These days, privacy is getting pretty hard to come by. Your boss checks your Facebook, your mom sees what you’re looking at on YouTube, and anyone who Googles your name can find out about that embarrassing incident at the IHOP.
That’s why we think you should at least be able to find some peace of mind on your own PC. With that in mind, we’ve prepared a quick guide for keeping files and folders on your computer hidden from prying eyes. We’ll cover four different ways to accomplish this, from the mundane to the nigh-unbreakable.
AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Securitycited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here.
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
AutoPlay no longer supports AutoRun on non-optical removable media. An autorun.inf file on a USB or other type of non-optical removable media will be disregarded. Only AutoPlay options that pertain to the types of files on the media will be listed.
When AutoPlay displays programs present on the media, the dialog now states that those programs will be run from the media.
To learn more about these changes, and to find out what other Microsoft operating systems will eventually get similar protection, join us after the jump.
Softpedia reports that pirated copies of Windows 7 will be provided with security updates, update rollups, and even service packs. What is Microsoft thinking? Is Redmond promoting piracy?
The idea of providing security and other updates to pirated copies as well as legit copies of Windows might seem crazy, but here's the reasoning, straight from Paul Cooke, director of Windows Client Enterprise Security:
Keeping a machine up to date is one of the first steps in helping ensure that they remain reliable, compatible, and safe from threats when they are online. Some of the most famous incidents of malicious software infection have come after security updates were publicly available from Microsoft - Blaster, Zotob, Conficker and Sasser, just to name a few. Rest assured that we at Microsoft are committed to making sure that security updates are available to all of our users to help ensure a safe online experience for everyone.
Note that Cooke is laying the blame for many recent security problems where it belongs: on users and companies who will not upgrade their software to block such threats. By continuing the recent policy of allowing users of non-genuine Windows to receive security updates, Microsoft is saying, in effect, 'don't blame us if unpatched systems are compromised.'
However, don't think that Redmond's turning a patched eye to either casual piracy or software counterfeiting. Pirated copies of Windows 7 won't be eligible for some of Microsoft's goodies, and Softpedia points out that counterfeit copies of Windows often come with a "free" bonus: malware.
For your chance to sound off on security for software pirates, join us after the jump.
After nearly three years of development, Panda Security today released the public beta of its Panda Cloud Antivirus, which the company claims is the first free cloud-based antivirus thin-client. By taking AV duties to the cloud and combining it with local detection technologies, Panda says it can do a better job at protecting your PC than a traditional virus scanner.
"Thanks to Panda Security's Collective Intelligence malware and goodware online database, Panda Cloud Antivirus detects more malware than traditional signature-based solutions which take longer to detect the most recent, and therefore most dangerous, variants," Pedro Bustamanta, Panda Senior Research Advisor, wrote in a blog entry.
The local portion of the program takes up roughly 50MB of hard drive space while consuming about 17MB of RAM, according to a Cnet report. By the time Panda Cloud Antivirus exits the beta stage, Bustamante hopes to have the RAM consumption down to 12MB.
One potential downside to relying on the cloud for antivirus protection is that your PC would be left vulnerable without an internet connection. But not to worry, says Bustamante, who clarified that a local cache copy of Collective Intelligence is kept on the PC for just such scenarios.
Mainstream Media’s fascination with the Conficker virus is somewhat amusing, but the actions of the world’s most famous computer trogan on the other hand are not. According to Fox News, Conficker is finally starting to show signs of life and has begun organizing thousands of machines into a botnet to send email spam and spread malware.
Anybody running anti virus or Windows update is pretty much protected from Conficker at this point, but amazingly this still leaves millions of machines to worry about. It remains to be seen how much longer Conficker will continue to plague the web, but hopefully at the very least this brings computer security to the minds of mainstream users.
So Conficker is spreading spam and spyware? Anyone surprised?
Google yesterday made available an updated version of its Chrome browser to prevent cross-scripting attacks, whereby visiting a malicious site with Internet Explorer could cause Google Chrome to fire up, open a bunch of tabs, and load harmful scripts.
"An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions," Mark Larson, Google Chrome program manager, wrote in a blog post. "If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scrips that run after navigating to a URL of the attacker's choice."
The attack wouldn't work if Chrome was already running, Larson added. A new version of Chrome -- 126.96.36.199 -- is now available and will prevent the attack from working regardless. The update is supposed to be rolled out automatically, but in our case, we had to manually force the download. You can do so by clicking on the wrench icon in the upper right corner, select "About Google Chrome," and click on Update Now.
Having to replace a $2,000 notebook after it's been swiped from under your nose is bad enough, but it's only the tip of the iceberg for business owners, Intel says. According to a study on notebook security commissioned by Intel and conducted by the Ponemon Institute, laptops lifted from airports, taxis, and hotels around the globe end up costing their corporate owners an average of $49,246. That number reflects "the value of the enclosed data above the cost of the PC."
Somewhat surprisingly, it's not the CEO's computer that holds the most value, but a director or manager, the study says. Analyzing 138 instances of lost and stolen notebooks, the study values the average senior executive's laptop to be $28,449, whereas a director or manager's laptop is worth twice as much at about $61,000 each.
The well-timed (or strategically-timed) study comes shortly after Intel's "Poison Pill" Anti-Theft PC Protection technology finds its way onto a pair of Asus notebooks.
The web browser is probably the most essential application on your PC; there is no better practical way of staying connected to news, your friends, and most importantly, the lulz. But whether you’re using Internet Explorer or newly minted Chrome, each of today's popular web browsers has different strengths and weaknesses. Mozilla Firefox is feature-heavy and relatively fast, but can get terribly unwieldy when crammed with juicy add-ons. The newest version of the once dominant Internet Explorer is a quantum leap above previous buggy versions, but remains slow. And while both Opera and Google Chrome are blazingly fast, they currently lack customization.
No matter which browser you use, you want it to fit your personal needs and tastes. With this guide, we will show you the essential initial tweaks everyone should make to “awesomize” their browser. Whether it’s accelerating browser page-load performance, boosting security, or just improving the look of the interface, we teach you the tweaks that we think should be implemented the first time you start up a browser after installation.
We cover comprehensive step-by-step instructions for Internet Explorer 8, Mozilla Firefox 3, Opera 9, and Google Chrome, starting off with general web optimization tips. So jump into the guide and start tweaking your web browser!
Windows 7 brings enterprises more security with less annoyance, says Paul Cook, director of Microsoft's Windows Client Enterprise Security, Cnet reports. Cook's remarks come as the annual RSA security conference opens.
How much less annoying? 29% fewer UAC prompts, according to Cook, and UAC can be fine-tuned to meet any Windows 7's user's requirements.
But there's more to Windows 7 security than a less nagging UAC. To learn more about how Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2 work together for more security and to discover why a new BitLocker feature enables Windows XP users to access BitLocker media, join us after the jump.
According to mobile security firm Trust Digital, you're at a real risk of falling prey to an SMS attack while you sleep. Dubbed the "Midnight Raid Attack," because it's mostly run at night, a hacker who has the right toolkits and know-how could send a malicious text message to your phone capable of firing up the web browser and navigating to a harmful website. Once there, the site downloads a dirty executable to your phone intended to steal your private data, said Trust Digital.
"This is a completely real threat," said Phillippe Winthrop, a director in the global wireless practice at Strategy Analytics. "We will see these attacks. It's a matter of time."
Another type of attack has a hacker sending a malicious SMS 'control message' over the GSM network to a victim's phone using a WiFi network, like you might be using at a coffee shop. The attack turns off SSL on the victim's phone, allowing the hacker to sniff your exposed traffic and steal your email credentials.
Trust Digital posted a pair of YouTube videos demonstrating the above attacks, which you can view here and here.