Security

A firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. A personal firewall differs from a conventional firewall in terms of scale. Personal firewalls are typically designed for use by end-users. As a result, a personal firewall will usually protect only the computer on which it is installed. Many personal firewalls are able to control network traffic by prompting the user each time a connection is attempted and adapting security policy accordingly. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted. ...

There are good reasons to be suspicious of e-mail. Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender. Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all If an e-mail looks suspicious, don’t risk your personal information by responding to it. Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk. Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.” Do not “unsubscribe” unless the mail is from a known or trusted sender. Use the junk mail tools in your e-mail program. For example, Windows Live Hotmail gives you the option to unsubscribe from mail that you previously had trusted or requested. This sends a notice back to the sender to have you removed from their list, while at the same time automatically adding the sender to your block list. Approach links in e-mail messages with caution Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL. ...

A few clues can help you spot fraudulent e-mail messages or links within them. What does a phishing e-mail look like? Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data. Phishing e-mail messages take a number of forms: They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site. They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond. They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages. They might include links to spoofed Web sites where you are asked to enter personal information. Here is an example of what a phishing scam in an e-mail message might look like. ...

What is phishing? Phishing (pronounced “fishing”) is a type of online identity theft. It uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages with links to fraudulent Web sites that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity. ...

Spam is any kind of unwanted online communication. The most common form of spam is unwanted e-mail. You can also get text message spam, instant message spam (sometimes known as spim), and social networking spam. Some spam is annoying but harmless. However, some spam is part of an identity theft scam or another kind of fraud. Identity theft spam is often called a phishing scam. To protect yourself against e-mail spam, use e-mail software with built-in spam filtering. For a general guideline on protecting yourself from e-mail spams, please refer to the “Checklist: Protecting your business, your employees and your customers”.

If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage. Step 1: Report the incident Contact the following authorities: Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you. The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received. ...

If Sysinternals shows you what is running, OllyDbg shows you what a program is thinking — one x86 instruction at a time. In 2008 it is the standard debugger for 32-bit Windows binaries: unpack a crackme, trace a malware sample in a lab, or understand why an installer behaves oddly when the vendor will not answer support calls. OllyDbg 1.10 is the version most people use. It is freeware, debugger-only (no disassembler license debates), and extensible with plugins. ...

Google Chrome arrived yesterday as a Windows beta with a comic explaining multi-process tabs and a reputation for speed. Another browser is the last thing some people wanted. For web developers and security folks, it is a big signal: the rendering engine wars are back. Mac and Linux versions do not exist yet. This is a Windows-only beta — but the design choices are worth studying regardless of platform. What Is Different Separate processes per tab — one crash does not take down everything Sandboxing ambitions — harder for web content to touch the system V8 JavaScript engine — fast enough to change how web apps feel in the browser Minimal UI — the address bar doubles as search, fitting Google’s habits Incognito mode — private browsing without digging through menus Silent auto-update — patches ship without a user-facing version bump Chrome uses WebKit for rendering — the same engine family as Safari — with Google’s own V8 replacing JavaScriptCore for script execution. ...

Windows Vista launched to retail on January 30, and the usual mix of excitement and complaint followed immediately. Retail boxes promise security, search, and Aero glass. Forums fill with UAC prompt screenshots, driver complaints, and games that stutter on borderline hardware. Two weeks in, both sides look partly right. What Vista Gets Right User Account Control pushes installers toward proper permissions — even if users click Yes too often Windows Defender bundles baseline anti-spyware awareness BitLocker matters on business laptops with TPM chips (less on home PCs without it) Improved networking UI helps non-experts join Wi-Fi without breaking DNS Windows Search indexes documents faster than XP’s slow companion ReadyBoost offers a flash-drive speed boost on RAM-starved machines — modest, but noticeable What Frustrates People Prompt fatigue — UAC trains some users to click through everything without reading Performance on 512 MB–1 GB RAM systems feels sluggish compared to XP Driver hunting for printers, scanners, and older peripherals Games needing patches before they match XP smoothness Edition confusion — Home Basic, Home Premium, Business, Ultimate — each with different feature sets The “Vista Capable” vs “Vista Premium Ready” sticker mess does not help. Machines that can run Vista often cannot run Aero, and buyers feel misled. ...

When a Windows PC feels slow, popup-heavy, or “haunted,” Task Manager is not enough. The Sysinternals Suite from Mark Russinovich answers the question power users actually have: what is running, why, and who started it? Microsoft acquired Sysinternals in July 2006, but the tools remain free, still updated, and still the first thing I reach for on a troubled machine. Process Explorer: Task Manager with X-Ray Vision Process Explorer shows: ...