The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network since there is less rigor associated with the
protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet.

Host-Based Recommendations

Windows Host OS

1. Migrate to a Modern OS and Hardware Platform
Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP. Many of these security features are enabled by default and help prevent many common attack
vectors. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically.

2. Install a Comprehensive Host-Based Security Suite
A comprehensive host-based security suite provides support for anti-virus, anti-phishing, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. These services work collaboratively to provide a layered defense against most common threats. Several security suites today provide access to a cloud-based reputation service for leveraging corporate knowledge and history of malware and domains. Remember to enable any
automated update service within the suite to keep signatures up-to-date.

3. Limit Use of the Administrator Account
The first account that is typically created when configuring a Windows host for the first time is the local administrator account. A nonprivileged “user” account should be created and used for the bulk of activities conducted on the host to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host. Within Vista or Windows 7, administrative credentials can be easily accessed by right clicking on any application, selecting the “Run as Administrator” option, then providing the appropriate administrator password. Furthermore, all passwords associated with accounts on the host should be at least 10 characters long and be complex (include upper case, lower case, numbers, special characters).

4. Use a Web Browser with Sandboxing Capabilities
Several currently available third party web browsers now provide a sandboxing capability that can contain malware during execution thereby insulating the host operating system from exploitation. Most of these web browsers also provide a feature to auto-update or at least notify you when updates are available for download. Also, promising approaches that move the web browser into a virtual machine (VM) are starting to appear on the market but are not yet ready for mass consumer use.
5. Update to a PDF Reader with Sandboxing Capabilities
A sandbox provides protection from malicious code that may be contained in a PDF file. PDF files have become a popular technique for delivering malicious executables. Several commercial and open source PDF readers now provide sandboxing capabilities as well as block execution of embedded URLs (website links) by default.
6. Migrate to Microsoft Office 2007 or Later
If using Microsoft Office products for email, word processing, spreadsheets, presentations, or database applications, upgrade to Office 2007 or later and its XML format for storing documents. By default, the XML file formats do not execute embedded code when opened within Office 2007 or later products thereby protecting the user from malicious code delivered via Office documents. The Office 2010 suite also provides “Protected View” mode which opens documents in read-only mode thereby potentially minimizing the impact of a malicious file.
7. Keep Application Software Up-to-Date
Most home users do not have the time or patience to verify that all applications installed on their workstation are fully patched and upto- date. Since many applications do not have an automated update feature, attackers frequently
target these applications as a means to exploit a targeted host. Several products exist in the market which will quickly survey the software installed on your workstation and indicate which applications have reached end-of-life,
require a patch, or need updating. For some products, a link is conveniently provided in the report to download the latest update or patch.
8. Implement Full Disk Encryption (FDE) on Laptops
Windows 7 Ultimate as well as Vista Enterprise and Ultimate provide support for Bitlocker Full Disk Encryption (FDE) natively within the OS. For other versions of Windows, third party FDE products are available that will help prevent data disclosure in the event that a laptop is lost or stolen.
Apple Host OS
1. Maintain an Up-to-Date OS
Configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. The Apple iPad should be kept up-to-date as well and requires a physical connection (e.g., USB) to a host running iTunes in order to receive its updates. A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used.
2. Keep Third Party Application Software Up-to-Date
Periodically check key applications for updates. Several of these third party applications may have options to automatically check for updates. Legacy applications may require some research to determine their status.
3. Limit Use of the Privileged (Administrator Account)
The first account that is typically created when configuring a Mac host for the first time is the local administrator account. A non-privileged “user” account should be created and used for the bulk of activities conducted on the host
to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host.
4. Enable Data Protection on the iPad
The data protection feature on the iPad enhances hardware encryption by protecting the hardware encryption keys with a pass code. The pass code can be enabled by selecting “Settings,” then “General”, and finally “Pass
code.” After the pass code is set, the “Data protection is enabled” icon should be visible at the bottom of the screen. For iPads that have been upgraded from iOS 3, follow the instructions at: http://support.apple.com/kb/HT4175.
5. Implement FileVault on Mac OS Laptops
In the event that a Mac laptop is lost or stolen, FileVault (available in Mac OS X, v10.3 and later) can be used to encrypt the contents of a user’s home directory to prevent data loss.
Network Recommendations
1. Home Network Design
The Internet Service Provider (ISP) may provide a cable modem with routing and wireless capabilities as part of the consumer contract. To maximize the home user’s administration control over the routing and wireless device, deploy a separate personally-owned routing device (a) that connects to the ISP provided router/cable modem. Figure 1 depicts a typical home network configuration that provides the home user with the network infrastructure to
support multiple systems as well as wireless networking and IP telephony services (b).

figure 1

2. Implement WPA2 on Wireless Network
The wireless network should be protected using Wi-Fi Protected Access 2 (WPA2) instead of
WEP (Wired Equivalent Privacy). Using current technology, WEP encryption can be broken in minutes (if not seconds) by an attacker, which afterwards allows the attacker to view all traffic passed on the wireless network. It is important to note that older client systems and access points may not support WPA2 and will require a software or hardware upgrade. When researching for suitable replacement devices, ensure that the device is WPA2-Personal certified.
3. Limit Administration to Internal Network
Administration of home networking devicesshould be from the internal-facing network. When given the option, external remote administration should be disabled for network devices. Disabling remote administration
prevents an attacker from changing and possibly compromising the home network.
4. Implement an Alternate DNS Provider
The Domain Name Servers (DNS) provided by the ISP typically don’t provide enhanced security services such as the blocking and blacklisting of dangerous and infected web sites. Consider using either open source or commercial DNS providers to enhance web browsing security.
5. Implement Strong Passwords on all Network Devices
In addition to a strong and complex password on the wireless access point, a strong password
needs to be implemented on any network device that can be managed via a web interface. For instance, many network printers on the market today can be managed via a web interface to configure services, determine job status, and enable features such as email alerts and logging.
Operational Security (OPSEC)/Internet Behavior Recommendations
1. Traveling with Personal Mobile Devices
Many establishments (e.g., coffee shops, hotels, airports, etc.) offer wireless hotspots or kiosks for customers to access the Internet. Since the underlying infrastructure is unknown and security is often lax, these hotspots and
kiosks are susceptible to adversarial activity. The following options are recommended for those with a need to access the Internet while traveling:

a. Mobile devices (e.g., laptops, smart phones) should
utilize the cellular network (e.g., mobile Wi-Fi, 3G or 4G
services) to connect to the Internet instead of wireless
hotspots. This option often requires a service plan with a
cellular provider.
b. Regardless of the underlying network, users can setup
tunnels to a trusted VPN service provider. This option can
protect all traffic between the mobile device and the VPN
gateway from most malicious activities such as monitoring.
c. If using a hotspot is the only option for accessing
the Internet, then limit activities to web browsing. Avoid
accessing services that require user credentials or entering
personal information.
Whenever possible, maintain physical control over mobile devices while traveling. All portable devices are subject to physical attack given access and sufficient time. If a laptop must be left behind in a hotel room, the laptop should be powered down and have Full Disk Encryption enabled as discussed above.

2. Exchanging Home and Work Content Government maintained hosts are generally configured more securely and also have an enterprise infrastructure in place (email filtering, web content filtering, IDS, etc. ) for preventing
and detecting malicious content. Since many users do not exercise the same level of security on their home systems (e.g., limiting the use of administrative credentials), home systems are generally easier to compromise. The forwarding of content (e.g., emails or documents) from home systems to work systems either via email or removable media may put work systems at an increased risk of compromise. For those interactions that are solicited and expected, have the contact send any work-related correspondence to your work email account.
3. Storage of Personal Information on the Internet
Personal information which has traditionally been stored on a local computing device is steadily moving to the Internet cloud. Examples of information typically stored in the cloud include webmail, financial information, and personal information posted to social networking sites. Information in the cloud is difficult to remove and governed by the privacy policies and security of the hosting site. Individuals who post information to these webbased services should ask themselves “Who will have access to the information I am posting?” and “What controls do I have over how this information is stored and displayed?” before proceeding. Internet users should also be aware of personal information already published online by periodically searching for their personal information using popular Internet
search engines.
4. Use of Social Networking Sites
Social networking sites are an incredibly convenient and efficient means for sharing personal information with family and friends. This convenience also brings some level of risk; therefore, social network users should be cognizant of what personal data is shared and who has access to this data. Users should think twice about posting information such as address, phone number, place of employment, and other personal information that can be used to target or harass you. If available, consider limiting access to posted personal data to “friends only” and attempt to verify any new sharing requests either by phone or in person. When receiving content (such as third-party applications) from friends or new acquaintances, be wary that many recent attacks have leveraged the ease with which content is generally accepted within the social network community. This content appears to provide a new capability, when in fact there is some malicious component that is rarely apparent to the typical user. Also, several social networking
sites now provide a feature to opt-out of exposing your personal information to Internet search engines. A good recommendation is to periodically review the security policies and settings available from your social network
provider to determine if new features are available to protect your personal information.
5. Enable the Use of SSL Encryption
Application encryption (also called SSL or TLS) over the Internet protects the confidentiality of sensitive information while in transit. SSL also prevents people who can see your traffic (for example at a public WiFi hotspot) from being able to impersonate you when logging into web based applications (webmail, social networking sites, etc.). Whenever possible, web-based applications such as browsers should be set to force the use of SSL. Financial institutions rely heavily on the use of SSL to protect financial transactions while in transit. Many popular applications such as Facebook and Gmail have options to force all communication to use SSL by default. Most web browsers provide some indication that SSL is enabled, typically a lock symbol either next to the URL for the web page or within the status bar
along the bottom of the browser.
6. Email Best Practices
Personal email accounts, either web-based or local to your host, are common attack targets. The following recommendations will help reduce your exposure to email-based threats:
a. In order to limit exposure both at work and home,
consider using different usernames for home and work
email addresses. Unique usernames make it more difficult
for someone targeting your work account to also target you
via your personal accounts.
b. Setting out-of-office messages on personal email
accounts is not recommended, as this can confirm to
spammers that your email address is legitimate and also
provide awareness to unknown parties as to your activities.
c. Always use secure email protocols if possible when
accessing email, particularly if using a wireless network.
Secure email protocols include Secure IMAP and Secure
POP3. These protocols, or “always use SSL” for web-based
email, can be configured in the options for most email
clients. Secure email prevents others from reading email
while in transit between your computer and the mail server.
d. Unsolicited emails containing attachments or links
should be considered suspicious. If the identity of the
sender can’t be verified, consider deleting the email without
opening. For those emails with embedded links, open your
browser and navigate to the web site either by its wellknown
web address or search for the site using a common
search engine. Be wary of an email requesting personal
information such as a password or social security number.
Any web service that you currently conduct business with
should already have this information.

7. Password Management
Ensure that passwords and challenge responses are properly protected since they provide access to large amounts of personal and financial information. Passwords should be strong, unique for each account, and difficult to guess. A strong password should be at least 10 characters long and contain multiple character types (lowercase, uppercase, numbers, and special characters). A unique password should be used for each account to prevent an attacker from gaining access to multiple accounts if any one password is compromised. Disable the feature that allows programs to remember passwords and automatically enter them when required. Additionally, many online sites make use of password recovery or challenge questions. The answers to these questions should be something that no one else would know or find from Internet searches or public records. To prevent an attacker from leveraging personal information about yourself to answer challenge questions, consider providing a false answer to a fact-based question, assuming the response is unique and memorable.
8. Photo/GPS Integration
Many phones and some new point-and-shoot cameras embed the GPS coordinates for a particular location within a photo when taken. Care should be taken to limit exposure of these photos on the Internet, ensure these photos can only be seen by a trusted audience, or use a third-party tool to remove the coordinates before uploading to the Internet. These coordinates can be used to profile the habits and places frequented for a particular individual, as well as provide near-real time notifications of an individual’s location when uploaded directly from a smart phone. Some
services such as Facebook automatically strip out the GPS coordinates in order to protect the privacy of their users.

Enhanced ProtectionRecommendations
The following recommendations require a higher level of administrative skills to implement and maintain on home networks than the previous recommendations. These recommendations provide additional layers of security but may impact your web browsing experience or require some iteration to adjust settings to the appropriate thresholds.
1. Enhanced Wireless Router Configuration Settings
Additional protections can be applied to the wireless network to limit access. The following security mechanisms do not protect against the experienced attacker, but are very effective against a less experienced attacker.
a. MAC address or hardware address filtering enables the
wireless access point to only allow authorized systems to
associate with the wireless network. The hardware address
for all authorized hosts must be configured on the wireless
access point.
b. Limiting the transmit power of the wireless access
point will reduce the area of operation (signal strength)
of the wireless network. This capability curtails the home
wireless network from extending beyond the borders of a
home (e.g., parking lot or adjacent building).
c. SSID cloaking is a means to hide the SSID, the
name of a wireless network, from the wireless medium.
This technique is often used to prevent the detection of
wireless networks by war drivers. It is important to note
that enabling this capability prevents client systems from
finding the wireless network. Instead, the wireless settings
must be manually configured on all client systems.
d. Reducing the dynamic IP address pool or configuring
static IP addresses is another mechanism to limit access
to the wireless network. This provides an additional layer
of protection to MAC address filtering and prevents rogue
systems from connecting to the wireless network.
2. Disable Scripting Within the Web Browser
If using third party web browsers such as Firefox or Chrome, use NoScript (Firefox) or NotScript
(Chrome) to prevent the execution of scripts from untrusted domains. Disabling scripting can cause usability issues, but is an effective technique to reduce web bourne attacks.
3. Enable Data Execution Prevention (DEP) for all Programs
By default, DEP is only enabled for essential Windows programs and services. Some third party or legacy applications may not be compatible with DEP, and could possibly crash when run with DEP enabled. Any program that requires DEP to execute can be manually added to the DEP exemption list, but this requires some technical expertise.

See the full article from zdnet here>>

HTML stands for Hyper Text Markup Language. It is a type of computer language that is primarily used for files that are posted on the internet and viewed by web browsers. HTML files can also be sent via email.

Although it may seem complex to the uninitiated, HTML is relatively simple. All text, graphics, and design elements of a web page are “tagged” with codes that instruct the web browser how to display the files. Such files are easy to recognize because they contain the file extension such as ‘html’ or ‘htm.’

In addition to the page content itself, HTML files provide layout and formatting information. HTML is not case sensitive and can be easily updated after the file is created. For the novice web designer, there are many different software utilities and programs available to assist in generating HTML pages.

To format a simple text file into HTML, the user creates tags that start and finish with angle brackets. To end the formatting or change to another format, the HTML developer types the first angle bracket, a backslash, then repeats the command and closes the bracket. For example, ” <H1>What Is HTML?</H1> ” is the code used to create the heading at the top of this article.

There are different codes for all sorts of other formatting including italics, tables, paragraphs, etc. The “A” tag is used to designate words that are to be displayed as hyperlinks to other pages. It is important to note that, although all web browsers use HTML, each may interpret and display the code a little differently.

Since the development of HTML in the early 1990s by Tim Berners-Lee, there have been a number of changes and versions. These versions have been maintained by the World Wide Web Consortium (W3C) since 1996. In January 2008, the First Public Working Draft of HTML 5 was published by the working group that is developing this specification. Still under development, this revision is expected to dramatically change application development for the web.

To view a sample of HTML, a good place to start might be the code that was used to generate this very page. One can simply click on the “view” menu on the browser and then select “source.” It may look complicated, but once the limited number of tags are learned, one would discover that it is a relatively straightforward language.

source: http://www.wisegeek.com/what-is-html.htm

A software modem is a low-cost alternative to a standard hardware-based modem. While hardware modems contain all the parts necessary to connect to the internet, the software modem transfers some of that work to the computer’s processor.

Modems have two main components. The controller configures and dials the modem, and the datapump sends and receives data. Depending on the type of software modem, either the controller or the datapump or both might be replaced by software.

Because it has fewer parts, a software modem is typically much less expensive than a hardware modem. Most modern personal computers have built-in software modems. A software modem also requires less power than a standard modem, which can be a benefit for someone using a laptop computer that runs on a battery. They can also be easily upgraded simply by upgrading your software driver. And in the past, software modems could only be used for dial-up connections, but a DSL software modem is now an option.

The software modem has often been criticized for its drawbacks, though. Because it relies on the computer to perform many of its processes, a software modem can be a drag on a computer’s processor, leading to sluggish performance or disconnections. This can be particularly troubling for people who play games online, because the computer’s resources can be spread too thin between the game and the internet connection through a software modem. And because of its reliance on software, a software modem can become corrupt or can conflict with other software. On older computers or on non-Windows computers, there can also be issues with compatibility.

A software modem is generally not too difficult to identify. If a modem specifically requires a certain operating system or processor, it’s probably a software modem. And software modems typically can only run with Windows, so modem names containing the word “Win” can be a red flag.

source: http://www.wisegeek.com/what-is-a-software-modem.htm

A botnet (“robot network”) refers to multiple computers infected with remote-controlled software that allows a single hacker to run automated programs on the botnet behind the users’ backs. The remote-controlled software or rootkit is clandestinely installed in each computer, hiding its presence and tracks, making detection difficult. Meanwhile, the hacker can use the botnet for many purposes, including distributing spam, spreading Trojan horses, perpetuating phishing scams, or gathering information for identity theft or fraud.

When a compromised computer falls prey to a rootkit, the computer is referred to as a “zombie computer.” A hacker can install rootkits on many computers, essentially building a network of compromised “zombie computers” to run secretive bots or services for the hacker. In the underground niche of botnet operators, there is much competition to have the largest or most powerful botnet. Not only are individual computers at risk, but so too are the networks of major private companies, government and even the military.

Botnets are a major source of crime on the Internet. Some operators “rent” their botnets by the hour to spammers. Internet Service Providers (ISPs) disallow spamming, but when thousands or hundreds of thousands of machines send five or ten pieces of spam, the spammer escapes notice. Furthermore, spam sent through a botnet tracks back to the compromised computers, not to the spammer.

Botnets are also used to perpetuate phishing scams by sending emails that appear to come from legitimate companies like financial institutions, eBay or PayPal. The email typically asks for sensitive personal information, which victims often provide. This information goes directly to the operator of the botnet for personal gain.

An operator can also use a botnet to launch a Distributed Denial of Service (DDoS) attack against a website. The computers in the botnet are sent a command prompting them to contact a specific webpage simultaneously. This can cause the website server to crash from an overload of traffic requests. Getting the server and the website back online can take time and disrupt business. DDoS attacks are often carried out against large, well-known companies and have been widely reportedly as costing millions of dollars.

Click-fraud is yet another scam perpetrated by some botnet operators. Advertisers commonly pay a small fee for every click on an advertised link that appears on a webpage. A botnet operator with an advertising contract on a personal domain can send a command to the computers in the compromised network to automatically click an advertising link whenever a browser is opened. Considering a botnet can be very large, click-fraud poses a considerable problem for advertisers.

In October 2005, Dutch police uncovered a major botnet consisting of 1.5 million compromised computers. The zombie network was allegedly run by three individuals in their twenties. Botnets are becoming more widespread with the United States believed to be the country most affected, housing some 26% of all botnets by some estimates. As many as 25% of all US computers might be part of a botnet, though it is difficult to know if such statistics are accurate.

What is certain is that botnets are widespread and growing, even attracting teenagers known as “script kiddies” who compete in building botnets. As a result, savvy computer users and administrators are taking steps to guard against rootkits that hand over access to hackers and script kiddies. Anti-rootkit software can be used to scan for existing rootkits, and other precautions can also be taken to minimize the risks of becoming part of a botnet.

source: http://www.wisegeek.com/what-is-a-botnet.htm

Man in the middle attacks are one of the several devices that are used to gain access to proprietary information, such as pass codes, login credentials, and credit card numbers. The process essentially involves establishing a virus that acts as the interface between two points. Neither party in the exchange is aware that the information that is exchanged is intercepted and captured by the intermediate virus.

The concept of a man in the middle attack predates the inception of the personal computer and widespread use of the Internet. Even in earlier days, intelligence operations would employ the idea of establishing a third party who would in effect initiate a dual interface with two other parties. Each of the other two parties would assume they were involved in a direct connection with one another, not realizing that the third party was intercepting, interpreting and then passing on the communication.

With the advent of desktop computers and their common use in the home and just about every type of business, the man in the middle concept was quickly translated to work in the new medium. By securing the public key for one of the parties in the exchange, the attacker is able to pretend to be that user. The attacker then sends his or her public key to the second party, but pretends to be the originating party. From that point forward, all information exchanged during the transaction is routed through the attacker, who is free to copy the data for use at a later date.

The key to a successful man in the middle operation is making sure that neither of the parties is aware of the presence of the attacker. This means that the attacker must take steps to maintain a low profile and not call attention to the fact that data is being routed through an additional step before reaching the intended destination. Unfortunately, when an exchange is not secured, this is not a difficult task.

There are several ways to combat a man in the middle attack. Over time, more robust methods of creating and verifying secure authentication and coded public keys have been developed. Many banks have gone to using encrypted secondary data that must be verified before a transaction can take place. Online businesses have begun to employ such methods as secret keys to verify the true identity of a customer before processing an order.

All these methods have helped to minimize the impact of the man in the middle strategy. However, there are many web sites that remain unprotected and thus vulnerable to this type of attack. For this reason, Internet users should never enter private information into any site unless it is possible to verify the authenticity and secure nature of the site first.

source: http://www.wisegeek.com/what-is-a-man-in-the-middle-attack.htm

“Tethering” is the use of your cell phone — or other Internet-enabled mobile device — as a modem for another device, usually a notebook or PDA. The connection is made either with a cable (USB or serial) or wirelessly through bluetooth (or, in the good old days, via infrared or IrDA).

Benefits of Tethering

Tethering enables users to go online from their laptops or PDAs in situations where there’s no other means of Internet access: when there’s no wi-fi hotspot around, for example, or your cable modem goes on the fritz, or you’re on a dirt road in the middle of nowhere and need an online map quick … you get the idea.

If you’re already paying for data service on your cell phone and your cellular provider doesn’t require any extra fees for using your cell phone as a modem for your laptop, tethering can also save you money, since you won’t have to pay for separate mobile broadband service or buy additional hardware just to get your laptop connected.

You can also surf the web more securely using a tethered cell phone, because your information is being sent directly through the phone versus, for example, over a public open wireless hotspot.

You may also conserve some laptop battery power, because you can turn off wi-fi on your laptop while you use your tethered cellular modem.

Tethering Issues or Obstacles

Using your cell phone’s data service for your laptop will, however, drain the phone’s battery more quickly, especially if you’re using bluetooth to connect. If you have a USB port on your laptop that can also charge devices, tethering via USB would be a better way to connect.

Also, keep in mind that the speed you get on a tethered device may not be as fast as you might expect even on the cell phone itself because the information has to take that extra step over the air or through the wire (USB connections will generally be faster than bluetooth). Even with 3G service on your handset, upload and download speeds will typically be less than 1 Mbps. If you’re in an area not covered by mobile broadband, you’ll likely get speeds only a few times faster than dial-up.

You also may not be able to use your voice service on the cell phone while it is tethered, depending on your particular phone and connection method.

The biggest obstacle, though, is just being able to tether your cell phone to your laptop at all. Each wireless carrier has a different set of rules and service plans for allowing tethering, and each cell phone device may have its own limitations. How to tether your cell phone will largely depend on your cell phone service provider and your cell phone model.

source: http://mobileoffice.about.com/od/phonesformobileworkers/f/what-is-tethering.htm

Scareware refers to bogus sales tactics designed to scare a user into thinking his or her computer contains critical errors or viruses that must be fixed immediately. For a price, scareware ads offer an instant solution in the form of downloadable software. In some cases this software is harmless, in other cases the software meant to fix non-existent errors is actually spyware or some form of malware itself, victimizing consumers twice.

A scareware ad might pop-up at any time when cruising the Web. The ad can resemble a Microsoft window or it might trigger an actual window, leading people to believe the message is being generated by their own operating system. The pop-up warns the user that the computer is compromised in one or more ways and requires a fix. The warning might cite viruses or system errors such as registry errors. Clicking an “OK” button will take the user to the download site to buy the “fix.”

Regular scanning with legitimate software is part of routine computer maintenance. Registry scanners will look for orphaned pointers, missing values, uninstalled leftovers and other bits of incorrect data that can slow performance. Many websites employ online scanners that will comb a visitor’s registry looking for problems. Registry problems can be found in nearly every scan, and most errors don’t amount to much more than housekeeping. Websites dedicated to selling scareware use online scanners that will report nonexistent problems presenting them as extremely critical, urging the victim to buy software to avoid certain disaster.

Microsoft™ Corp. has little tolerance for scareware tactics that reflect poorly on its operating systems (OSs), making them appear more vulnerable than they actually are. In 2005, Microsoft joined forces with the state of Washington to sue Secure Computer for Spyware Cleaner, scareware that falsely reported the presence of spyware. The suit cost Secure Computer one million US dollars to settle. In September 2008, the software giant joined forces with Washington once again to name several alleged scareware companies in a similar scareware suit.

To avoid being targeted by scareware companies, employ a pop-up blocker configured to block third-party sites. If using XP SP1, upgrade to SP2 or disable Windows Messenger (versus Windows Live messenger), as this can be an entry point for malicious scripts. If you want to use an online scanner, look for recommendations from reputable sources like PCWorld or Tom’s Hardware. Better yet, download a reliable scanner and use it from your hard drive. If you practice good maintenance habits and have the usual guardian programs running, you have little reason to fear infections or errors.

If a pop-up does occur, it should be generated from one of your installed programs. Firewalls, anti-virus programs, anti-spyware and registry cleaners all utilize warning pop-up windows that include the program’s name to identify which software program is alerting. If the pop-up is a true Windows system alert, it will likely only warn that a program must close or that some unexpected function occurred. These are informative pop-ups rather than ‘curative.’ Windows automatic update, if enabled, might recommend the user download a patch or upgrade, but the patch should be from Microsoft, free of charge.

source: http://www.wisegeek.com/what-is-scareware.htm

The most important difference between a trojan virus/trojan horse and a virus is that trojans don’t spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up dowloading the virus disguised as some other application. The name comes from the mythical “Trojan Horse” that the Ancient Greeks set upon the city of Troy.

A trojan horse is typically separated into two parts – a server and a client. It’s the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. Once the client Trojan executes on your computer, the attacker, i.e. the person running the server, has a high level of control over your computer, which can lead to destructive effects depending on the attacker’s purpose.

A trojan horse virus can spread in a number of ways. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Another method used by malware developers to spread their trojan horse viruses is via chat software such as Yahoo Messenger and Skype. Another method used by this virus in order to infect other machines is through sending copies of itself to the people in the address book of a user whose computer has already been infected by the virus.

Types of Trojan Horse Viruses

Trojan Horses have developed to a remarkable level of cleverness, which makes each one radically different from each other. For an inclusive understanding, we have classified them into the following:

Remote Access Trojans

Remote Access Trojans are the most frequently available trojans. These give an attacker absolute control over the victim’s computers. The attacker can go through the files and access any personal information about the user that may be stored in the files, such as credit card numbers, passwords, and vital financial documents.

Password Sending Trojans

The intention of a Password Sending Trojan is to copy all the cached passwords and look for other passwords as you key them into your computer, and send them to particular email addresses. These actions are performed without the awareness of the users. Passwords for restricted websites, messaging services, FTP services and email services come under direct threat with this kind of trojan.

Key Loggers

Key Loggers type of Trojans logs victims’ keystrokes and then send the log files to the attacker. It then searches for passwords or other sensitive data in the log files. Most of the Key Loggers come with two functions, such as online and offline recording. Of course, they can be configured to send the log file to a specific email address on a daily basis.

Destructive Trojans

The only purpose of Destructive Trojans is to destroy and delete files from the victims’ computers. They can automatically delete all the core system files of the computer. The destructive trojan could be controlled by the attacker or could be programmed to strike like a logic bomb, starting on a particular day or at specific time.

Denial of Service (DoS) Attack Trojans

The core design intention behind Denial of Service (DoS) Attack Trojan is to produce a lot of internet traffic on the victim’s computer or server, to the point that the Internet connection becomes too congested to let anyone visit a website or download something. An additional variation of DoS Trojan is the Mail-Bomb Trojan, whose key plan is to infect as many computers as possible, concurrently attacking numerous email addresses with haphazard subjects and contents that cannot be filtered.

Proxy/Wingate Trojans

Proxy/Wingate Trojans convert the victim’s computer into a Proxy/Wingate server. That way, the infected computer is accessible to the entire globe to be used for anonymous access to a variety of unsafe Internet services. The attacker can register domains or access pornographic websites with stolen credit cards or do related illegal activities without being traced.

FTP Trojans

FTP Trojans are possibly the most simple, and are outdated. The only action they perform is, open a port numbered 21 – the port for FTP transfers – and let anyone connect to your computer via FTP protocol. Advance versions are password-protected, so only the attacker can connect to your computer.

Software Detection Killers

Software Detection Killers kill popular antivirus/firewall programs that guard your computer to give the attacker access to the victim’s machine.

Note: A Trojan could have any one or a combination of the above mentioned functionalities.

The best way to prevent a Trojan Horse Virus from entering and infecting your computer is to never open email attachments or files that have been sent by unknown senders. However, not all files we can receive are guaranteed to be virus-free. With this, a good way of protecting your PC against malicious programs such as this harmful application is to install and update an antivirus program.

source: http://www.reuters.com/article

Bandwidth, data and speed are closely related terms and are sometimes used interchangeably. The amount of bandwidth that a computer connection is allotted determines how much data can be downloaded per second, or transferred from the Internet to the computer. More bandwidth equals more data per second, which translates to more speed. In some cases a bandwidth limit refers to a speed limit, and in other cases it refers to a data limit.

For example, broadband Internet services sell access plans based on speed, limiting bandwidth according to each plan. Plans with higher bandwidth limits are more expensive, but faster.

Luckily plans usually include unlimited access, so you don’t have to worry about a bandwidth limit in terms of data download. Every time you visit a webpage, after all, the page must be transferred to your computer, constituting a download. This says nothing of files, programs, videos and music you might download. Who then, has to worry about bandwidth limits?

Actually, many online services impose caps on the amount of data that can be downloaded over a set period of time. Depending on the service, data limits might apply to surfing as well as to downloading files or programs. A bandwidth limit might also apply to personal domains. Let’s take a closer look at a few examples of services that might impose a bandwidth limit.

Subscribers of mobile broadband (Internet access supplied over cellular towers), commonly apply bandwidth limits. Typically an account is allotted a large block of “free” data with charges applying for every Megabyte downloaded past the allotted amount. If the account is contractual, the allotted amount refreshes or starts over every month. If the account is pay as you go, the bandwidth limit applies to the segment of time purchased.

More commonly, we have bandwidth limits associated with domains. If you have a personal domain, the website host service likely imposes a monthly bandwidth limit on your account. Every time someone visits your website, your account racks up a download deficit that counts against your monthly allowance. The more pages visited, the more your allowance is whittled away. If you have a very low bandwidth limit and a very popular website, you might find yourself paying extra charges or having to upgrade the plan to increase the site’s allotment.

Another example where you might encounter a bandwidth limit is when subscribing to a USENET newsgroup service. Services that sell access to binary newsgroups where people can share large files typically cap accounts with a bandwidth limit that prevents downloading more data from the news server than has been allotted for the month. Some newsgroup services offer plans that charge a flat monthly fee for unlimited downloads, eliminating the limit.

If you have to watch your bandwidth, consider installing a bandwidth monitor. Many of these little programs are free and will keep a running tally of downloads along with displaying real-time connection speeds. Some programs will also sound an alert at user-configurable points to announce and approaching threshold, allowing you to make better decisions about how to spend the rest of your bandwidth allotment.

If you’re only concerned about your website’s bandwidth limit, most host services feature a built-in monitor accessible through the site’s administration interface. In addition to seeing how much bandwidth your account has left for the month, the host might also provide traffic analysis, information that can help you improve site content.

source: http://www.wisegeek.com/what-is-a-bandwidth-limit.htm

Round Robin DNS (domain name server) is a creative way to lighten the server and bandwidth requirements of hosting websites by using a series of IP addresses. This technique is particularly useful to companies whose websites get a very large number of hits and/or a large number of bandwidth-consuming downloads.

Through a careful series of protocols, companies implement Round Robin DNS by assigning a set number of IP addresses to rotate the responsibility of allowing website users to access the company’s website. Think of these IP addresses as A, B, C, and D. When the first user accesses the website, Round Robin DNS takes the user to address A. The second user gets taken to address B, and so on. Once A is used, it goes to the back of the line; so the fifth user accesses address A.

The name of the protocol is just a clue as to what actually happens, however. Despite the sequential nature of the example, the IP addresses are not assigned in sequential order. Rather, they get assigned in random order. Like a round robin sports tournament, in which one team plays every other team, Round Robin DNS will, if allowed, assign to one user every IP address available. This does not happen every time, of course, but it is conceivable.

The users don’t see any of this, of course. Every single user who accesses that company’s website sees exactly what they’re supposed to see. The vast majority of websites display a domain name that is letters, not numbers. With Round Robin DNS, however, one particular IP address doesn’t have to accept every single hit. Round Robin DNS is routinely used by companies that have multiple versions of the same web page residing on different servers, but individual website owners use the protocol as well for the very same reason.

source: http://www.wisegeek.com/what-is-round-robin-dns.htm