Wednesday, December 05, 2007

Is your System affected with Virus, Trojans, and Worms? Here’s the security solution

Is that your system is affected by any deadly Virus, Trojans, Worms or Rootkits and you are unable to open or run any applications, here’s a few easy help guide to remove those.Also consider the Future of Internet Security.

Steps to follow to disinfect/ cure the Virus, Trojans, Worms or Rootkits in your system. So understand where you need to consider the Internet Security.

If you already have installed an Anti-virus in your System do the following -

1.) Go to My Computer> C: (C Drive), Select C Drive and Right Click > Select Scan for Viruses [ Also do scan for the D: Drive too]

2.) If the your Anti-Virus detects any virus and is unable to delete it, and you feel that the entire system is infected with that virus, you got to clean it from the Registry or you got to recover your system, follow the instructions to securely recover the data without any harm to your computer.

System Restoring:

Step 1: Start > Program Files > Accessories > System Tools > System Restore

Step 2: A window will appear. Select the date, in which your system was performing good.

Step 3: Click “OK” and Restart.

If this also not works, you got to clean your system by using the Registry. Also see that what the Operations are running in your system during the Startup.

Checking the Operations/Tasks Currently running in your system.

Do Follow: Start > Run (Type “msconfig” without Quotes> Click “OK

You will see a Window with the following System Menu: General SYSTEM.INI WIN.INI BOOT.INI Services Startup

Click Services and Startup and check if any unwanted application is running in your system. If an unwanted application is running in your system, remove* that application, if you feel that it is surely an unwanted program or you can also click Ctrl+Alt+Delete in your keyboard, go to task manager and then processes and remove the unwanted application.

To Enter in to System Registry

Click Start>Run (type “Regedit” without Quotes) and Then go to the Virus infected application. You will see an application, that the virus would have made an entry in it, and select and delete it.

Also you can open Registry like this.

1. Start Registry Editor (Regedit.exe).
2. Locate the following key in the registry: HKEY_CURRENT_USER\Control Panel\Desktop

Mostly when you go to regedit, be sure you check the Windows and System32 as mostly the virus mostly infects them.

If you don’t have choice to open any of Regedit or application or msconfig, there is no option, then you got to Format you C: Drive, using a boot up disk. Make sure, you take Back of all the data’s, to the D: Drive after scanning for viruses.

Once you finish the formatting, First thing, consider your system security and have an good updated Anti-virus System, Updated Firewall, Antispam and other Spy wares to prevent future Virus, Trojans, Worms or Root kits attacks.

Help us provide you a better Internet Security filling up this Internet Security Feedback Form. Also learn about Website Encryption here - www.ezencrypt.com

Be careful when you SMS... General Mobile SMS Security - Mobile Security

This is regarding the General Security, We got to know in General about the Mobile Security as well as our Security - to be Safe from the Credit Card and Debit Card Theifs. Here's goes the security issue story that happened to be real - Just an story for the General Security And Identity Theft Challenges.

Be careful when you SMS...
A True Story:
This lady has changed her habit on the hand phone after her handbag was stolen. Her handbag which contained her mobile, credit card, purse etc. was stolen. Twenty minutes later when she called her hubby, telling him what had happened, her hubby says 'I've just received your SMS asking about our Pin number and I've replied a little while ago.'
When they rushed down to the bank, the bank staff told them all the money was already withdrawn. The pickpocket had actually used the stolen hand phone to sms 'hubby' in the contact list and got hold of the pin number. Within 20 minutes he had withdrawn all the money from the bank account.
Moral of the lesson:
Do not disclose the relationship between you and the person in your contact list. Avoid using names like Home, Honey, Hubby, Sweetheart, Dad, Mum etc...... and very importantly, when sensitive info is being asked thru SMS, CONFIRM by calling back.
PLEASE PASS THIS ON TO YOUR LOVED ONES AND FRIENDS

Tuesday, November 27, 2007

Comodo Firewall Pro Version 3.0 Released - Microsoft Vista™ Compatible Free Firewall

The most expected Comodo Firewall Pro Version 3.0 has been released. The Free Comodo Firewall does an very good job from a prevent than at a detection perspective. The Free Comodo Firewall pro supports both the XP and Vista (32 & 64 bit) versions and is now ready for download. There are so many major updates made in this free firewall, that it has got multiplex architecture which include the features of Anti-Virus, Anti-spyware, Anti-Malware, Rootkit, Trojan and so on.

The advancement in this free version of Comodo Firewall has been a welcoming one worldwide. To know more about this advanced version of Comodo Firewall Pro – Visit http://www.personalfirewall.comodo.com

Thursday, November 01, 2007

Email Encryption and Data Encryption – The Current Security Trend

Not only the IT companies but also the other sectors related to IT uses less security IT systems. For the past few months there have been new threats on the internet so the levels of the security obviously need to be increased. About 99% of the internet users use email as one of the potent business tools as well as personal tool, this is of course a vulnerable system for attack. Visit www.ezencrypt.com.

Securing the email must be the top to-do list of any corporate security expert in an organization. If the organization uses the emails for transferring more important and high confidential matter via email then there is an need for secure email gateway or encrypted email. Not only secure email systems but also other internet security desktop products such as anti-spam, anti-malware, anti-virus or firewall should be installed to have an highly secure environment over the internet.

Many corporations use an email gateway that encrypts messages as they leave the corporate perimeter. The problem with this approach is that it leaves internal mail completely unprotected and vulnerable to data theft, packet sniffing and malicious insiders. Though some of the organizations are comfortable using the VPN’s (Virtual Private Network), still if the organization is big, they need to provide an higher level of email security to save all the important and unimportant information sending/receiving out via their network, in a way that they are not vulnerable to malicious attacks.

Inorder to provide an suitable email encryption option, the point is to install an email security technology that would encrypt all the message/email that are sent from a client to any other client. If such email encryption technology is implemented, then there won’t be much insecure email traffic. The latest technology has been providing high end security tools and software, which is being integrated in the email system, which has made the email system management more easier and secure. So if any organisation that handles sensitive data or shooting out confidential email then email encryption is a must.

The email client encryption solutions are now extensible and are sufficient enough to take part in the enterprise encryption strategy with easy and flexible deployment. Now its almost high time, that all the organizations which use or do business via internet are vulnerable to attacks from hackers, so it’s a must that there should some standardized measures and polices that needs to be implemented, to have an secure internet and secure email system.

Incase a business or organization does an business via Internet in their own website also needs to have SSL security or Extended SSL encryption, Email certificates, etc and also should educate the consumers in doing an secure eCommerce business, inorder to prove their business identity and assurance by proving them that they are doing secure shopping.

Also take a minute to answer this survey inorder to provide you with more secure environment over the internet – Internet security Form

Download your free secure email encryption certificate here and buy you Website SSL Encryption Certificates here at www.ezencrypt.com

Sunday, October 28, 2007

Internet Security Feedback Form | Questionaire

This posting I decided to know your valuable feedbacks which would help us in building an effective best free software security solution for all your needs.



Solid protection is that the software should have many useful security features, with effective funtioning. As per economics "There is nothing Permanent expect Changes" - This rule fits to the software visibly.

The fact is that when a software is being created and released the consumers feel that it would have been better if this software has got this(additional - which they expect to be in) feature too.

So the demand for the features keeps on increasing whenever an software is released. And the better overall performance is when the software satisfies the present internet security threats.
Though the Basic features with a combination of few advance features are given by the security software developers for the present scenario, still the security tools you need may lack some few features, when you come across some new threats.
Also its not only with the desktop security products but also with the registry scanning, scanning of websites, or website security etc consumers always look out for the up-to-date technology.

And whats Next? I think with your past experiences over the internet would help to give your valuable suggestions in getting an more quality software online for free.

For that developers have to think what would be the next. Not only the developers of the software also you - the person who is going to use the software. So I thought that it would be good if I am able to get the feedback from you itself, so that we would be able to build an very good security suite that may be up-to-date with all your expections.
Also go through my entire blog and check out some of my writings, security tools, free security softwares etc.
A few post of mine would help your think about what are the software avaliable for free? About the future of internet security, Desktop Security Tools for free and so on.
Just visit my entire blog posting so you would be able to understand what the past and present scenario is! and few good extracted articles which might help you in think about the future of internet security too.

I hope you would help me in building a very good security suite filling up the Internet Security Questionaire.

This form would help me in getting your opinions to our software developers and for you in getting the best software. :)

Name:




Email Address:




What is your Website?




What are the Security Softwares have you got installed in your PC?

Firewall

AntiVirus

AntiSpyware

Anti-phishing Tool Bar

Others

None



How much are you ready to spend to buy an Internet Security Suite?

<$25

$26 - $50

>$50

Depending on the Security Suite



What kind of free Internet Security suite do you require and with what features?







create form

Friday, October 26, 2007

Advance Christmas Wishes! – The Shopping season has begun, is that your online shopping is Safe?

The Christmas season has begun and you have planned to buy so many gifts for you, your children, friends and relatives. Beautiful & Attractive wordings on the internet, for welcoming you for the online shopping stating welcome to our online shop, buy christmas presents and christmas gifts here!, Christmas cards, Clip Art, Gift Paks, crafts, decorations, Xmas recipes, shopping, christmas songs CD's & DVD's, stories, traditions and more. Buy one get one free and so many direct & online shopping ads and much more, but are you going to shop safe online?

Here are a few tips I wish would help you out getting your shopping genuine and healthy.

As the festival season has begun, the fraudsters and intruders are ready to break your happiness by just shooting a simple email to your inbox. The Spammers are creating so much attractive content that states, they are real one. But how do you know that the mail in your inbox is a genuine one and you are not spammed. If any links are specified in the email for buying something and its asks for your personal or credit card details check if that site has got a golden yellow pad lock, and the website begins with https://

See that you system has got a Firewall or Antivirus software, because the Spammers or Fraudsters may attach some virus or Trojans to their mail attachments. And also have a firewall so that no unknown person can access your system

Don’t buy online anything, unless you believe that its an secure website. And also try to install an anti-phishing toolbar which might help you in identifying the secure website.

Always check out whether the site is secure or not, by seeing the pad lock and its information (SSL Certificates). See if the website address matches the information provided in the pad lock information.

You can try to have the some of the following software’s for free which might help you in safe online shopping. Also ready my posts about anti-phishing toolbar, what is Spam?, Secure Banking Transactions, the expanded internet security SSL technology and also what’s the Future of internet Security to be safe in coming up online shopping sessions and so on.

So make your Christmas wonderful with secure shopping. The secure online shopping will make your money worth with good spending. So many online shops have implemented the secure internet strategy to welcome and help the consumers in secure online shopping and have safe internet sessions while they do online shopping.

Happy Christmas and a Very Happy (Online) Shopping! Lets this Christmas be unforgetful with your new gifts and cards.
Please fill out this form to help you serve better: Internet Security Feedback Form

Thursday, September 20, 2007

SSL Encryption and its Methodologies | Encryption Systems | Symmetric Key | Public-key encryption | Authentication | Digital signatures | IT Security

I have been receiving mails for quite a long time asking how does encryption work i.e. the Public Key and Private Key work. So I was wondering how to explain them with examples. So I got a very good simple stuff from the web, which is really very good content. Here’s the extract for you. Though this is pretty big content, its worth reading. Also visit www.ezencrypt.com

What is SSL Encryption and why is it required?

SSL Encryption or Https is a technique used to safeguard private information which is sent via Internet. To prove the site's legitimacy, the SSL encryption uses a PKI (Public Key Infrastructure) - public/private key, to encrypt IDs, documents, or messages to securely transmit the information in the World Wide Web. In order to show that our transmission is encrypted, most browsers will display a small icon that would look like a pad “lock” or a key and the URL begins with "https" instead of "http”. SSL Encryption or https from a digital certification authority will help a secure site with confidential information on web.

Encryption Systems

Computer encryption is based on the science of cryptography, which has been used throughout history. Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. The existence of coded messages has been verified as far back as the Roman Empire. But most forms of cryptography in use these days rely on computers, simply because a human-based code is too easy for a computer to crack.

Most computer encryption systems belong in one of two categories:

Symmetric-key encryption
Public-key encryption

Symmetric Key

In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. Think of it like this: You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense

Public Key

Public-key encryption uses a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything.

To implement public-key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is basically a bit of information that says that the Web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other.

The Process of Symmetric and Public Key in action.

For example in case of an email - The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

Public Key: SSL

A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS).

In your browser, you can tell when you are using a secure protocol, such as TLS, in a couple of different ways. You will notice that the "http" in the address line is replaced with "https," and you should see a small padlock in the status bar at the bottom of the browser window.

Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetry. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.

Hashing AlgorithmsThe key in public-key encryption is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value. Here's a simple example:
You can see how hard it would be to determine that the value 1,525,381 came from the multiplication of 10,667 and 143. But if you knew that the multiplier was 143, then it would be very easy to calculate the value 10,667. Public-key encryption is actually much more complex than this example, but that is the basic idea.

Public keys generally use complex algorithms and very large hash values for encrypting, including 40-bit or even 128-bit numbers. A 128-bit number has a possible 2128 or 3,402,823,669,209,384,634,633,746,074,300,000,000,000, 000,000,000,000,000,000,000,000,000 different combinations! This would be like trying to find one particular grain of sand in the Sahara Desert.

Authentication

As stated earlier, encryption is the process of taking all of the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Another process, authentication, is used to verify that the information comes from a trusted source. Basically, if information is "authentic," you know who created it and you know that it has not been altered in any way since that person created it. These two processes, encryption and authentication, work hand-in-hand to create a secure environment.

There are several ways to authenticate a person or information on a computer:

Password - The use of a user name and password provides the most common form of authentication. You enter your name and password when prompted by the computer. It checks the pair against a secure file to confirm. If either the name or the password does not match, then you are not allowed further access.

Pass cards - These cards can range from a simple card with a magnetic strip, similar to a credit card, to sophisticated smart cards that have an embedded computer chip.

Digital signatures - A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file) is authentic. The Digital Signature Standard (DSS) is based on a type of public-key encryption method that uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has been endorsed by the U.S. government. The DSA algorithm consists of a private key, known only by the originator of the document (the signer), and a public key. The public key has four parts, which you can learn more about at this page. If anything at all is changed in the document after the digital signature is attached to it, it changes the value that the digital signature compares to, rendering the signature invalid.

Recently, more sophisticated forms of authentication have begun to show up on home and office computer systems. Most of these new systems use some form of biometrics for authentication. Biometrics uses biological information to verify identity. Biometric authentication methods include:

Fingerprint scan
Retina scan
Face scan
Voice identification

Checking for Corruption

Another secure-computing need is to ensure that the data has not been corrupted during transmission or encryption. There are a couple of popular ways to do this:

Checksum
- Probably one of the oldest methods of ensuring that data is correct, checksums also provide a form of authentication because an invalid checksum suggests that the data has been compromised in some fashion. A checksum is determined in one of two ways. Let's say the checksum of a packet is 1 byte long. A byte is made up of 8 bits, and each bit can be in one of two states, leading to a total of 256 (28 ) possible combinations. Since the first combination equals zero, a byte can have a maximum value of 255.

If the sum of the other bytes in the packet is 255 or less, then the checksum contains that exact value.

If the sum of the other bytes is more than 255, then the checksum is the remainder of the total value after it has been divided by 256.

Let's look at a checksum example


· 1,151 / 256 = 4.496 (round to 4)
· 4 x 256 = 1,024
· 1,151 - 1,024 = 127


Cyclic Redundancy Check (CRC) - CRCs are similar in concept to checksums, but they use polynomial division to determine the value of the CRC, which is usually 16 or 32 bits in length. The good thing about CRC is that it is very accurate. If a single bit is incorrect, the CRC value will not match up. Both checksum and CRC are good for preventing random errors in transmission but provide little protection from an intentional attack on your data. Symmetric- and public-key encryption techniques are much more secure.

All of these various processes combine to provide you with the tools you need to ensure that the information you send or receive over the Internet is secure. In fact, sending information over a computer network is often much more secure than sending it any other way. Phones, especially cordless phones, are susceptible to eavesdropping, particularly by unscrupulous people with radio scanners. Traditional mail and other physical mediums often pass through numerous hands on the way to their destination, increasing the possibility of corruption. Understanding encryption, and simply making sure that any sensitive information you send over the Internet is secure (remember the "https" and padlock symbol), can provide you with greater peace of mind.

A part of the material is extracted from the following
Source: http://computer.howstuffworks.com/encryption.htm
Please fill out this form to help you serve better: Internet Security Feedback Form

Wednesday, August 01, 2007

Its all about | Virtual Private Network (VPN) | SSL VPN | SSL VPN Vs. VPN | Internet Protocol Security

Virtual Private Network (VPN) - A Brief

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, like the Internet, to provide remote access between two or more offices/individual users with secure access to their organizational network. In simple there are millions and millions of internet users all over the world, so while an person is traferring the data, it may be leaked out to others by some unsecure means. So inorder to share the information between two individuals alone, private network would be built, which gives access only to the 2 or a group defined users out of those millions and millions of unknown users. VPN - Virtual Private Network is nothing but building a tunnel, in a big mountain. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by a particular organization. The goal of a VPN is to provide access and security to the organizations at a lower cost, also with an additional level of security which involves encrypting not only the data, but also the originating and receiving network/IP addresses.

SSL VPN

An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser as in we use the SSL certificates. These SSL VPN's help in securing organisational or individuals database or information, which they want to share between themselves. The SSL VPN can be a good choice for Government databases, schools, companies which manage huge databases, libraries and other public information which needs to be transmitted online via internet, but where trust would be an issue, though easy access and low cost is also important. Such kind of applications include Web-based e-mail, online forms, business directories, government directories, educational institutions database, file sharing, remote backup, remote desktop support, Remote system management, consumer-level e-commerce, Solid banking databases etc.

(An extract for better understanding) SSL is a protocol for managing the security of message transmission on the Internet. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. It employs the public-and-private key encryption system from RSA. As TLS (Transport Layer Security), a refinement of SSL, replaces the earlier protocol, an SSL VPN is sometimes referred to as a TLS VPN.

What is the difference between SSL VPN & VPN?

This has been a question for a long time. Many people keep asking what is the difference between SSL VPN and VPN, is that SSL VPN more secure than an IP Security VPN? and so on. In Simple terms, SSL VPN (secure sockets Layer VPN) uses private keys to encrypt data over an SSL connection. Which are used in conjunction with Internet browsers for clientless remotes, Where You can see HTTPS instead of the HTTP in the browser if that website/login is a secured one.And whereas VPN IPSEC is an Internet Protocol Security the Tunnel and Transport mode, where Transport mode only encrypts the data portion of the packet and Tunnel mode encrypts the whole packet. So that its not in the cluthes of all the internet users, though secure.

I would like to recommend you to visit http://forums.comodo.com/, where you can discuss security related topics, softwares and much more . Also learn about The Future of Internet Security, Free Email Certificates, Bank Fraud Alerts and more.
Please fill out this form to help you serve better: Internet Security Feedback Form

Tuesday, July 31, 2007

Comodo's Email Certificates are Vista and Firefox Compatible

New compatibility with Vista and Firefox makes Email certificates available to many new users and remains free of charge. These Email certificates allow users to encrypt and digitally sign Email and attachments, keeping them secure and confidential. Encryption ensures that only the intended recipient(s) have access to the material and verify the sender's identity. The message and any attachments can not be tampered with during the transmission of the Email.

Other Competing software providers charge as much as $20 for Email certificates, but Comodo, in its commitment to ensuring the availability of online security solutions to everyone, continues to offer Email certificates for free. These certificates are fully trusted by 99% of Email clients.

Click to download a free Secure Email certificate.


*Free for personal use

Thursday, July 05, 2007

The Future of Computer Security

Article by Comodo's President & CEO - Melih Abdulhayoglu

Source: http://forums.comodo.com/

The Future of Computer Security

People keep asking me:

Is AV dead? Is HIPS the ultimate solution? Are we going to need to have chips surgically implanted in our…”

Okay, let’s not degenerate this in the first fifty words. I’d like to start with some facts about the state of software security for PCs.

1. The world does not protect itself against Zero Day attacks. The majority thinks it does, but reality begs to differ.
2. People buy AV products because they don’t know any better. Ignorance is bliss, but not in security. Security checks have been bumped up since 9/11 – enough said.
3. People are lazy, myself leading that pack. We want things done, but we don’t want to lift a finger. It’s 2007, so we shouldn’t have to!

Let me expand on these points.

1. The world does not protect itself against Zero Day attacks.
Our primary protection is the use of software products called AV (antivirus). These products essentially create a signature for the malware, which functions much like a mug shot does for a criminal, but only after the crime has been committed. In PCland, AV can never be used as protection against Zero Day attacks because the virus signature (a.k.a. the mug shot) has not been created yet; hence, no protection. In an ideal, if not idiotic, world, virii authors would be kind enough to submit their malware to AV vendors, wait for them to create signatures and update their AV users, and then release their malware to the public so that we could catch zero day attacks. We can expect that about as much as we can expect the criminal to go to the police and say “hey, I’m going to commit a crime”, and the police to prevent the crime. My point: we just don’t protect ourselves against Zero Day attacks.

2. People buy AV products because they don’t know any better.
People buy a lot of AV, so it must be the best protection available, right? Wrong. This is not a good argument. People buy a lot of cigarettes, too. This is not to discredit AV; it does what it was designed to do, but it just isn’t enough by itself. Fraudsters and their toys are a force to be reckoned with, and AV alone isn’t up to the fight.

3. People are lazy.Look around you:
we built washing machines because we got tired of hauling our laundry and the washboard to the river and back. We built dishwashers so husbands wouldn’t have to wash dishes (and spot on, I say!). From cars to nappies, humans demand easy-to-use, painless solutions that give us more time for ourselves and deliver the desired outcome with minimal effort. We want the same from our internet security. We can clap our hands and turn on a lamp, so we should be able to “plug and protect” our PCs just as easily.

The future, from my point of view.
Our houses have doors, burglar alarms and insurance. Well, most do, at least. If you don’t have a door, a burglar can walk in and steal your PC; thus, the door prevents the burglar from entering.

But Melih, doors can be kicked in!

Yes, they can, so continuing to get stronger doors isn’t much of a solution. This is why we should never rely on just one layer of security. The door to the house isn’t enough, so we install a burglar alarm. If he can get in, at least we can detect him – prevention plus detection, two layers. Let’s say he cuts your electric wires or manages to turn off the burglar alarm in another way (They make it look so easy on TV, don’t they?). He walks away with not only your computer, but your priceless stamp collection, too. This is why we have insurance, to recover the value of stolen items. Thus, insurance is the cure, the third layer in our layered approach. Stacking up these layers, in order, to protect the PCs in our homes, we have:

1. A door for prevention
2. A burglar alarm for detection, and
3. Insurance for the cure.

I thought you were going to tell us how to secure our PCs, not our homes, Melih!

I just did. The layered approach can be just as easily applied to our PCs. We use AV as our main source of defense, but is AV prevention? No, it’s detection, the veritable burglar alarm for a PC, but it must have the malware signature – the burglar’s mug shot – or it won’t sound the alarm. A new burglar, however, has a free pass, and no alarm goes off. This, my friends, is the infamous Zero Day attack, which our AV allows to happen. Now relax, AV devotees. I’m not saying AV is crap; I’m just pointing out its weaknesses, so calm down. With AV, our PC “house” has a burglar alarm but no door. Ridiculous, right? But that’s how it is! Some of us employ Firewalls too, but that’s also a form of detection, with a little prevention thrown in, if it’s a decent Firewall that doesn’t leak. If a firewall does leak, it lets the burglar (malware) take something out of the house or, in firewallspeak, make a call to the Internet with your sensitive information. A good firewall sounds an alarm in the form of a popup when this happens, and a really good firewall gives you advice on what to do next. You need both the AV and the firewall to detect someone coming in and things going out. So now our PC house has a decent burglar alarm (detection), but no door. Yikes!

Dude, where’s my door?
This is where we are challenged and need to change the model altogether. We are backwards when it comes to our default settings, but we can overcome this. Today, it’s fair to say that PCs are running with the “default: allow” function, which means they are allowing everything to run and hoping to catch the bad stuff before it executes. It’s more of a swinging gate than a door, and can’t really provide the prevention we seek.

So we should run with the “deny all” function and only allow the good stuff, right?

Bingo. With the “default: allow” in place, we operate on a system of “blacklisting”, blocking only the things that we know ahead of time are destructive. By reversing that and only granting entry to those names on the “whitelist”, we save ourselves the hassle of trying to figure out who’s good and who’s bad. If you aren’t on the list, you’re not coming in, period. Thus, we have a door, it’s solid, and it’s locked.

But Melih, who wants to deal with all the popups asking us if we trust ‘this or that’?Frankly, no one, but why are we making the assumption that the whitelist database will be limited? It is feasible to create a very cogent whitelist security layer which will be virtually noise-free for the average user, and that is exactly what we are doing.

The days of going to bed without locking the front door are long past. PC security is, or should be, just as important as the security of our homes and personal belongings. We deserve to live our lives without the constant worry of burglary and vandalism, and only a layered approach will give us that peace of mind in regard to our computers.

Melih’s prediction: prevention will become the first line of defense!

thank you

Melih


Please fill out this form to help you serve better: Internet Security Feedback Form

Wednesday, June 27, 2007

Origination of Names of Great Companies.........(Just for a Change)

Comodo –Well, it started with what we have in common with the Komodo dragon. It's the largest dragon in the species, the most powerful and adaptable. Then the K was changed as C to show our powerful commitment to commerce, communications, even, .com. We're back to the internet.

I was wondering what would have made some famous companies select their name…………. Got a forwarded mail like this........

Mercedes: This was actually financier's daughter's name.

Adobe: This came from the name of the river Adobe Creek that ran behind the house of founder John Warnock.

Apple Computers: It was the favourite fruit of founder Steve Jobbs.He was three months late for filing a name for the business, and he threatened to call his company Apple Computers if the other colleagues didn't suggest a better name by 5 0'clock. CISCO: It is not an acronym as popuraily believed.Its short for San Francisco.

Compaq: This name was formed by using COMp, for computer and PAQ to denote a small integral object.

Corel: The name was derived from the founder's name Dr. Michael Cowpland. It stands for COwpland Research Laboratory.

Google: The name started as a joke boasting about the amount of information the search-engine would be able to search. It was originally named 'Googol', a word for the number represented by 1 followed by 100 zeros. After founders - Stanford graduate students Sergey Brin and Larry Page presented their project to an angel investor; they received a cheque made out to 'Google'.

Hotmail: Founder Jack Smith got the idea of accessing e-mail via the web from a computer anywhere in the world. When Sabeer Bhatia came up with the business plan for the mail service, he tried all kinds of names ending in 'mail' and finally settled for hotmail as it included the letters "html" - the programming language used to write web pages. It was initially referred to as HoTMaiL with selective uppercasing.

HP: Bill Hewlett and Dave Packard tossed a coin to decide whether the company they founded would be called Hewlett-Packard or Packard-Hewlett.

Intel: Bob Noyce and Gordon Moore wanted to name their new company 'Moore Noyce' but that was already trademarked by a hotel chain so they had to settle for an acronym of INTegrated ELectronics.

Lotus (Notes) : Mitch Kapor got the name for his company from 'The Lotus Position' or 'Padmasana'. Kapor used to be a teacher of ranscendental Meditation of Maharishi Mahesh Yogi.

Microsoft: Coined by Bill Gates to represent the company that was devoted to MICROcomputer SOFTware. Originally christened Micro-Soft, the '-' was removed later on. Motorola: Founder Paul Galvin came up with this name when his company started manufacturing radios for cars. The popular radio company at the time was called Victrola.

ORACLE: Larry Ellison and Bob Oats were working on a consulting project for the CIA (Central Intelligence Agency). The code name for the project was called Oracle (the CIA saw this as the system to give answers to all questions or something such). The project was designed to help use the newly written SQL code by IBM. The project eventually was terminated but Larry and Bob decided to finish what they started and bring it to the world. They kept the name Oracle and created the RDBMS engine. Later they kept the same name for the company. Do you know why they named this project 'Oracle'? ORACLE :One Real A**hole Called Larry Ellison

Sony: It originated from the Latin word 'sonus' meaning sound, and 'sonny' a slang used by Americans to refer to a bright youngster.

SUN: Founded by 4 Stanford University buddies, SUN is the acronym for Stanford University Network. Andreas Bechtolsheim built a microcomputer; Vinod Khosla recruited him and Scott McNealy to manufacture computers based on it, and Bill Joy to develop a UNIX-based OS for the computer.

Apache: It got its name because its founders got started by applying patches to code written for NCSA's httpd daemon. The result was 'A PAtCHy'server -- thus, the name Apache Jakarta (project from Apache): A project constituted by SUN and Apache to create a web server handling servlets and JSPs. Jakarta was name of the conference room at SUN where most of the meetings between SUN and Apache took place.

Tomcat: The servlet part of the Jakarta project. Tomcat was the code name for the JSDK 2.1 project inside SUN.

C: Dennis Ritchie improved on the B programming language and called it 'New B'.He later called it C. Earlier B was created by Ken Thompson as a revision of the Bon programming language (named after his wife Bonnie).

C++: Bjarne Stroustrup called his new language 'C with Classes' and then 'new C'. Because of which the original C began to be called 'old C' which was considered insulting to the C community. At this time Rick Mascittisuggested the name C++ as a successor to C.

GNU: A species of African antelope. Founder of the GNU project Richard Stallman liked the name because of the humor associated with its pronunciation and was also influenced by the children's song 'The Gnu Song' which is a song sung by a gnu. Also it fitted into the recursive acronym culture with 'GNU's Not Unix'.

Java: Originally called Oak by creator James Gosling, from the tree that stood outside his window, the programming team had to look for a substitute as there was no other language with the same name. Java was selected from a list of suggestions. It came from the name of the coffee that the programmers drank.

LG: Combination of two popular Korean brands Lucky and Goldstar.

Linux: Linus Torvalds originally used the Minix OS on his system which he replaced by his OS. Hence the working name was Linux (Linus' Minix). He thought the name to be too egotistical and planned to name it Freax(free + freak + x).His friend Ari Lemmke encouraged Linus to upload it to a network so it could be easily downloaded. Ari gave Linus a directory called linux on his FTP server, as he did not like the name Freax.(Linus' parents named himafter two-time Nobel Prize winner Linus Pauling) .

Mozilla: When Marc Andreesen, founder of Netscape, created a browser to replace Mosaic (also developed by him), it was named Mozilla (Mosaic-Killer, Godzilla).The marketing guys didn't like the name however and it was re-christened Netscape Navigator.

Red Hat: Company founder Marc Ewing was given the Cornell lacrosse team cap (with red and white stripes) while at college by his grandfather. He lost it and had to search for it desperately. The manual of the beta version of Red Hat Linux had an appeal to readers to return his Red Hat if found by anyone!

SAP: "Systems, Applications, Products in Data Processing", formed by 4 ex-IBM employees who used to work in the 'Systems/Applications/Projects' group of IBM. SCO (UNIX): >From Santa Cruz Operation. The company's office was in Santa Cruz.

UNIX: When Bell Labs pulled out of MULTICS (MULTiplexed Information and Computing System), which was originally a joint Bell/GE/MIT project, Ken Thompson and Dennis Ritchie of Bell Labs wrote a simpler version of the OS.They needed the OS to run the game Space War which was compiled under MULTICS.It was called UNICS - UNIplexed operating and Computing System by Brian Kernighan. It was later shortened to UNIX.

Xerox: The inventor, Chestor Carlson, named his product trying to say `dry' (as it was dry copying, markedly different from the then prevailing wet copying).The Greek root `xer' means dry.

Yahoo!: The word was invented by Jonathan Swift and used in his book 'Gulliver's Travels'. It represents a person who is repulsive in appearance and action and is barely human. Yahoo! founders Jerry Yang and David Filo selected the name because they considered themselves yahoos.

Thursday, June 14, 2007

EV SSL Certificates - Authentication for Sole proprietor and Small Businesses

CA/B Forum Ratifies Extended Validation (EV) SSL Certificate Guidelines to Provide Improved Online Authentication to More Businesses For Safer Online Transactions.Comodo instrumental in enabling all verifiable businesses - including sole proprietorships - to better authenticate their identities for improved customer trust and profitability

EV SSL certificates to sole proprietorships in light of the recent ratification of the EV SSL Guidelines by the CA/Browser Forum. This first ratification, two years in the making, is a milestone in the accessibility of authentication solutions for a wider range of businesses.
EV, until now, was not available to sole proprietorships and non-corporations, as the validation process only extended to corporations registered with government agencies. This put the sole proprietors at a disadvantage, as they did not have the budgets to create consumer trust through extensive brand building programs involving advertising or running "brick and mortar" retail outlets. Comodo, initiator of the CA/Brower Forum, was one of the key advocates for the extension of EV to sole proprietors, recognizing the greater level of trust they would get from EV certificates.

Background information on EV

EV SSL builds on the trust that the marketplace has in traditional SSL protection by adding an additional layer which enables the address bar in the browser to turn green, delivering visual authentication of a site's identity. Site visitors are increasingly demanding this level of identity authentication and are apt to abandon sites that do not provide it. Since EV protects users from doing business with sites that are not authentic, these EV-protected sites can be more trusted offering greater potential conversions rates, revenue and lifetime customer value.
Because of the stringent EV validation process, verifiable businesses will be able to obtain EV, while fraudsters will find it more difficult. Only a Certification Authority can issue EV SSL certificate, and before doing so, must:

1.) Verify the legal, physical and operational existence of the entity
2.) Verify that the identity of the entity matches official records
3.) Verify that the entity has the exclusive right to use the domain specified in the EV certificate, and
4.) Verify that the entity has properly authorized the issuance of the EV certificate

The standards also include rigorous auditing criteria which Certification Authorities must meet to ensure their compliance and be allowed to issue EV certificates.

For more information, visit http://www.instantssl.com/.
This new initiative will increase the Business/Sale of proprietorships and Small Business. Avail your EV SSL from Comodo - The Initiators of Trust to non-corporations.
To avail EV SSL contact sales (at) comodo (dot) com or yuvarajr (at) comodo (dot) com

Tuesday, May 29, 2007

Future of IT Security | Web Security

Believe it or not, today’s security products are the features of tomorrow.

In the future from now on there would be a dramatic change primarily in the area of technologies and applications that use Internet, productively in all aspects of the business and life everyday. In order to have a Secure Technology Generation (STG) it’s a must to shape the future of the WWW net.

In relation to the growing Consumer Issues over the internet such as Phishing, Privacy Disclosures, Identity Fraud etc,Online Financial & Merchant businesses and Services really Require Stronger Authentication Methods more than that of Simple PINs and Passwords to have an increased e-Commerce Security Environment.

Information Technology practices are upgraded and improved, still the attackers, phishers and business requirements keep raising the bar and are in the look out for new technologies every second due to the increased security threat. This is because not only the e-Commerce is in danger but also the business doer. As they want to protect themselves from these kinds of threats the security practitioners are having scheduled for so many proactive levels, predicting the future threats.

When it comes to security of Internet, the experts who analyze the online business themselves have got so many questions, such as

1.) What kind of the Security measure is globally suitable?

2.) Will the Secure Sockets Layer (SSL) certificate be standard security in future or an upgrade of some online security appliances is needed?

3.) Will the SSL & PKI alone would solve the authentication requirements?

4.) Would the firewall be made transparent?

5.) And what level is the Vulnerability going to be in the future?

And so on………. While there is not going to be significant increase in the level of threat for the corporatism, still there is going to be threat to the external element of the enterprise, which is going affect the corporate. As discussed already “Today’s Security Products are Features of Tomorrow”, nowadays firewall comes with antivirus, anti-spyware detection tools. Also the upgrade in the SSL to EV (Extended Validation) SSL shows the increased trend in technology and security. No sooner in 2010, Internet Security Package is going to have all the threat fighters, such as EV SSL, Hacker Prevention Tool – Vulnerability Scanner, Firewalls, Antivirus, Anti-Spy ware, Anti-Malware, Site monitors plus the other secure tools which would be found based on the present and future threat.

Let’s Hope for a Better Future………. : -)

I wish you would go through this blog to know more about Internet security and Online marketing http://trenchwars.wordpress.com/

Please fill out this form to help you serve better: Internet Security Feedback Form


Monday, March 12, 2007

UTI Bank – Be alert and be safe from online fraud

Recently got an email to my yahoo account from a phisher who meant that the mail is from UTI bank stating that the SSL certificate has been upgraded, and it requested for us to sign in for the UTI Banks Secure Internet Banking, providing an link.


When I clicked the link it went to some other site, which is exactly designed like the UTI Banks website. No SSL certificate found in that site.


So be alert that these kind of mails may be we get from the phishers. By chance if you happen to give your details, it would be stored in the phishers / hacker’s system, and its easy for the phishers / hacker’s to log in to your account and get the money. So make sure not to provide your contact details until you are sure that the email is from the UTI Bank and is a genuine one and also HAS GOT A PADLOCK ICON in the browser, which meets the criteria as well including the https:// in the link. Also UTI Bank account holders please do check if the link points out exactly to http://www.utibank.com/ and then got the banking session from there. Its up to us, whether to get fooled or not.

Is taking a Bank Loan Good or Bad?

Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am...