Instant Messaging - Reducing The Risks

The internet has revolutionised the way in which we communicate with email replacing snail mail and the introduction of real-time Instant Messaging (IM).

The most popular and widely used IM services are MSN Messenger, Yahoo Messenger, AOL AIM, and ICQ. Regardless of which of these you may use, they all provide an interface for one-to-one communication or group conversations.

These programs however have opened up a whole new area for spammers and hackers to target. Using IM you can obtain the latest weather reports, movie listing etc, but you are dealing with a ‘chat robot’, also known as a ‘bot’. Now the software behind this can in some instances fool you into believing that the responses are from a real person, especially the more sophisticated versions used by hackers.

These IM programs are free to use, but are also extremely vulnerable to exploitation. They allow you to transfer files quite freely, which may already be infected with a destructive virus, Trojan horses or worms, and to have unencrypted chat sessions, which to many hackers is an open door. Some IM clients also allow peer-to-peer file sharing which potentially means that other users have access to the hard discs of other users.

Protecting yourself is a simple combination of common sense, vigilance and a few essential security tools, such as a firewall and real time anti-virus program.

Because IM is real-time, malicious attacks spread very quickly and can do an enormous amount of damage in a very short period of time.

The default security settings in IM programs are very low to make it easier to use, but this also leaves you more open to attacks. There’s also a new breed of IM worms. To your friends it appears as though they’re receiving a message from you, but the truth is the message is generated by a worm, and may contain a link to a Web site that automatically downloads another bit of malicious code.

IM is a prime target for online scams, identity theft and other predatory behavior.

These tips will help to make IM more secure:

Use a strong password and change it frequently.

Regularly update your IM software, operating system and security programs.

Do NOT enter any personal information.

Do NOT open any attachments or click on any web links sent to you by an unknown person.

If you know the identity of the person who sent you a link, hover your cursor over it to check that it is a legitimate link.

Be very careful of if a person on your allowed list starts sending odd messages, best advice is to shut down your IM program immediately.

Spim is spam sent over IM containing offensive language or links to web sites which cam also trigger an avalanche of pop-up ads, Spyware and Trojans.

There are ways to limit this, but the settings that enable you to do this mean that anyone not on your ‘buddy’ list will be blocked. This is a good thing, it protects you.

MSN Messenger: Once you’re logged in, click on Tools then Options, and select Privacy. Check mark the ‘Only people on my Allow List can see my status and send me messages’ box. The Privacy tab also allows you to add or remove people on the Allow List, as well as allowing you to see which other MSN users have added you to their contact list.

Yahoo Messenger: Click the Login menu and select Preferences. Select Privacy in the left pane of the Yahoo Messenger Preferences window, and tick the ‘Ignore anyone who is not on my Friend list’. To prevent spim through Yahoo, choose the ‘Do not allow users to see me online and contact me’ in the ‘When people see my ID on Yahoo Web sites’ section.

AOL Instant Messenger: Click My AIM, Edit Options, Edit Preferences to open the preferences window. Select Privacy in the left pane, and then tick the ‘Allow only users on my buddy list’ option under the ‘Who Can Contact Me’.

ICQ: Click the Main button, select Security and Privacy Permissions. Click Communication Events in the left pane, and then fill in the radio buttons under either the yellow check mark icon (this will limit these actions to users on your contact list) or the red X icon (which will prevent anyone from sending you these things). Click Spam Control in the left pane, fill in all the check boxes in the right pane, and select ‘All users’ next to the item labeled ‘Do not accept Multi Recipient Messages from’.

AVG Anti-Rootkit Free

Grisoft has developed quite a following with its free (for personal, non-commercial use) security applications, and for good reason.

Now there’s an anti-rootkit utility in AVG’s free software stable, too, and for users seeking a minimum of interaction, AVG Anti-Rootkit Free may very well be the Right Tool for the Job.

Grisoft makes its free AVG Anti-Rootkit application available for download. Users download the avgarkt.exe setup file, which features simple installation.

You may download a free version of AVG Anti-Rootkit here.

In keeping with the goal to make AVG Anti-Rootkit a very simple tool, the file features a simple .exe install file that triggers a setup wizard.

Users can select between a normal interface (which Grisoft recommends and sets as the default) or a low graphics interface (which is optimized for visually impaired users who rely on screen-reading programs).

Users must accept the AVG Anti-Rootkit Free license agreement before they can use the program to check their Windows system for stealth rootkit programs.

Next, users must specify the location of the AVG Anti-Rootkit Free installation files.

As with most software programs, users must specify the name of the Start Menu Folder. This is the name the AVG Anti-Rootkit application receives on the user’s Start menu.

Once users have specified all setup information, the free anti-rootkit utility installs itself.

Due to the way most anti-rootkit applications operate, it’s necessary to reboot Windows to enable proper operation. AVG’s free anti-rootkit application is no different. AVG’s setup utility gives users the option of rebooting immediately automatically or manually rebooting later.

AVG purposefully keeps its anti-rootkit interface simple. There are very few options for users to choose, thereby helping simplify the already confusing and complex world of rootkits.

AVG includes concise educational information aimed at helping regular (non-IT professionals) better understand the threat stealth rootkit programs present.

The Learn More tab lists information on what rootkits are and how users can protect their PCs from the stealth threats. There’s also a link to Grisoft’s site where additional computer security information is made available.

Users can check for AVG Anti-Rootkit Free updates using the third tab (About & Update). Clicking the About & Update tab also reveals the current version users have installed.

An interesting note, Grisoft informs users on this third tab why the AVG Anti-Rootkit uses random window titles. The reason is that AVG’s programmers wanted intentionally to change the name of the window the free anti-rootkit application uses to help thwart detection efforts rootkit hackers might program into their malware.

If users click the Check For New Version button found on the third About & Update tab, they are directed to Grisoft’s Web site. Here users will see whether the version they are using is current or whether updates must be downloaded.

The Search For Rootkits tab is the meat of the program and the reason users will download it in the first place.

Clicking the Search For Rootkits button triggers a search of stealth rootkit programs. The free AVG application tracks its progress in the progress bar at the menu’s bottom.

By default, the Search For Rootkits button only searches critical Windows directories on the root drive.

When no rootkits are found, AVG presents a congratulations window.

When rootkits are found, AVG displays those that are found (with information on the rootkit path and type). Users can then highlight the rootkit items in question and click the Remove Selected Items button to eliminate the offending files from their Windows systems.

With the In-Depth Search, however, AVG Anti-Rootkit searches for stealth rootkit files on all the hard drives and partitions within a system.

Just as with the simple rootkit search, the AVG Anti-Rootkit Free application tracks its progress as it works. Should users wish, they can terminate the search using the provided Stop button.

These are all the options a user can select when working with AVG’s free anti-rootkit program. By purposefully keeping the application easy to use, AVG engineers have created a free malware detection utility that’s the Right Tool for regular (personal) users seeking to check their systems for unwanted stealth software.

Download your copy here

RoboForm Automated Password Manager

RoboForm is an award-winning automated password manager and
web form filler with some serious Artificial Intelligence
that completely automates password entering and form
filling..

This is what it does:

AutoSave passwords in browser.

AutoFill passwords to login form.

Fill personal info into online forms.

Save offline passwords & notes.

Generate Secure Random Passwords.

Encrypt passwords and personal data using AES, Blowfish,
RC6, 3-DES or 1-DES algorithms.

All personal info is stored on your computer only.

Backup & Restore, Print your passwords.

It has NO ADWARE, NO SPYWARE.
Works under Windows as an add-on to IE-based browsers.
Works with Netscape, Mozilla, Firefox under Windows.

Memorizes your passwords and Logs You In automatically.

Fills long registration and checkout forms with one click.

Encrypts your passwords to achieve complete security.

Generates random passwords that hackers cannot guess.

Fights Phishing by filling passwords only on matching web
sites.

Defeats Keyloggers by not using keyboard to type passwords.

Backs up your passwords, Copies them between computers.

Synchronizes passwords between computers using GoodSync.

Searches for keywords in your passwords, notes and Internet.

Portable: RoboForm2Go runs from USB key, no install needed.

PDA-friendly: sync your passwords to Pocket PC and Palm.

Neutral: works with Internet Explorer, AOL/MSN, Firefox.

IE 7 and Vista are now supported.

Download Roboform here:
http://www.roboform.com/

Comprehensive Tutorials here:
http://www.roboform.com/tutorials.html

Watch it on Windows Media Player here

Securing Windows XP

With its default configurations, Windows XP is not very secure. However, by making some simple changes,you can secure your system and data from attackers and viruses.

Automatic Updates
Keeping your system up-to-date is crucial to maintaining security. Microsoft releases security updates and makes them available for download on the Windows Update web site.
Using the Automatic Updates feature, Windows XP can be configured to download and install updates for you automatically at a time that suits you.

Scheduling this task is very simple. In Windows XP, use the following steps to enable this feature:
1. Right click My Computer and select Properties.
2. Click the Automatic Updates tab from the System Properties box.
3. Select the option to Automatically download the updates, and install them on the schedule that I specify.
4. Select the day and the time when you want the updates installed.
5. Click Ok.

Windows Firewall
Windows XP includes the Internet Connection Firewall service. In Windows XP Service Pack 2, the ICF is renamed to Windows Firewall and it is enabled by default. It is designed to protect your computer from intruders while it is connected to the Internet.

Note: if you are setting up a home network, do not enable Windows Firewall on your LAN (Local Area Network)connection. Only enable it on the Internet connection. If you enable it on your LAN connection, it will block File and Printer Sharing.

Important NoteIf you are using Zone Alarm Free Firewall DO NOT enable the Windows Firewall.

User Accounts
Windows XP includes various built-in user accounts. There are certain steps that you should take to ensure they are not compromised.

Disable the Guest Account. The guest account has always been a huge hacker hole and should remain disabled if it is not required.

Require passwords for all user accounts. Obviously, blank passwords are a bad idea if you care about security.Make sure you assign passwords to all accounts, especiallythe Administrator account and any accounts with Administrator privileges. All passwords should be a minimum of eight characters in length.

In Windows XP Home Edition all user accounts have administrative privileges and no password by default.Make sure you close this hole as soon as possible.

Rename the Administrator account. By renaming the administrator account hackers will have to guess the password and the name assigned to the account.

Don’t make it easy for hackers, renaming the Administrator account will stop some hackers in their tracks, and will deter the more determined ones. They won’t know what the group permissions are for an account, so they’ll try to hack any account they find and then try to hack other accounts toimprove their access. If you rename the Administrator account, try not to use the word Admin in its name. Pick something that won’t make it easy for others to guess.

Remote Desktop
Windows XP Professional’s Remote Desktop allows users to connect remotely to your computer.Although it can be useful for obtaining remote assist with troubleshooting problems, it is also an open door for intruders. Remote Desktop should always be disabled and only enabled when it is needed.
To disable Remote Desktop right click on My Computer, select properties then click on the Remote tab and untick the check box beside Allow Remote Assistance invitations to be sent from this computer.

Anti-virus Software
Anti-virus software is a program designed specifically to detect and remove viruses, making it an essential application to install. Once you install anti-virus software,it will scan your computer and clean any viruses it finds.

Some of the more popular antivirus software programs are listed below, though I refuse to pay for these as mentioned below you can get the same protection for free.
1. Trend Micro
2. McAfee
3. F-secure
4. Symantec
5. Computer Associates
6. Panda Software
Most anti-virus software must be purchased or it may be included with the purchase of a new computer for a limited time.

I highly recommend the use of AVG-AntiVirus available fromhttp://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5

I have covered this with a tutorial athttp://cotojo.wordpress.com/2007/04/27/avg-anti-virus-installation-guide/

Important note: DO NOT use more than ONE anti-virus program on your pc as this will cause conflicts.

I prefer to use AVG which scans daily and also runs in the background continuously. On a monthly basis I use Trend Micro housecall online.

Screensavers
Ok, so you are sitting at your desk, or left it for a while and suddenly, a nice image appears on your screen. Ok it’s your screensaver. However, screensavers can serve a much more important purpose other than providing us some cool images, and preventing screen burn.

Enabling a screensaver can increase the security on your computer.
Use a password protected screensaver, this stops others from accessing your computer.
You can configure a screensaver to start when your computer has been idle for a specific amount of time (eg: 5minutes). By password protecting the screensaver, the computer is locked when the screensaver starts. This is a simple idea for additional security. You will need to enter the correct password to resume using your pc.
So once a password protected screensaver has been enabled,you can walk away from your computer knowing thateverything is secure. In Windows XP, you can use the steps outlined below to enable a password protected screensaver.
1. Right click a blank area on your your desktop and click Properties.
2. From the Display Properties dialog box, select the Screensaver tab.
3. Use the drop down arrow to select your screensaver of choice.
4. Change the Wait value to specify how long the computer can remain idle before the screensaver is started.
5. Select the On resume, password protect option. If you do not select this option any activity will cause the desktop to appear.

Give your pc a quick tune-up at http://pcpitstop.com
Run the Full Tests from the menu on the left of the page after creating a user account and password.

Go to http://www.belarc.com/free_download.html
The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes,anti-virus status, CIS (Center for Internet Security) benchmarks,and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server. I would recommend that you print off the results page as it contains details of your Drivers and Software License Keys, useful if you have to perform a format.

Scan for any viruses at http://housecall.trendmicro.com/

Check to see if your ports are Open, Closed or in Stealth mode athttps://www.grc.com/x/ne.dll?bh0bkyd2

Check your internet connection speed at
http://www.abeltronica.com/velocimetro/pt/?idioma=uk&newlang=uk
Click the green arrow beside the flag on the top right of the header and select your language. Scroll down to Speedometer and click on Test Now.

Remember to always back-up your system or create a restore point before making any changes.

Safe surfing everyone
cotojo

Securing Your Computer System

Today, more and more people are using their computers for
everything from communication to online banking and
investing to shopping. As we do these things on a more
regular basis, we open ourselves up to potential hackers,
attackers and crackers. While some may be looking to phish
your personal information and identity for resale, others
simply just want to use your computer as a platform from
which to attack other unknowing targets. Below are a few
easy, cost-effective steps you can take to make your
computer more secure.

1. Always make backups of important information and store
in a safe place separate from your computer.

2. Update and patch your operating system, web browser and
software frequently. If you have a Windows operating
system, start by going to www.windowsupdate.microsoft.com
and running the update wizard. This program will help you
find the latest patches for your Windows computer. Also go
to www.officeupdate.microsoft.com to locate possible
patches for your Office programs.

3. Install a firewall. Without a good firewall, viruses,
worms, Trojans, malware and adware can all easily access
your computer from the Internet. Consideration should be
given to the benefits and differences between hardware and
software based firewall programs.

4. Review your browser and email settings for optimum
security. Why should you do this? Active-X and JavaScript
are often used by hackers to plant malicious programs into
your computers. While cookies are relatively harmless in
terms of security concerns, they do still track your
movements on the Internet to build a profile of you. At a
minimum set your security setting for the “internet zone”
to High, and your “trusted sites zone” to Medium Low.

5. Install antivirus software and set for automatic
updates so that you receive the most current versions.

6. Do not open unknown email attachments. It is simply
not enough that you may recognize the address from which it
originates because many viruses can spread from a familiar
address.

7. Do not run programs from unknown origins. Also, do not
send these types of programs to friends and coworkers
because they contain funny or amusing stories or jokes.
They may contain a Trojans horse waiting to infect a
computer.

8. Disable hidden filename extensions. By default, the
Windows operating system is set to “hide file extensions
for known file types”. Disable this option so that file
extensions display in Windows. Some file extensions will,
by default, continue to remain hidden, but you are more
likely to see any unusual file extensions that do not
belong.

9. Turn off your computer and disconnect from the network
when not using the computer. A hacker can not attack your
computer when you are disconnected from the network or the
computer is off.

10. Consider making a boot disk on a floppy disk in case
your computer is damaged or compromised by a malicious
program. Obviously, you need to take this step before you
experience a hostile breach of your system.

To your safety and security online

cotojo

About Encryption and Making Your System Secure

To What does encryption do for me?
Encryption and cryptographic software has been used in many different ways to make systems more secure.
This article discusses only a few ways that such software can make your system more secure, including:

1) Encrypting your email

2) Encrypting your files

Two programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.

Will encryption stop people from accessing my information?
Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected. Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break.

Why bother to encrypt my email?
It should be noted that email is far less secure than paper mail for two very good reasons: first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.

How do I go about encrypting my email?
There are many programs out there that can help you encrypt your email. A very popular one is PGP (Pretty GoodPrivacy) or its Gnu offshoot GPG.
PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."

Why bother to encrypt my files?
The answer to this boils down to what you store on your computer. If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information. Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.

How do I go about encrypting my files?
AxCrypt File Encryption Software (http://axcrypt.sourceforge.net/) Self-described as "FreePersonal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."