality of some websites. For More information on disabling scripting languages please visit http://www.cert.org/tech_tips/malicious_code_FAQ.html.

It is also thoroughly recommended to disable scripting features in email programs as many email programs use the same code as web browsers.

Be careful not to open email attachments even if you are familiar with the source of the attachment. The only reason the Melissa virus spread so far and so rapidly was because it originated from a familiar address. Before opening an attachment, make sure your virus definitions are up-to-date, save the file to your hard disk, scan the file using your anti virus software and then open the file. If possible, even disconnect from the internet before you open the file.

Don't run a program that's come from an un-authorized or un-known source. Don't also send these programs to your colleagues and friends as it may contain a Trojan horse (these programs are used to enter into the system and trick the user into installing various programs which allow hackers and intruders access to your system).

Turn off your computer when it is not being used. A turned off system or a system that is completely disconnected from the network is safe from all intruders.

Make a bootable disk which will come in handy if your computer has suffered an intrusion or a hard disk failure. The bootable disk may help your computer recover from such an event but remember, the bootable needs to be created prior to any security breach or malfunction.

Make a back up of all important files on a removable storage device like a CD or DVD and keep the storage device away from the computer. In order to safe space, you may also choose to ZIP your data (compress your data) using a compression software while making a backup.

For more PC security tips, advice and anti virus software reviews visit http://www.antivirus-software.com

Computer Defense System

Computer security is very important today. Without a great computer defense system, if you go online, you leave yourself open to all kinds of attacks both minor and very serious. Today all business and commerce is conducted by way of the computer. Additionally, once a transaction is completed, it is sent over the Internet to another computer where the transaction is verified and completed. It is very important to be aware of the steps that you need to take before you connect to the Internet to secure your computer. Those who wish to compromise systems are becoming more cleaver in their approaches everyday. It also seems with technology changing everyday, it is harder and harder to keep up.

A good computer defense system first means making sure that on a fresh install of any operating system, Apple OS included, all software updates are downloaded and any security updates are applied. In windows, set your security update options to at least "notify" you of updates even if you don't want to download them automatically. It is also most prudent to make sure all critical updates are downloaded and applied as soon as they become available. Microsoft Windows makes this easy with the Windows Update feature. Similarly there is a feature called software update in the Finder under the "Apple Menu" called software update. It is essential that you do this regularly. If you do not have options set to notify you immediately of updates, check for them a minimum of two to three times a month.

Another Part of your computer Defense System is your anti-virus software. In recent years their has been a tendency for the best know names in the anti-virus business to bloat their product with more and more features that many users will not use or use very sparingly. This taxes computer resources and slows down your computer because it is trying to do more and more background processes. There are many retail packages out there, but they are not all created equal. Also, be aware that program definition files (that tell the program about what viruses may exist on your computer) often expires at the end of a year meaning you will have to renew your anti-virus definition subscription in order to continue to receive updates. An alternative is a free antiviral software solution that provides updates for free. One of the best is by a company called Grisoft. It is called AVG. While I cannot put a link here, if you type "AVG Free" into Google, the link to the download page will be on the top of the list.

For your computer to be running properly, you also need to enable any firewalls on your system. For example, in the Control Panel of recent Windows OS versions (like XP or Vista), you will find a security section (Tab or Icon). Once there, make sure the Windows firewall is enabled. However limit the installation of firewall software because not only can this cause program conflicts and slow down your system, cryptic warnings about a possible intrusion will not benefit you and scare an inexperienced user. Instead install a router or get someone to do it for you. Even if you only have one computer because a router is a physical firewall blocking potentially harmful Internet traffic for you. Also much lower prices on computers now means having multiple computers is affordable. A router allows multiple computers to share a single Internet connection.

Another important consideration is not to install toolbars unless from a recognized and trusted source. A good computer defense system recognizes that many of these installations are actually malware in disguise that can do things in the background that may harm and compromise your system. Also, do not download email attachments. This is one of the major ways that a virus or other malicious or self-executing code actually gets on your system in the first place. You need to exercise do vigilance when on the Internet and click with care. Also make sure that things like Active X controls are not automatically set to run on a page. (Unless on a trusted site that requires it.) Additionally, think seriously about changing the browser you use to surf the Internet with. Type "Get Firefox" in Google. Firefox is a better browsing alternative than its man competitor and it is more secure because it is more of a basic browser that does not automatically execute advanced functions that can lead to viruses, malware, Trojan horses and other malicious code that can seriously harm your computer.

A good computer defense system requires more than what has just been detailed, but these steps are important and will go along way toward a more secure and safe computer system. For even more extensive information; look to the end of this article for links showing you where you can go next.

For more information, please visit the Marketplace section of http://www.learnherenow.com - You will find additional articles on this website. Please check out our sister site at http://www.stevenmilbrandt.com - Thank you. It is hoped you find this article both helpful and informative.

Is There Still a Future For Anti-Virus Software?

Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.

I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.

Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?

It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.

Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.

Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way their anti-malware applications, not even in today's world of advanced malware attacks. Anti-malware applications are often the only line of defence that's available to novice Internet users.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, an online resource providing education to the Internet Community about online threats. Coenraad also writes about cyber security related topics on the Cyber Top Cops Blog.

How to Detect a Scam

I am sure that some of you have been a victim of Internet Scam. How do you detect a scam? I can tell you from my personal experience how to detect a scam and what needs to be done about it. Internet scams comes in variety of ways. If you type in the keywords for "work at home, surveys, mystery shoppers, online business, and processing credit cards", you will see a dozen of website that literally beg for your undivided attention. Their website looks as though it is so easy to make money. They have testimonials of people making big bucks. They say you can make $500 to $1000 per day part time. It says that you can start in 10 minutes after purchasing their service. What service you may ask after purchasing their service. The only thing you see is a bunch of websites that say that you can make money being a mystery shopper, filing out surveys, and processing credit cards.

Most of the scam sights are not secured. It does not have a padlock or https. Therefore, anyone can see your personal information. Needless to say, they ask everything about you: What is your income, your age, address, and telephone number. Little did I know that I would get junk mails and phone calls from telemarketers wanting to allure you to their business. What surprised me is that they sell your information to third parties. I was charged for some website service on my Verizon telephone bill.

Please be careful of websites with an ending of .org. It's supposed to be a non profit organization but some deceitful people use it to fool consumer thinking that their content can be trusted. Surveys and processing credit cards are scams. If you have to pay $1.97 for a trial period and be charged $37.95 monthly thereafter, please don't do it. Most likely, they will add charges you don't recognize and give you a hard time with refunds. I ended up putting a dispute with my credit card and bank account. I had a terrible experience with work at home companies found by googling the keyword: "best work at home opportunity, how to make money part time". If you have trouble with refunds, you can file a complain with the better business bureau or the FBI.

They say when it rains it always shine. Here is the good news. I found a genuine, remarkable, authentic, Internet marketing course that takes you by the hand and teaches you what you should not do and what you should do. This service is incredible because it reveals the secret of being successful. I can't believe that Mike Andrews is giving away such valuable information that most gurus would keep to themselves. He has tons of tutorials, videos, resources, and great tools provided to members. I have never seen such a wonderful sight for learning how to start your own business. He has pre-made websites with your own id for you to promote. I get very excited when I talk about the materials he offers. What's more amazing is that you can try out the course for 80 days with an unconditional money back guarantee for only $87.00. This is a bargain. This is nothing compared to what you have to pay for a one day seminar which is around $150.00. Just by learning his tutorial, I learned how to get traffic to my website in different forms. You have everything to gain and nothing to loose. For more information, please visit my blog at:

http://howtodetectscam.blogspot.com/

I enjoy teaching and writing articles that provide helpful information for family and children. Please visit my blog at http://howtodetectscam.blogspot.com/

Does Your Business Need to Be PCI DSS Compliant?

Despite increasingly heightened security by merchants and service providers, credit and debit card fraud is still on the rise. Perpetrators are using even more sophisticated methods of infiltration to access sensitive payment card information. The financial cost of fraud to any sized corporation can be huge and the price of preventing it is vast.

Any company which stores, processes or transmits payment card data bearing the logo of the five major payment companies has to comply with the Payment Card Industry Data Security Standards (PCI DSS). These five companies include American Express, Discover, JCB, MasterCard and Visa. These standards were devised in 2004 to provide a common set of industry tools for the storage of payment card data in order to prevent, detect, and react to security incidents.

As well as merchants or banking institutions, compliance is required by any third party who accepts or processes payment cards. This includes call centres who receive cardholder data which they are unable to delete. If merchants use payment gateways to process transactions on their behalf, compliance is not required but they must ensure contractual obligation from the third party that they comply with PCI DSS and are responsible for the security of cardholder data.

Fines for non-compliance or security breaches can be huge, reaching $500,000. High profile cases involving huge corporations have hit the headlines. Some card brands have threatened huge fines against larger merchants of up to $25,000 per month until compliance is obtained. In severe cases, they have even threatened to remove the ability to process credit card payments, which could be economically fatal for any merchant.

While Visa reports that the majority of security breaches occur in small enterprises, any company that stores, processes, or transmits card information has to comply with a strict set of guidelines. Although intended to create a global standard which protects both consumers and corporations alike, these guidelines can be time consuming, costly, and complex to implement. Corporations that require PCI DSS compliance are prevented from storing sensitive credit card information, including security codes, track data from the magnetic strip, and PIN numbers. Information which can be stored includes credit card numbers, expiration dates and customer details, but the method of storage needs to meet certain requirements.

How to obtain PCI DSS compliance

The recommended first step to obtaining compliance is to hire the services of a Quality Security Assessor, who can advise on steps needed to reach compliance as well as completing the official assessments required. Smaller companies that process less than 80,000 transactions per year are permitted to complete a self-assessment questionnaire.

Compliance covers 6 areas of security:

1. Construction and maintenance of a secure network - including installation of a firewall to protect cardholder data
2. Protection of cardholder data - including encryption during data transmission
3. Vulnerability management - with regular updates of anti-virus software
4. Access control - to prevent and restrict access to sensitive data
5. Regular monitoring and testing of networks
6. Maintenance of an information security policy

The latest updated guidelines for PCI DSS are due for release in October 2008.

The benefits of PCI DSS compliance

• Protection from PCI related fines if compliant at the time of breach
• Increased customer confidence in data protection
• Advice on how to remediate any data security risks
• Advice on how to prevent service providers from putting your business at risk from data security
• Increased protection from fraudsters
• Protection from unwanted negative media attention

With this said, there is no question as to why PCI compliant is as important as it is. It both protects the consumer and the merchant, making transactions considerably safer than they would be otherwise.

Managed Hosting provider for companies with applications that demand the highest levels of security and availability.

E-commerce Security - Issues and Controls

The internet facilitates open and easy communication across the globe, and has made e-commerce possible. However, because of its unregulated nature, it poses a threat to the security of e-commerce systems. Hence, as an e-business owner, you should be ready to address an array of e-commerce security issues.

Here are some of the common problems created by hackers:

• Denial-of-service (DoS) attacks that will prevent authorized users from accessing your website. If this happens too often, your customers will walk away.
• Gaining access to sensitive data such as price lists, catalogues and intellectual property, and copying, changing or destroying the same. Who hasn't been a victim of virus attack at some time?
• Altering your website. Unscrupulous rival companies might resort to such tactics in order to spoil your company's image.
• Directing your customers to another site. You do the hard work, and someone else reaps the benefits.

Hence, you should introduce adequate e-commerce security control measures to reduce the risk to your systems. But remember, these controls should not be so restrictive that they impact the efficiency of your business.

Authentication: This is the technique of positively identifying someone seeking to access your e-commerce system. This usually involves any or all of the following:

• Assigning a user name and password combination to registered visitors.
• Instituting a two-factor verification process that requires confirmation of information known only to authentic users. For example, asking for an authentication token and a personal identification number.
• Scanning a person's unique physical attribute such as a fingerprint or facial-feature.

Access control: In this type of control, access is restricted based on a need to know. This limits the number of people who can access a particular piece of information, and therefore reduces the risk of misdemeanor.

Encryption: This technique uses technologies like virtual private networks (VPNs) and secure socket layers (SSLs) to protect information that is being displayed on a computer or transmitted over a network. Companies like banks, which deal with sensitive information will most certainly encrypt data.

Firewall: This is either software or hardware that protects a server, network or computer system from attack by viruses and hackers. It is also a safeguard against user negligence. Many companies use the Kerberos protocol which uses symmetric secret key cryptography to restrict access to authorized employees.

Intrusion detection system (IDS): It inspects all inbound and outbound network activity and identifies any attempt being made to gain illegal access. If IDS suspects an attack, it generates an alarm or sends out an e-mail alert.

The importance of e-commerce security cannot be overemphasized. If your business strategy envisages the use of the internet, make sure that your systems are adequately protected. Books like "The Business of E-commerce: From Corporate Strategy to Technology" and "Security Becomes A Business Requirement For E-Commerce Companies" from amazon.com might be useful in order to deepen your understanding. You might also like to check out the e-commerce security products and services available at x-cart.com.

Hi, I'm Akhil Shahani, a serial entrepreneur who wants to help you succeed. If you like to work smart, check out http://www.SmartEntrepreneur.net . It's full of articles and resources to help you start and grow your business successfully. Please visit us & download our special "Freebie of The Month" at http://www.smartentrepreneur.net/freebie-of-the-month.html

"Ransomware" - Extortion by Encryption

Recently there has been a rash of reports of computers becoming infected with the Gpcode.ak virus, a new variant of an attack that surfaced a few years ago. Gpcode encrypts data on the affected computer's hard drive, plus any shares to which it has access. It leaves the basic system software alone (so the computer remains useable), but encrypts the user's data files. The encryption for the original version was cracked, making it easy for anyone to decrypt his or her own files, but this new version uses a 1024-bit encryption key. According to Kaspersky, this would take a relatively modern PC about 30 years to crack.

Affected users find a "README" file directing them to contact a specific email address for details on purchasing a "decryption tool" in order to recover their files. Sometimes the additional threat of publicizing confidential information is included in this ransom note.

However, because of a flaw in this version, it is currently possible to recover the encrypted files. Gpcode makes a copy of the files before encrypting them, and then deletes this copy. These deleted files can be recovered with file-recovery software that is widely available in both free and commercial offerings. Affected users should avoid rebooting their computers, and should not use them for anything else until they've recovered their files. This limits the risk of the deleted files being overwritten by other processes. This method of recovery is a temporary work-around - at best - because it has been widely publicized on the security forums, and it is only a matter of time before the virus authors add a step to wipe the deleted files from the disk.

It is unclear exactly how this virus spreads, but the vast majority of malicious infections come directly from spam email or from rogue web sites to which spam directs users. Therefore, minimizing one's risk of exposure to this virus means taking the normal precautions against any malware, such as keeping virus scanners and spam filters up to date, and having a clearly communicated policy about not following links in unsolicited emails (spam).

Try our award winning free anti virus protection for 30 days!

Christopher is an Information Security Consultant You are welcome to reproduce this article on Computer Security related web site, as long as you reproduce the article in full, including this resource box and link to our website.