Investing in malware protection software makes sense for a variety of reasons, as any online hacking weblog would tell you. To begin with, a multitude of threats, namely online hacking, virus infection, malware infestation etc. stalk any computer user connected to the internet. Most new computer systems are accompanied by bundled anti-virus and malware protection software applications. What is disheartening, however, is that a large number of users choose to neglect the vary importance aspect of malware protection and end up exposing their computers to the risk of infection once these bundled applications exceed their validity period and need renewal.

Malware Protection: Prevention is the Best Cure

Failing to install a firewall, forgetting to update the anti-virus software and clicking on suspicious links, apart from poor malware protection efforts, are among the many unhealthy surfing habits of a majority of netizens. Some are not even aware of the nuisance of adware, or the threat posed by spyware.

Not every site you visit will be a safe place. Not every email you receive will contain safe information. Many viruses enter a website when users visit certain websites (predominately pornographic sites). These viruses can also come from certain emails. Keeping these things in mind and ensuring correct surfing habits are the best malware protection you can get; the software applications come in only as a second line of defense.

Programmers of viruses and other malware have written extremely destructive and devious code; some can even disengage the anti-virus software. This may happen even with paid anit0virus software. What’s important is, that the malware virtually has the run of the system now and can wreak havoc on your files.

This was a very rare case, but if you want adequate malware protection, then you must ensure that you check regularly for updates and scan your computer for viruses everyday, which is something that you can tell your anti-virus software to do automatically by scheduling it in advance.

Other Malware Protection Applications

The use of a spyware extractor like Ad-Aware can help alleviate chances of browser hijacking and to remove all data-mining files from your hard drive. Many sites will add these features to your computer when you visit their website, they gather data on your personal site visitation and apparent preferences.

Not only can this be personally intrusive but it can also slow your computer down and may result in a significant amount of unwanted emails.

If you use your computer as part of your business you need to come to terms with the importance of that box of silicon and microchip processors known as a hard drive. Can you afford to have your computer offline while you deal with the devastating effects of a computer virus, hacking or deleted files? Hence, if you use your computer to store office files, or if you’re a freelancer using the computer as a workstation, you ought to realize the importance of malware protection software and other security measures.

Keep watching this online hacking weblog for more information on malware protection.

Online hacking of credit card information is an abomination arisen out of a phenomenon that has otherwise done only good for the betterment of mankind.

Purchasing products and services on the internet using credit cards has always been dicey for most people since the early days of the internet. While the internet has evolved, bringing new and improved security measures, the danger of online hacking still lurks. And the trouble with online hacking is that the perpetrators of online hacking are always a step ahead; they discover a fault or a security hole in a system and exploit it to gain unauthorized access to information. When the fault is discovered, they are filled up, leaving online hacking experts to look for other fault lines; and they usually do find them.  When it comes to online usage of credit cards, the ramifications of identity theft, even without considering the potential financial loss, are huge. Your credit card leaves an electronic trail of purchases and anybody stealing the credit card details could effectively be using it for something illegal in your name.

The situation might seem hopeless and you may think that there’s not much you can do short of vowing never to use your credit card online, but that is drastic, unnecessary and inconvenient. Sure, some online merchant sites have other payment options too, but the credit card still remains the most widely offered option. Not using a credit card online is likely to prevent you from availing the awesome deals and sales you can participate in on the internet shopping sites. There are, however, ways and means to improve your defenses against online hacking.

Protecting your Credit Card Information from Online Hacking

The first thing you need to check, when shopping online with a credit card, is to ensure that you’re always on a secure page. Online merchant sites often use a high level of on-page encryption to render their pages secure, so that the sensitive information your provided may not be intercepted. This, however, is unlikely to protect you if you have malware such as keyloggers installed on your system, which is one way that perpetrators of online hacking gain your information. Therefore, using anti-virus as well as anti-spywate software is essential. Another trick that you may be subjected to is through phishing emails. It works like this: you get an email that seems to be from your credit-card company or bank, and everything looks like the real deal. The mail would request you to click on a link which would also look a genuine page of the bank or credit card company. This page, however, is a phishing page, one way of online hacking, that would ask you for your password, credit card number or some other sensitive detail (and you wouldn’t suspect a thing because it seems natural for the page to ask this information). This method of online hacking literally tricks you into giving away your own details. So be careful of any email claiming to be from your bank-salsh-credit card company-slash-online payment processor; doubly so if it contains a link to click on. Always access your bank site or any financial transaction site directly by typing the address into your online browser, the old fashioned way.

Virtual Credit Cards to Fool Online Hacking

Using a payment processor such as Paypal is also a good way to protect yourself while shopping with a credit card online. You’re furnishing your information to only one site (Paypal, in this case) which then proceeds to make payments to the sites you do your purchases from, thus limiting risk by limiting online exposure of your data. The downside is that while these payment processors have a good coverage of online merchant sites to provide you the service, there are still an awful lot of sites which wouldn’t be covered by your payment processors. You see, all processors don’t work for all websites or, for that matter, for all geographical locations.

Using virtual credit cards is another alternative to using credit cards online. These cards eliminate the risk involved in your online credit card transactions by giving you single time useable credit card numbers that can only be used online, and only be used once. Contact your credit card company to know more of these facilities that would help you shop online with your credit card.

Keep watching this space for cyber-security tips and tricks to protect yourself from the dangers of online hacking, whether for credit card information or otherwise.

Kaspersky Lab presents its assessment of malware action on users’ computers and on the Internet for December.

In December 2010, analysts of the company once again recorded a high level of subversive activities. Kaspersky Lab products blocked over 209 million network-level attacks in recent months, over 67 million groped to infect computers across the network are detected and neutralized over  the 196 million malicious software and recorded nearly 71 million heuristic judgments.

Social engineering and the exploitation of vulnerabilities in legitimate software remained the main methods employed by cybercriminals, though it appears they never cease to hone their skills in other areas. They certainly didn’t pass up the opportunity of jumping on the ‘shortened URL’ bandwagon. Users are increasingly using Internet addresses that have been shortened with the help of special URL shortening services, and they don’t always know that malicious links may be lurking among them. In December the top trends on Twitter’s main page included a number of entries with links that had been shortened using popular services such as bit.ly and alturl.com. After several redirects these links eventually led to infected websites.

In another development, the authors of fake antivirus programs have been busy perfecting their tactics, so much so that two of their creations made it into December’s Top 20 malicious programs detected on the Internet – in 18th and 20th places. Genuine antivirus programs are now so effective at detecting their fake counterparts when they attempt to download to users’ computers that the cybercriminals have moved their wares to the Internet instead. In the latter scenario these rogue programs don’t need to be downloaded to a computer; users just need to be lured to a fake antivirus website, which is a lot easier than bypassing real antivirus protection.

Representatives of the Trojan-Downloader.Java.OpenConnection family remain extremely active. Instead of using vulnerabilities in a Java virtual machine these Trojans employ the OpenConnection method of a URL class – standard functionality of the Java programming language. Two representatives of Trojan-Downloader.Java.OpenConnection were among the Top 20 malicious programs detected on the Internet in December in 2nd and 7th places. At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000.

Topping the list of web-based threats, well ahead of its nearest rival, was the adware program AdWare.Win32.HotBar.dh. As a rule, this program is installed along with legitimate applications and then annoys the user by displaying intrusive advertising. For the first time ever a malicious PDF file that makes use of Adobe XML Forms has made it into the Top 20 online threats. When a user opens the file Exploit.Win32.Pidief.ddl, a script exploit is launched that downloads and runs another malicious program from the Internet. Exploit.Win32.Pidief.ddl occupied 11th place in December’s rating of threats emanating from the Internet.

December also offered virus analysts the chance to monitor cybercriminal activity as it adapted to a new Russian Internet domain. November 2010 saw the beginning of domain name registration in the .ÒÆ (Cyrillic abbreviation for the Russian Federation) zone of the Internet. Online scammers turned out to be most active in the new domain, registering sites that were used to spread malicious programs and make enticing offers of a fraudulent nature.

Three types of malware were detected above all: the music files as false, movies and multimedia, script programs disguised model useful services for the social networking site Odnoklassniki and Trojans to redirect users to pages malicious Web.

Malware is a phrase used to portray a wide category of malicious software that includes viruses, worms, Trojans, root kits, spyware and adware. The effects of malware series of computer trouble shortly malware and identity theft. Malware is easier to avoid being deleted. Avoid malware is a two-pronged strategy. Follow these instructions to stay safe.

Prevent Malware with Smart Online Behavior

The biggest factor in the prevention of malware infections on your computer is only you. You do not have experience or training. You only need vigilance to avoid downloading and installing something that would not have understood or trusted, no matter how tempting the following sources:

• From physical media: Your friends, family, and associates may unknowingly give you a disc or flash drive with an infected file on it. Don’t blindly accept these files; scan them with security software. If you are still unsure, do not accept the files.
• From a pop-up window: Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free “system scan” of some type. Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete).
• From a website: If you are unsure, leave the site and research the software you are being asked to install. If it is OK, you can always come back to site and install it. If it is not OK, you will avoid a malware headache.
• From e-mail: Do not trust anything associated with a spam e-mail. Approach e-mail from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, don’t do it.
• From another piece of software: Some programs attempt to install malware as a part of their own installation process. When installing software, pay close attention to the message boxes before clicking Next, OK, or I Agree. Scan the user agreement for anything that suggests malware may be a part of the installation. If you are unsure, cancel the installation, check up on the program, and run the installation again if you determine it is safe.
• From illegal file-sharing services: You’re on your own if you enter this realm. There is little quality control in the world of illegal software, and it is easy for an attacker to name a piece of malware after a popular movie, album, or program to tempt you into downloading it.

Remove Malware with the Right Software

Chances are that no matter how careful you are, you will be infected some day. That’s because malware is designed to sneak onto your computer in ways you can’t possibly foresee. Enlist the help of the following software:

• An updated operating system: Use Windows Update. Take advantage of its ability to automatically notify you of updates, or better yet, to automatically download and install updates.
• Firewall: If you aren’t running a third-party firewall, use Windows Firewall. (Don’t run two firewalls at once; they will interfere with one another.)
• Spam filter: If your e-mail program is not adequately filtering spam from your in-box, consider additional spam filtering software. If your security software is a security suite, spam filtering may be a feature that you need to switch on.
• An updated browser: No matter which browser you use, keeping it current is vital to preventing infection. Take advantage of your browser’s pop-up blocking, download screening, and automatic update features.
• Antivirus software: You must run an antivirus program to be sure. Keep up on, and schedule a scan to run at least once a month. (Do not run two antivirus programs that interfere with each other.)
• Anti-malware: Also known anti-spyware that includes many antivirus programs, anti-malware component. If you do not, install and use a standalone anti-malware that does not conflict with your antivirus program. So keep it up to date.

On Wednesday, a proof of concept application has been downloaded and made available on Android Market, which took advantage of two recently discovered serious errors in Android OS.

Angry bird disguised as expanding the software silently installed three additional applications without user authorization. Hidden applications are also able to access your contacts information to the user location and SMS. They could also transmit data to a remote server.

Scio Security CTO Jon Oberheide–one of the two researchers who discovered and exploited the Android vulnerability–said that it took Google about six hours to discover and pull the bogus app. The next step will be to “lock down” the special security tokens Google uses so that users don’t have to expose passwords to 3rd-party services. The proof-of-concept code works by exploiting weaknesses in that Android token system.

“It abuses that token to perform the same actions the legitimate Market app would perform, but without asking for permission,” Oberheide told The Register. “Through some of the research, we realized we could use this one specific token for the Android service to bypass the restrictions on the permission system.”

Oberheide and colleague Zach Lanier – Senior Consultant Intrepidus Group – plan to give more information to Homeland Security Conference is scheduled for Thursday at Intel’s Oregon campus.

Oberheide previously released a couple of applications on Android Market in June that forced Google to use its remote switch secret then kill. The applications have demonstrated how hackers can only kit market bootstrap root at the top Android phones.

The most recent tests of consumer of antivirus software released on Tuesday show the products are declining in performance as the number of malicious software programs increases, a trend that does not bode well for consumers.

NSS Labs tested 11 consumer security suites and found that the products are less effective than a year ago as far as blocking the download and execution of malicious software programs. The company also tested if those programs detected and blocked malicious Web sites.

In its tests, the company used new malicious Web sites within minutes of discovery in addition to brand-new malware, which it contends is indicative of the conditions that users would find while browsing the Internet.

The download and execution blocking rate for the top performing antivirus software of Trend Micro’s Titanium Maximum Security fell from 96.4 percent to 90.1 percent from the third quarter of 2009 to the same period this year.

Symantec is accelerating its fight against malware with the introduction of its next-gen platform dubbed “Ubiquity”.

“Now, traditional protection methods require analysis of specific strains and an initial capture of malware. But Ubiquity takes a fundamentally different approach to help secure infrastructure from the latest and most targeted threats.”

Ubiquity analyzes the anonymous software usage patterns of more than 100 million Symantec-shielded PCs – allows the security company to more effectively protect against micro-distributed, mutating threats.

“Ubiquity adds a new layer of protection that bolsters our existing defenses, such as intrusion prevention, as well as behavioral and heuristic detection capabilities,” explained Symantec senior VP Stephen Trilling.

According to Trilling, Ubiquity operates by formulating a security rating for each file based on specific (anonymous) user-generated data – including origin, age, adoption patterns and other proprietary calculations.

“While attackers can easily mutate a malware file’s contents to make it invisible to traditional signatures, they have far less control over these crowd-based demographics.

“However, Ubiquity doesn’t just maintain data on malicious programs, but keeps ratings for virtually every legitimate application on the Internet as well.”

Indeed, Ubiquity’s reputation database currently contains safety ratings on more than 1.5 billion “good” and “bad” executable files, with an average weekly “recruitment” rate of 22 million.

“Interestingly, based on Ubiquity-generated data, we have determined that more than 75 percent of malware affects fewer than 50 Symantec users.

“This statistic highlights the movement toward high-impact, low-distribution targeted threats and shows the need for standing technology, like Ubiquity, to protect against such malware,” added Trilling.

 
British Prime Minister David Cameron skipped prime minister’s questions on Wednesday, depriving lawmakers of their first chance to grill him in public since the revival of a scandal involving his top public relations aide.

Cameron’s father suffered a stroke and heart complications on vacation in France, and the prime minister is flying out to be with him, his office announced.

His deputy, Nick Clegg of the Liberal Democrat party, instead faced intense questioning about Cameron’s communications chief, Andy Coulson, who used to be the editor of a tabloid newspaper accused of widespread hacking of celebrities’ voice mails.

Coulson “made it very, very clear he had no knowledge” of hacking by his staff, “and that statement speaks for itself,” Clegg insisted.

Senior opposition Labour lawmaker Jack Straw tried to drive a wedge between Clegg and Cameron — a Conservative — by demanding that Clegg express a position on Coulson.

Clegg wouldn’t take the bait.

“It is now for the police and the police alone to decide whether new evidence has come to light,” he said.

Police expect to question Coulson as part of their investigation into the hacking scandal, a top British police official said Tuesday.

“At some stage I imagine we would be seeing Mr. Coulson in some capacity,” said Metropolitan Police Assistant Commissioner John Yates. He refused, in questioning by lawmakers, to be pinned down about when.

The House of Commons Home Affairs Committee is opening a new investigation into the hacking of phones, it announced Tuesday, after questioning Yates over what police did and did not do about the alleged hacking.

Coulson resigned as editor of the News of the World newspaper after one of his reporters was sent to prison for hacking into phone messages of the royal family’s household staff.

Both News of the World and Cameron’s office said Tuesday they had no response to Yates’ comment.

But Coulson said Monday he would be happy to meet with police voluntarily and “vehemently denies” allegations he knew of widespread phone hacking at his newspaper.

News of the World has also denied a culture of using illegal methods to get stories.

News of the World royal reporter Clive Goodman and private investigator Glenn Mulcaire were sentenced to prison in 2007 for hacking into voice mails of members of the royal family’s staff.

Mulcaire also admitted hacking into model Elle MacPherson’s messages, among others.

But The New York Times alleged in a detailed investigative story that — far from Goodman and Mulcaire being lone culprits — phone hacking was common practice at the newspaper.

The New York Times article last week prompted a furious response from a number of public figures, including former Deputy Prime Minister John Prescott, who demanded that the police tell him if his phone had been hacked.

Yates said Sunday that “the newspaper produced no new evidence for us to consider reopening the case,” but had reversed himself by Tuesday’s parliamentary committee hearing.

Police will question one of the few sources who went on the record in the Times article, former News of the World journalist Sean Hoare, Yates said.

Hoare told the Times that Coulson, then his boss at the tabloid, “actively encouraged me” to hack into the voice mails of public figures to get stories for the News of the World.

Coulson’s allies have cast doubt on Hoare’s credibility since the Times article came out September 1, pointing out that Hoare was fired from the paper over allegations of drug and alcohol abuse.

The New York Times also alleges that the police did not pursue their investigation into the News of the World as aggressively as they could have, both because of a “symbiotic” relationship between the police and the paper and because they were busy with other investigations.

Yates did not respond to those allegations.

The News of the World, which is owned by News Corp., Saturday rejected “absolutely any suggestion there was a widespread culture of wrongdoing” at the paper.

A British parliamentary committee twice investigated the tabloid.

Witnesses associated with the paper insisted there was no evidence that phone hacking extended beyond the two who were found guilty of it.

I’M a Modernist, devoted to Mies, postwar abstraction and flying. In the last year or so, I’ve been in Amman, Paris, Venice, Athens, Boston, London, Naples, Dublin, Rome, Reykjavik, Milan, Málaga, Moscow, Montreal and Memphis, to name a few.

One year, I was traveling back and forth to Paris so many times that the flight attendants recognized me.

I was traveling with an important artist and I was really trying very hard to impress him. When we boarded the plane, a flight attendant yelled out that it was great to see me. I felt really good, believing the artist would think that I must be someone special for a crew member to greet me that way.

Then the attendant asked me if I wanted a drink. It was 8:30 in the morning and I was sure the artist thought I was a drunk. Fortunately, he just found it amusing.

When Wi-Fi became available in flight, I was really excited since I thought I would be extra productive.

The first time I tried it, I was traveling to Los Angeles from New York. Since it’s a long flight, I thought I’d get a lot of work done. So I e-mailed a colleague telling him that I was in a plane but could still work.

My colleague, a notorious prankster, e-mailed me back with the subject line “Picasso,” with an attached image. The body of the e-mail said that he found the Picasso I had been looking for. I opened the attachment and my screen filled with, well, porn.

I was in the middle seat with two business types on either side of me. I was mortified. And they didn’t look amused. I slammed the laptop shut and didn’t say a word or do any work for the remainder of the flight.

Since I travel so much you’d think I would be savvier. But a lot of times I feel like I’m living out a “Seinfeld” episode.

When heading from Rome to Moscow, I had to board a shuttle bus to my plane. There were two buses: one was nearly empty; the other was really crowded. I’m not a fool. I opted for the less crowded bus. I got very comfortable and kept thinking how smart I was. That is, until I discovered the bus was taking me to a plane headed to Kuwait.

I make mistakes all the time. I had a meeting in Israel and by the time I landed in Tel Aviv, I was really tired. When I got to my hotel, all I wanted to do was go up to my room as quickly as possible and then sleep.

But since I was sure it was a Friday, I wanted to be respectful of the Shabbat laws. So I didn’t push any buttons in the elevator that would take me to my floor. I waited for the doors to close.

I must have stood there three minutes. Then a guy got on the elevator and immediately pushed the button for his floor. I gave him a dirty look. And then he told me it was Thursday, not Friday. I felt pretty foolish.

To help beat jet lag, I travel everywhere with a Pilates abdominal device. It’s a metal circle, with two plastic handles, that you use to strengthen your core. I swear some security people think it’s a weapon. I’ve had to explain what it’s used for and a few agents asked me to demonstrate.

They didn’t look impressed. But they did let me on the plane with my Pilates gear, where I proceeded to show the flight attendants just how it worked. At least they seemed impressed.

Facebook on Thursday announced a new security feature that will allow users to see if they are logged into their accounts on a different computer and to remotely log out if so.

This will address the problem that many of us have of leaving a computer–either one we borrowed at a friend’s house or used at a public spot like a library–logged in to our Facebook account without realizing it. Doing so leaves it open for abuse by whoever happens to visit the site next on that machine, allowing them to use the account to send spam or masquerade as the legitimate user.

“When anyone else is in charge of your online account there is the opportunity for foul play,” Jake Brill, a product manager for Facebook’s site integrity team, told CNET. Using the new feature that Facebook is rolling out worldwide, users will be able to click on the Account tab in the upper right-hand corner of their profile page, click on “Account Settings” in the drop-down menu and see new information about account activity under the “Account Security” area.

Facebook will provide users with recent activity on their account, including the last time the account was accessed, the device used, what approximate city it was located in, and the browser and operating system on the device. It will also provide the same details for other sessions if they are active on other devices and offer the user the ability to click “end activity” to log that device off.

Often, Facebook users don’t realize that they may still be logged into their accounts if they merely closed down the browser or even if they shut down the computer. For example, if the “Keep me logged in” box is checked on the log-in page, then you must manually log out on Facebook to end the session. That box, which is standard on many popular Web sites, is unchecked by default. If the box is not checked, users must quit the browser or log out to end the session.

The new feature will help people thwart would-be account hijackers, said Andrew Walls, a research director at Gartner.

“If you suspect somebody else has your password and is able to access your Facebook account or you see a computer you don’t recognize connected to your user profile, you can kill that session,” he said. Users who suspect their account has been compromised should always immediately change their password.

Walls praised Facebook for offering users this level of insight and control into their accounts and noted that it is standard in operating systems to provide this capability to administrators who want to, for instance, monitor the VPN (Virtual Private Network) connections into the network.

“This will be adopted by a small percentage of the user base, but it’s a good step and it is needed,” he said.

The new security feature follows a Login Notification feature the company announced in May that lets users tell Facebook to notify them via e-mail or SMS when a new computer or device is used to log into their account.