With trustworthy antivirus, you'll get along just fine

It’s OK to download antivirus from the internet, as long as…

It’s completely safe to download antivirus, as long as you take good care of certain things. Despite many warnings and prevention measures that computer security experts have been saying, to download antivirus from an authority site is completely safe. These are cares that you should take when you have to download antivirus software from the internet:

1. Only download from authority sites, sites that are trustworthy (either after you buy a commercial license or just want to try a trial ware). These sites come with such addresses:
1. http://www.bitdefender.com,
2. http://www.kaspersky.com,
3. http://www.symantec.com,
4. http://www.avast.com,
5. http://www.avg.com, and many more.
2. Make sure you’re not entering a phising site. A phising site is actually a fake site that looks like the real site itself. So how do I know if it’s a phising site? It’s easy. Just compare the http address in the Address bar (or Navigation bar in Firefox) with the name and address that the site is claiming. The Top Level Domain (TLD) and the second level domain should be the same. For example, a phising site of www.bitdefender.com could just have an address that looks like http://www.bitdefender.somedomainname.com or maybe even something less obvious.
3. Don’t fall prey to sites claiming that your system is infected with virus, worm or spyware and telling you to download antivirus right now. No online system can determine that a system is compromised by a certain malware without thorough scanning and previously installed plugins or extensions. Online Scan systems that are trustworthy are there, but still they need some extensions and plugins to be installed first, before they can claim that an infection exists on your system. They need to scan first right? Well, that could be a time consuming task, don’t you think? Then, how can a single page just tell us that our system is infected without it even scanning?
4. Stick to the old school ways of protecting your computer system when you should download antivirus: the three points above. But you can do it any other way provided you gain much knowledge in do-it-yourself on computer security and things about network security software first.
with trustworthy antivirus, youll get along just fine

with trustworthy antivirus, you'll get along just fine


That’s all?
So, don’t worry, follow the lines, or increase your knowledge. Either way, you’ll get along just fine. But right now, if you just want to download antivirus, these are free to download antivirus software that I have personally proven to be trustworthy antivirus software.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

Is Windows 7 a Grand Slam Hit?

Recent surveys suggest that businesses are ready to embrace and deploy Windows 7 en masse as soon as Redmond makes it available. Traditionally, businesses are slow to adopt new operating systems. Its like waiting for the second model year of a new automobile make. You want some other sucker to take care of the extended Beta testing affectionately known as the initial release.

That philosophy has led many organizations to hang on to Windows XP and forego Windows Vista entirely. Some organizations simply waited for Windows Vista Service Pack 1 (SP1), but by that time Vista had gotten a lot of negative press and developed somewhat of a bad reputation. One can debate whether the press was factual or whether the reputation was deserved, but the bottom line is that many enterprises simply decided that Windows XP was comfortable and that Windows Vista wasn’t worth the risk.

Windows 7 on the other hand has been getting rave reviews since the Beta version has been available. Computer experts from all fields all the way down to consumers love the new operating system. Features such as DirectAccess and BranchCache also provide solid business justifications for upgrading and have the potential for changing the way enterprises work with their growing remote sites and roaming work force.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

Obama's Cyber Czar Offers Few Details on Govt. Strategy

Those who were hoping to hear details today about how the Obama administration plans to revamp the government's approach to cyber security threats may have to wait a little while longer.

In a much-anticipated speech at the RSA security conference in San Francisco today, Melissa Hathaway, the White House's top cyber official, instead highlighted all of the meetings, studies, and recommendations that have informed the administration's 60-day cyberspace policy review, which was completed last week. But details about how the administration might seek to organize and streamline the government's cyber efforts were lacking.

Much of the coverage of the administration's cyber review has focused on the power struggle on cyber underway between the Department of Homeland Security and the National Security Agency. The Obama administration also is finalizing plans for a new Pentagon command to coordinate the security of military computer networks and to develop new offensive cyber weapons. Meanwhile, civil liberty advocates are concerned that the government's effort to define cyber security in broad economic and national security terms could sweep virtually every aspect of American life into the mix.

Hathaway seemed to acknowledge this tension in her speech:

Previous attempts to deal with cyber security in isolation have failed, in no small part, because they were perceived to be in conflict with the broader societal goals of progress and innovation, civil liberties and privacy rights. However, cyber security only succeeds in the context of broader economic progress. At times, it was a destination in itself, rather than a compass that guides us toward our objective. If treated in a broader context, cyber security will enable higher and far reaching national goals, have better acceptance, and as a result, a greater chance for success. Our goals depend on trust, and trust cannot be achieved if people believe that they are vulnerable to fraud and theft or if they cannot depend upon the resources (infrastructure services, i.e., water, power, telephone service) being available when needed most. At the same time, security has no meaning if the application that serves society no longer is practical or usable. Stated differently, progress and security must not viewed in a zero-sum fashion.

Hathaway did say more about the economic aspects of cyber (in)security than I've heard recently from a top government official, which is encouraging. The government's usual approach in discussing the nation's cyber threats is to couch the issue in cyber terrorism dimensions. However, early in her keynote, Hathaway made an apparent reference to a data breach last year at payment processor RBS Worldpay. In that complex, multi-stage attack, hackers were able to inflate the dollar value of stolen payroll cards that were then used by a small army of hired hands who made coordinated withdrawals of millions of dollars from ATMs around the world.

"One recent example from November 2008 illustrates both the speed and the scope of these challenges. In a single 30-minute period, 130 automated teller machines in 49 cities around the world were illicitly emptied. These and other risks have the potential to undermine our confidence in the information systems that underlie our economic and
national security interests."

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

Congress Investigating P2P Data Breaches

A key oversight panel in the House of Representatives said this week that it is re-opening an investigation into the "indavertent sharing" of sensitive government and consumer data through popular peer-to-peer file swapping programs such as BearShare and Limewire.

The inquiry from the House Committee on Oversight and Government Reform comes just weeks after revelations that blueprints for Marine One -- President Barack Obama's helicopter -- were being traded on P2P networks.

Committee Chairman Edolphus Towns (D-N.Y.) and ranking Republican Darrell E. Issa (Calif.) sent a letter (PDF) to Attorney General Eric Holder, asking the Justice Department to detail what it is doing to protect Americans from the dangers of data breaches via P2P networks. The committee also asked (PDF) Federal Trade Commission Chairman Jonathan Leibowitz what his agency was doing to investigate P2P networks, and whether the makers of P2P software were adequately disclosing to consumers the risks associated with using the programs.

In addition, the panel demanded answers (PDF) from Mark Gorton, chairman of The Lime Group, the New York, N.Y., company whose software powers the Limewire network. Gorton's office did not return calls seeking comment by the time of publication.

At a hearing before the committee on P2P-based breaches in July 2007, the committee heard testimony from witnesses who obtained bank records, health records, military files, tax returns, corporate documents, and other sensitive documents through LimeWire. Gorton told the committee he was unaware that classified information was available over the network and that people were searching for credit card data via P2P.

"It appears that nearly two years after your commitment to make significant changes in the software, LimeWire and other P2P providers have not taken adequate steps to address this critical problem," Towns wrote.

The committee went on to list a series of recent high-profile data breaches attributed to P2P use. For example:

-In March, A 35-year-old Seattle man was sentenced to 51 months in jail for stealing banking and credit information from file-sharing users, and then using that data to open fraudulent credit accounts or make unauthorized purchases.

-On Feb. 23, a Dartmouth College professor published paper reporting that over a two-week period he was able to search a P2P network and uncover tens of thousands of medical files containing names, addresses, and Social Security numbers for patients seeking treatment for conditions such as AIDS, cancer, and mental health problems. The professor found links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors.

-On July 9, 2008, The Washington Post reported that an employee of an investment firm who allegedly used LimeWire to trade music or movies inadvertently exposed the names, dates of birth, and Social Security numbers of about 2,000 of the firm's clients, including Supreme Court Justice Stephen Breyer.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

Cyber Spies Breach Pentagon's Fighter Jet Project

Cyber spies have broken into the Pentagon's $300 billion Joint Strike Fighter project - the defense department's costliest weapons program ever, according to the lead item in today's Wall Street Journal.

From the story:

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.

Attacks like these -- or U.S. awareness of them -- appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going.

The disclosure is the latest tale of cyber espionage told by unnamed current and former government officials. Last week, a Journal story quoting an anonymous official saying Chinese and Russian hackers had infiltrated the U.S. electrical grid electrified the news media and blogosphere, even though the piece was otherwise bereft of verifiable details.

In commenting on last week's revelations, Wired.com blogger Kevin Poulsen suggests that the conclusion we are to reach from these events is obvious:

"Chinese Superhackers Are Our Superiors. No, wait. That's not it. I know ... Only the intelligence agencies are equipped to protect us from foreign cyber attacks."

Indeed, the timing of these stories is hard to ignore. The National Security Agency is engaged in a bid to assume control over government-wide cybersecurity efforts.

As it stands, no single entity is in charge of protecting the dot-mil space, and responsibility for the security of civilian government networks has been left to the Department of Homeland Security. Last month, a top cyber security official at DHS resigned his post, citing what he called the NSA's tightening grip on government cyber security matters.

A major DHS project to monitor federal networks for signs of cyber intrusions - dubbed "Einstein" - has by most accounts failed, despite many years and tens of millions of taxpayer dollars spent on the program. Critics of DHS said the department failed on Einstein because it lacks the supercomputing power that it takes to simultaneously hoover up huge amounts of Internet data flows and analyze them in real time. The only agency with the experience and ability to do this is the NSA, several current and former government officials told a Washington Post reporter recently.

"Last year, then-Director of National Intelligence Mike McConnell wrote Gates a letter recommending the establishment of a national cyber command, led by the NSA director," my colleague Ellen Nakashima wrote last week. "Among his missions would be that of supporting DHS in protecting the civilian networks through the cyber plan."

Meanwhile, lawmakers on Capitol Hill say they will continue investigating reports that the NSA had swept up the communications of Americans while targeting foreign groups and individuals, Nakashima writes.

Last Friday, the Obama administration wrapped up its 60-day review of the previous administration's Comprehensive National Cybersecurity Initiative. A White House spokesman said in a statement that the administration will begin discussing the results "after the president has had an opportunity to carefully review the group's effort." A hint of what's in store may come this week: Melissa Hathaway, the National Security Council official who has been leading that group, is expected to deliver the keynote address Wednesday at the RSA Security conference in San Francisco.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

World's First Mac Botnet? Not Quite.

This morning, as I scrolled down the list of security Web sites I normally check via my RSS reader, I noticed several items referencing news about the "world's first Mac botnet." As I read on, it became clear this was neither news nor a first.

Ryan Naraine from ZDNet.com writes about a paper released via Virus Bulletin (subscription required) by a pair of Symantec researchers who found what was described as "the first Mac OS X botnet launching denial-of-service attacks."

The story goes on to describe how the researchers traced the botnet back to Mac users who had installed pirated copies of Apple's iWork 2009 software. Back in January, many tech outlets wrote about a Trojan that was being distributed with copies of iWork 2009, that was available on Bittorrent and other file-sharing services.

In my own coverage of that Trojan, I interviewed Pete Yandell, a software developer from Australia and curator of notahat.com, whose Mac was infected with this malware. Yandell informed me that as a result of his installing this modified iWork software, his Mac was ensnared in a botnet that was attacking a Web site called dollarcardmarketing.com.

In that story, I also interviewed the owner of dollarcardmarketing, who said his site was hit with a distributed denial of service (DDoS) attack that generated more than 600Gb worth of Web traffic more than the usual monthly amount, suggesting that whatever botnet hit his site was fairly sizable.

As Yandell posted on his site back in January, this Mac botnet was described as being orchestrated by a PHP script, running as root on the infected system. Turns out, in a March 2006 post titled When Macs Attack, I reported on the existence of a DDoS botnet that included Mac OS X systems. The botnet was being controlled by a script that took advantage of insecure installations of PHP running on Mac OS X systems as root.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.

WEBSITES FLAW : Creating a Public Nuisance with Insecure Web Sites

Thousands of Web sites that were cited last year for harboring security flaws that could be used to attack others online remain a hazard and an eyesore along the information superhighway.

At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user -- usually from something like a search box or e-mail form -- but do not prevent users from entering malicious code or other instructions.

Once the code is entered, the URL that the Web site spits back can then be used for phishing scams. Unlike other scams, the URLs used in these cases look more legitimate. A typical XSS attack usually goes like this: The bad guys send out e-mails designed to look like they were sent by a trusted e-commerce company. The e-mails instruct recipients to click on a link and update their account information. Instead of directing them to a purely fraudulent site -- i.e., the hacker's own copy of a real login form -- the link puts the visitor on the Web site of the trusted brand, thereby giving it a legitimate URL. The page, however, has been manipulated to display content controlled by the attacker.

xssed.jpg

One site which does a tremendous job cataloging these XSS flaws is xssed.com, which listed nearly 13,000 Web pages that hosted XSS vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, craigslist.com and cnn.com.

According to the latest Internet Security Threat Report from Symantec Corp., only 3 percent of those XSS flaws recorded at xssed.com last year were fixed. Ironically, Symantec's own site was recently featured on xssed.com as vulnerable to a nasty XSS flaw (Symantec has since fixed the problem).

XSS bugs can even be used to power Web-based worms. This past week, a series of worms took advantage of XSS flaws on micro-blogging site Twitter.com to annoy and frighten thousands of Twitterers. While the worms were otherwise harmless, rogue anti-virus vendors have begun seizing on public interest in the outbreaks by gaming search engine results to send curious searchers to booby-trapped sites that try to foist worthless and invasive software.

XSS flaws are some of the most common Web site vulnerabilities, but they are also usually fairly simple to fix. If your site is listed on xssed.com, or you'd simply like to know more about how to make sure your site isn't contributing to the problem, check out this primer from the Open Web Applications Security Project (OWASP). While you're there, you might want to take a look at some of the other best-practices documents they have available.

Interestingly, the login page for the official Web site of the RSA Conference next week in San Francisco, arguably the largest gathering of security company executives on the planet, contains a security flaw that could let attackers abuse the trust people place in the site, and RSA's brand. This vulnerability is a type of weakness often confused with XSS, called "cross-site request forgery" (CSRF).

An attacker could use this flaw in the RSA site as a launching pad to silently redirect users to another Web site, or potentially to corrupt the site's own database of registered users, said Lance James, founder of Secure Science Corp. and author of the book Phishing Exposed.

"With the clever methods of attack these days, such as poisoning search terms, having a vulnerability within a popular security conference could be devastating," James said.

RSA, if you're reading, OWASP has some decent primers on how to mitigate CSRF attacks as well.

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.