One of the things that immediately makes me start wondering about whether a wi-fi network at an establishment is legit, is whether or not the name of the wi-fi network being broadcast matches or at least is similar to the business name.

For example, I was at a coffee shop the other day and a list of about 12 wi-fi networks within range popped up as available. Within the entire list there was nothing listed that even remotely identified with the business.

The strongest network listed was labeled "linksys", real creative. A personal security step for me is that I don’t connect to a wi-fi network unless I’m sure of the one I’m connecting. In this case, I got up and asked the manager what they had named their network, sadly he didn’t know but he thought "linksys" sounded right.

Dear business owners if you’re offering free wi-fi at your establishment, know a little and train your employees to know a little bit about how things work, at least what the network is named and how to reset the router would be great! And please, name your network something that your patrons can easily identify.

Another little thing I do is to try and avoid doing any financial transactions online over a free wi-fi network. I’m not too worried about hacking for the most part, but this is an area where I just feel that most of the time, I can wait till I’m back at home on my own secure network before doing this task online.

Image: richiec on flickr

Post from: EveryJoe

Thinking Security on Free Public Wi-Fi

I’m not sure how it is all these accounts on twitter have been getting hacked so prolifically lately. I don’t think all of these people have simple passwords that are getting cracked, so what’s happening? Are there machines infected with other malware that’s collecting login information?

Aside from the major PR issues that a entity like MSNBC is going to have to deal with after this kind identity theft, twitter is going to have to start doing something a little more to protect the security of the network.

If more and more people start to think that they can’t safely click on links or use the micro-blogging service, users are going to start dropping off and going to other channels for the same types of information.

I’m curious, if you’ve had your account hacked recently. Do you have any ideas of what happened? Too simple of a password? Other malware on your computer? What’s the deal?

UPDATE: If you’d like to see some of the tweets that were sent out through the account before it was suspended you can see them on this TechCrunch article about MSNBCHeadlines twitter account getting hacked. Caution NSFW! Language ahead matey!

Post from: EveryJoe

MSNBC Twitter Account Hacked

Microsoft isn’t competing with Symantec and other large security vendors, instead, their Security Essentials means they are now competing with vendors like AVG, and PCTools (which I am a big fan of).

During the limited public beta of Security Essentials, 75,000 public beta testers were able to see the potential of this free security app from Microsoft. The security settings as reported by testers say that the Security Essentials has the baseline features found in any security app.

The main features of SE 1.0 is its usage of both definition file and real-time based defenses against viruses, spyware and also offers rootkit protection. The application rely heavily on Microsoft SpyNet for its program’s reputation based detection and software signature based detections. Microsoft SpyNet was first introduced in the beleaguered Windows Vista operating system and later on extended and found on Windows 7.

You would have the ability to choose between two SpyNet membership options. The basic membership is simply sending Microsoft the detected software’s origin,the response and actions taken. The advanced membership role includes the parts of information on your hard drive for the software being questioned. Aside from these information, personal data can actually be sent over to Microsoft, although the software giant promise and has noted that they are not going to use the personal data neither are they going to contact you.

That doesn’t sound good and I wouldn’t want to try out Security Essentials when personal data is being sent over to Microsoft. To note, there is now way to remove yourself from the Microsoft SpyNet subscription when using Security Essentials 1.0

Security Essentials is clean and simple to use as shown in the image below:

The tabs represent the “home”, “update”, “history” or “settings”. The home tab is where the scan options can be found like making a quick, full or custom scan. The custom scan allows you to scan folders but doesn’t give you additional things to scan like “rootkits only”, “virus only”, etc. The “Update” tab displays the updates made on the system and whether the security data files are up to date or not. The “History” tabs shows the infections, quarantines, things found and actions taken by the application. The “Settings” page is where you configure that various settings for the Security Essentials 1.0.

The Security Essentials performs decent enough where quick scans take 30 seconds or less, the full scan can finish in around 1.5 to 2 hours. The Security Essentials results doesn’t come up to par with free security settings like PCTools and AVG.

Security Essentials is worth taking a look, but why would I choose to use it over PCTools, or AVG both of which have won so many awards, have performed well on my computer, has free version, and is tested and relied upon by millions and millions of users over the years. Plus, it doesn’t send out personal data like the SE 1.0

Do you want to use this application? I would suggest to consider but take a hard look at PCTools and AVG. By the way, I am currently using tools from PCTools.

Image from Security Essentials.

Post from: EveryJoe

Security Essentials 1.0

The installation file for the new software was pretty light. Total download size was only 8.61MB. Sitting less than 9MB, it places it less than a third of my least favorite application, Adobe Reader. Oh, and this is a full-blown security application, not just a PDF reader.

Once downloaded the installation process couldn’t have been much easier as well. The general installation steps were expected, there was a Microsoft Genuine Advantage software check in there. After that, a system update for definition refresh and we’re rolling.

As part of the install an initial system scan is included which also went quickly. I expected the first scan to take a bit longer. If the weekly scans go that quick, I’ll be happy. If they’re even quicker I’ll be more than pleased again with my experience.

Compared to Windows Live OneCare, there’s less settings and adjustments to be made. The basics still remain though: exclusion of files, exclusion of directories, default actions to take, etc.

The one thing I wish they’d work on fixing immediately is the icon that’s used to identify the tool. Sitting down there in the system try it looks like a circus big top tent. Microsoft, you can come up with a better icon than that, please do, QUICKLY!

Post from: EveryJoe

Installing Microsoft Security Essentials Software

Microsoft has now released their Microsoft Security Essentails application that will be completely replacing Windows Live OneCare as their security application of choice.

The big change between the two application is that Microsoft Security Essentials will be offered as a free download. Compared to the price of OneCare. There are a few different functions that will not be included in the new application, but the core components of what you’re looking for in this kind of application will be there.

What anti-virus application do you use? What system do you have running on a daily basis? What applications do you use for some extra-curricular system scrubbing when it’s called for because of a variety of reasons?

Post from: EveryJoe

Microsoft Security Essentials in Beta

As you can see from the image above which is a screen capture from my email Inbox, everything looks normal and appropriate and legitimate right? However, if you hover your mouse over the links you’ll see that the link is actually going to direct you to a bogus website that’s been setup to collect your information. I’m sure if you went to the site (which I don’t recommend and which is why I’m not even typing the URL you’ll see) it would look just like the PayPal website too.

If you look at the code behind the email in your Inbox, which Outlook automatically displays for Junk Mail, we can see in the image below the bogus links much more clearly.

The lesson here is that before you go clicking on links in emails. Take a minute to hover over them before clicking and just make sure they’re going to take you to the place you’re expecting to go. Otherwise, you’ll end up in a place where you really don’t want to be.

Post from: EveryJoe

E-mail Security with Phishing Scams

Custom Image by Jason Bean

You can follow these five steps to keep yourself safe on any system with any software installed.

1. Know Your Links: Too many times I think people just click on anything that’s blue and underlined in their browser. Take a minute and read where that link suggests it’s going. You can do this by hovering over the link and reading the information in the status bar. Notice the link shown in the status bar below. Not always a sure thing, but I rarely click on a link that doesn’t have a recognizable word, or just looks odd.
   

   Snagit of Firefox Status Bar

2. Don’t Install It: Before you go installing something cool you’ve just found, take a moment and think about whether or not you really need the application. Have you heard of it before you found it online? Was it recommended by someone you know and trust. My opinion is if it’s not familiar, it’s not installed.
3. Email Attachments: Rarely do I ever open or view email attachments I didn’t expect or ask for. This includes that cool video, music or PowerPoint presentation you got from your Uncle Roy. I delete almost immediately.
4. False “Helpful” Warnings: Sometimes you’ll get what appears to be a helpful message letting you know your system may be infected. The problem is that the helpful message is wanting you to click on it to install malware on your system. Be familiar with your own software, whatever you’re using and don’t click on anything that’s not familiar to you. Including the “Close” buttons or other items. When in doubt, you can use ALT+F4 to close active windows or the Windows Task Manager.
5. Forget Forwarding: Perhaps not an immediate threat to the security of your system, forwarding emails over and over is just a problem that builds upon itself. If you wouldn’t pick up the phone to tell someone about what you just saw on email, don’t forward it to someone. Too good to be true? Delete it! For one you’re spreading useless information. More importantly you’re helping to harvest active email addresses for spammers. If you must forward something, use the BCC: field and remove everyone’s email addresses from the body.

Post from: EveryJoe

5 Steps to Stay Safe on the Web

Back Image Source: www.sxc.hu

The question is did I need to be worried?

Conficker.C began using a new algorithm on Wednesday to look for instructions from its creator, prompting speculation that it might be readying for an attack. According to security experts, however, the worm has been quiet so far.

Am I just enjoying a false sense of security in all of this or is my ignorance my bliss? Honestly I haven’t had a serious malware or virus infection in quite some time. I can’t even remember the last time I spent any real amount of effort cleaning up from an infection or having to rebuild a system due to a virus.

I’m not the only one blissful in my ignorance either it appears. I love David Coursey’s humorous outlook on the whole Conficker hoopla:

The Conficker Worm is like the Paris Hilton of computer security: Famous solely for being famous. Neither has actually ever done anything of note. But, at least Paris has a sense of humor about her celebrity. Conficker just wastes people’s time.

Now that’s funny folks. What’s been your experience? Have you been impacted or bothered really at all, that is except for all the news alerts and blips about it in your feed readers?

Source: Conficker Worm Is Much Ado About Nothing, Conficker May Be More Widespread Than Previously Thought

Post from: EveryJoe

Conficker Worm – Did I Miss Something

After I moved all of the photos and images to the new drive I couldn’t get my local machine mapped to the new drive so I could access the photos as I had hoped. The problem was that I kept getting an error that I couldn’t connect to the share because there was already a connection made using the same login.  I couldn’t find the login for anything thought, not sure what was going on.

Snagit of Mapping Network Drive in Windows XP OS

Eventually I did what I end up always trying in events like this. Reboot. I did a full shut-down and reboot of the desktop computer along with a full shut-down and reboot of my laptop as well. Figuring this would close any existing connections using a login I was using, I would be good to go after the reboot.

I was right. Everything is good now.

Post from: EveryJoe

Connecting Shared Drive on Home Network

Here’s my list of applications that I used even today as I was cleaning up my family’s desktop PC.

CCleaner which is short for “CRAP” Cleaner. It does a great job of finding all the hidden pieces of installed applications that sometimes don’t get removed with the program’s default uninstall function.

Revo Uninstaller is very similar to CCleaner, but I choose to take advantage of both as an option in case one just won’t get rid of something. I usually run one, followed by the other to just insure that there are non remnants of anything I’m wanting to make sure I get rid of in the end.

Lavasoft Ad-Aware Free is a great tool for finding any malware, trojans, hijack apps and other annoying little critters that love getting into our systems and mucking everything up.

Windows Live OneCare has been my preferred option for real-time antivirus and malware protection on my systems and others. Recent news that Microsoft will be nixing their OneCare product may lead me to be looking for a replacement and free alternative in the future. Microsoft will be releasing a free option of their own, but I’ll wait and see how it looks before making a choice. I’m interested in what free antivirus applications you all recommend.

Belarc Advisor isn’t a tool to remove much of anything, but it provides a great resource for quickly cataloging and finding out what’s on your system and how you stand on a variety of security fronts.

Images: Various logos from application pages downloaded

Post from: EveryJoe

My Top Security and Maintenance Tools