Are Anonymous Proxy Lists the Key to Anonymous Web Browsing?

Well they sure sound like it don't they - pick a server from the anonymous proxy list and direct all your surfing through it. It does give the impression of security but I'm afraid it doesn't quite tell the whole picture and in fact if you're unlucky using this method may effectively give away your identity online.

The key to understanding the role of the anonymous proxy is really understanding what a proxy actually does. You've almost certainly used one at work or school if you have access to the internet. Very basically all your web requests are sent to this server and then directed out at the target site, the proxy server then forwards all the received information to your browser. The advantage is that your work or school can control what goes in and out of their network and has a list of every web page surfed.

When you use one of the free anonymous proxies from these lists that is what you are doing, sending all your information via this one server to forward all requests. The advantage and the reason people use them is that your own IP address is not logged on the server you visit (it logs the proxies address instead)

The disadvantage is that you basically hand all your web traffic to the owner of one server to control, the system administrator of the proxy server can access ALL your web traffic if they wish, as well as log all your activity as well. One of the other disadvantages is that you will almost certainly slow down your browsing substantially, these proxies almost inevitably get overused and it adds another hop to your browsing.

The other significant problem is that these anonymous proxy servers are usually hacked or misconfigured servers, they are often full of spyware and the real owners often have no idea t hey are being used as a proxy! If you use an anonymous proxy make sure you know who runs and administrates this server and that you are not using one owned by a European Hacking Crew!

To be anonymous on the internet you need to do much more than use an anonymous proxy server in any case. All your web traffic and your IP address are accessible across the wire and everything is logged at your ISP (for two years in Europe). HTML traffic is mostly sent in clear text, it's perfectly readable as you'll see if you ever start a sniffer at a wireless cafe or hotel.

I use a solution which combines a network of secure and private proxies (so I can change my location when I need) that is I can appear as a US surfer one minute, then use a German proxy a few minutes later. It also encrypts my connection completely using a military grade cipher called AES so nobody not even my ISP can view my connection. Obviously I have to pay a small charge for this but I would rather stay secure and anonymous and my browsing speed is not affected.

If you want to read about some of my thoughts on using anonymous proxies and how you can surf without being spied on, try the link below.

Anonymous Surfing Proxies

Jim

Email Spam Scams and Variations of 419 Scams

With the horrific stories of successful scammers making millions from fraudulent activities online, efforts are now in full force to crack down the 419 scammers. An ABC documentary on the subject traced a scam to its origins in Nigeria.

The ABC documentary was just one of many efforts, now getting more concerted, to crack down on the fraudsters perpetuating this activity on a massive scale. The Nigerian police has created the Economic and Financial Crimes Commission (EFCC), a special division specifically to enforce the section of the Nigerian Criminal Code, 419. The code makes it illegal to obtain money by false pretenses. It was not enforced until recently.

The scams happen worldwide. The old, traditional post mail scams have now escalated to million-dollar, worldwide fraud business because of the availability and accessibility of internet facilities. What authorities find out though, is that a lot of these scammers are not part of an organization. While there may be highly organized master scammers, many are small scale schemes looking to make an easy buck.

A lot of the scams have been traced back to parts of Western Africa. Nigeria is a hot spot. The decline in Nigeria's oil-drive economy has left millions desperately poor. But instead of looking for decent jobs, thousands of computer-savvy Nigerians are making a living off of thousands of gullible people from the West, many of whom are Americans.

Spam emails are the most widely used method of fraud. Spammers send varied types of fraudulent emails. It begins with the use of email extraction programs that scour internet websites for email addresses. In some instances, fraudsters obtain a list of email addresses from the black market.

The scammer would usually pose as a widow or heir of a corrupt government official who has left his family with embezzled money stashed away in some hidden account. The widow would ask help to get their money on the funds and in exchange, promise millions of dollars in reward money.

Sometimes, a scammer will pose as a diplomat or a corrupt government official looking to make for a partner-investor in a business. The proposal is usually to ask help to funnel dirty money and "cleanse" it. The money is supposedly stashed somewhere inaccessible. If one helps release the funds that would require advancing a small sum of money, the victim will supposedly receive a million-dollar reward and business deal.

Scammers will sometimes notify a victim of winning a lottery online. The amounts would be anywhere from hundreds of thousands to millions of dollars purportedly held in trust somewhere pending your accomplishment of some paper work. Typically, the victim will be asked to pay a small sum to cover facilitation and processing fees before the money could be released.

Some scammers will identify themselves as a bank officer knowing of a deceased depositor who has died without a next of kin. He would ask the victim to help them get the funds before others do by posing as next of kin and filing a claim. The victim will then be promised a commission, a reward for the help.

More recent forms now involve romance angles and a lot of them now operate in dating sites and online communities. They pose as desperate women wanting to fall in love and scam lonely, gullible men for cash.

For more information on Anti-Spam Forum and Charitable Fraud and Religious Scams please visit our website.

Screwing With the System - The Most Dangerous Computer Viruses Ever

The worldwide web is actually very much like our world in several aspects, it's just a little weirder at times. Like the everyday waking world, there are a of ways to have fun, to socialize, to engage in artistic endeavors or to establish a good business strategy among other things. And as much as there are a lot of good things about the web, there are also a lot of dangers to look out for. Hackers (or crackers for that matter) are like thieves and trespassers that use dexterity and careful planning to steal information or money. Cyber-stalkers are much like real life stalkers except that they have the advantage of anonymity and fading into the shadows much thanks to all the advantages the Internet offers. And then much like in the real world, we or our computers can and do get sick-from threats like computer viruses.

What makes these viruses unique from the vicious strains found in nature is that they are man-made. And instead of killing and crippling individual people, they have the capacity to cripple and kill entire industries, organizations and services. Many call the creators of these deadly strains criminals although some have created cult fanbases for themselves, which believe them to be modern day heroes. Whatever you may think of them, here is a list of the most deadly viruses that have been released to damage sectors of society, as a form of protest, or even as some say, by accident:

Melissa Virus: The Melissa virus was one of the most dangerous viruses and one of the fastest spreading ones in recent memory. It infected about 20% of computers worldwide, including the networks of Microsoft, Intel and other companies that relied on MS Outlook to be their default email client. Countless email servers around the world were forced to shut down just to halt the spread of this virus. The email came with an MS Word attachment that, when opened emailed itself to the first 50 people in your contact list. It also overwrote the document files in the infected computer with quotes from the famous TV show, 'The Simpsons'.

Blaster: This was a virulent strain of malware that spread itself not through email but through the vulnerability of both the Windows 2000 and Windows XP machines. Once a computer was infected, it displayed a message box indicating that the system would shut down in a couple of minutes. Discovered in the code was a message to Microsoft owner, Bill Gates saying: "Billy Gates, why do you make this possible? Stop making money, and fix your software!"

MyDoom: When the list of very damaging mass-mailing viruses is compiled, MyDoom will definitely be on the list. Though primarily written to spread through email, its growth became almost impossible to check with the emergence of the P2P software KaZaA. The MyDoom virus slowed down Internet access by 10% and caused some website access to be reduced by 50%. It was said that during its heyday, one it ten email messages sent contained the virus.

These are just a few of the many notorious viruses that have had computer owners and companies shaking their heads and pulling their hairs out in frustration. If you want more of the best instances of cyber-terrorism just visit: http://crunkish.com/top-ten-worst-computer-viruses/ .

Why I Use an Anonymous Web Proxy Service

I've been using an anonymous web proxy service for some time now and I don't think I would ever go back to ordinary surfing. It's not that I am some sort of shadowy cyber criminal with some secret online life, no I pretty much surf the same web sites as everyone else, I certainly don't go to illegal or criminal sites.

If you want to know why, it's simply because I value my privacy and I know what data is stored in the average organisation and how it is protected. Take your ISP for example, they logs pretty much everything that passes through them - every single request, every web page, every email and even every image is logged. The vast majority of this traffic is in cleartext so the majority of it is instantly readable and can be matched to your address.

It's amazing what these logs can tell about people you can build up a lot of information about someone from what they do on the web. So do you know who has access to these logs at your ISP, what controls are in place, how is this information stored ?

If you don't know your not alone but after 25 years working in IT, I'll pretty much bet you wouldn't like to know the answer anyway. This is the problem with much internet communication, it's so completely open - occasionally you'll obviously use a secure site to type in your credit card details. Yet up to the point all your information is flying across the internet ether completely unprotected and accessible to anyone who has the will and the knowledge to intercept it.

Believe me there are plenty of people who do have an interest in your information

Why do you think a European Directive was recently passed - Directive on Mandatory Retention of Communications Traffic Data. It's a bit of a mouthful but what it's actually doing is forcing your ISP to keep a record of every email sent, every internet session and web site visited for two years. So think back at every web site you've ever visited for the last two years and it's on record and can be matched to your own little electronic profile.

How does that make you feel?

Even if you've done nothing wrong it's bound to make you feel a little uneasy after all why do Governments want all this information about us? If you want to feel a little more uneasy, many Governments are looking at the UK Governments idea who are going to store all this information in a central database accessible to certain organisations. Fear not US citizens you'll not be left out - the FBI are pushing hard for similar data retention facilities.

Storing data is dangerous

If you store data you have to be prepared to take good care of it. All the privacy erosion concerns aside, the more personal data is stored about us, the more people will have access to it. How thorough do you think is the vetting procedure for an ISP Technical engineer ? Who potentially has access to huge amounts of this data. Even if implicitly trust our govenrments with this tremendous invasion of our privacy - fraudsters, identity thieves and others can create mayhem with this sort of information. These logs are gold dust to anyone trying to steal our identity for example - they can match up users, with web sites, pick up password and all sorts of personal information. Even though a small part of this information is encrypted when you're actually using a secure web site (with the padlock below) there's plenty of other personal information available to compromise your usernames, password etc.

An identity thief can pick up huge amounts of data about the average person all ready, an hour or two picking up all your web traffic and they'll also have where you bank, what web sites you visit and logon to and a whole heap more. This unfortunately is the tip of the iceberg and I suspect you'll see many, many people protecting their privacy online soon from identity thieves, hackers and even our friendly snooping governments.

Everything I do online is private, I use a fast professional service that anonymises my connection and encrypts all the data. My web logs sit next to yours in a server room at my ISP however mine are all completely encrypted and unreadable by anyone, whereas yours are in clear text.

One thing I should warn people about is the use of free anonymous web proxy services which you see all over the web. Be very, very careful about these and think why are they supplying a very expensive and resource hungry service for free? Remember also that by using one of these free proxies you are redirecting your traffic via this server whose owner can capture and log your data himself. Many of these are owned and run by Eastern European Hacking groups as an easy way to gain peoples traffic, so be careful.

So if you don't want hackers, crackers, identity thieves or even governments snooping on what you do on the internet do as I do. I use the most secure and professional service to encrypt and protect my web activities - the excellent Identity Cloaker service - click here to read more about them - Protect your Privacy

How to Successfully Monitor the Access of Your Child to the Internet

While installing surveillance cameras in a room would be a really far-fetched idea, it would seem advisable that you can somehow monitor what your children do on the internet. Therefore, you need to find the valid tools and processes that will ensure your child is protected against any internet attack.

While the best idea to monitor your children would be to sit next to them and watch them, sometimes constant surveillance is not possible. Therefore, you need to keep the internet connection somewhere at reach so that you can access it whenever you want to. Also, the computer needs to be located in a room different from that of the children, because otherwise they might be tempted to enter in the computer too often.

For smaller children, aged from two to ten years old, it is always advisable to be there with them when they are accessing the internet. Since this vast domain encompasses a lot of risks and there is a lot of gibber lurking around it, it is important that you know how to select only what is the most important fort your child and then make the browsing through the internet a valuable activity.

Another possibility would be to make sure that if you have a teenager or pre-teenager, then it would be best to instill some other rules. You need to keep constant checks on the web history that your computer can store and also know how to master the Hosts file from the computer so that you can keep blocking out content. Therefore, using browsers as well as filtering software such as the ChildLock, Bsafe Online, Mcaffee Internet Security, Cyber Snoop or Net mop, you will ensure that you are protected against online attacks.

As parent, you are also expected to instill in your child the feeling of responsibility and value of privacy. You need to openly discuss with your child topics such as health or sexuality without delving into the other extreme. Router with internet filtering abilities can also be a solution to your security problems. Therefore, you need to know the way of being able to block out content.

While hardware and software are good tools in helping parent's monitoring kids online activities, they are no substitute to teaching your children internet safety tips

Reverse Email Searching is Available All Over the Internet

Sometimes, a reverse email search is one of the best decisions you can make to help protect you and your family's security. In fact, the chances that you may need to use such a resource increase every day as email becomes an increasingly important and frequent means of communication. Luckily, rather than worrying about finding and making good use of the correct email directory, you can use a reverse email search to access this information for you. The even better news is that similar online resources are available all over the internet, so with the likelihood that you will need browse this data comes this knowledge that you will be able to do so quickly, easily, and nearly instantaneously.

Since there are so many available reverse email search sites, it may seem difficult to pick the best one. For people in this awkward position, there are a few good guidelines to remember. While there are a lot of reverse email searches, not all of them have free access to the email directory you need. This means that using a free site when you need to find information listed in a private email directory will probably mean that you are only able to find out more about the server and not the actual username.

If this is the case, then you should look a little harder to find a reverse email search that is upfront about what type of email directories it makes available. After all, you do not want to spend precious time or unnecessary money trying to figure out certain types of data, such as the user's IP address, with a free public reverse email search.

There are a lot of servers and email addresses and a lot of possible directories in which the information you need could be contained, but the good news is that there are almost as many reverse email searches to help you locate the exact email directory containing the specific entry you want to see.

Don't send Claudia Kim a sketchy email because she will run a an email search on you at http://www.emailfinderpro.com

Protect Yourself From Cyber Criminals

Don't you like to protect your money and keep your private information safe? Are you frightened by the possibility an Internet criminal will steal your credit card and do things with your name after stealing your identity? Guess what! You can prevent this mess from happening. Let's go over the steps you can take to prevent identify theft and loss of your money while you are online.

Take precaution with storing information and passwords on any computer you use. You might be thinking, "I am the only one who uses my computer; therefore, I can store the password I use to log into my computer and any accounts I have with different websites." If you believe this and act accordingly, you could be in trouble. Someone might rob you of your laptop or break into your home and steal your computer. Furthermore, you will probably have to recycle or throw away your computer eventually.

Choose passwords wisely. Do not choose a password that has any part of your name or other information that identifies you. Choose an unusual password or a password you think others will have trouble guessing. If you open an online banking account or PayPal account, create a password that contains numbers and capital letters. Never reveal your passwords.

Be careful when reading E-mail messages from PayPal. The real PayPal site only addresses you by your name and it does not provide links for you to click or ask for your password. If you get a "PayPal" or "eBay" message saying you must verify your account to avoid suspension, ignore it. If you are ever tempted to respond, it is safer to copy and paste the link into your browser. If you ever believe an account of yours has been breached, immediately change your password and report the breach to the site holding your account.

Ignore E-mail messages in which you are asked to submit a form to claim a tax refund. The IRS does not actually contact people online unless they are returning a message.

Ignore messages from Microsoft and others that try to get your personal or financial information by claiming you have won the lottery or that you are a beneficiary of a huge sum of money. Also ignore messages in which each letter for the sender or subject line is capitalized.

Take precaution when sending messages online. A cyber criminal gained access to my debit card after I revealed my new debit card number on a web site's contact message form as a result of not being able to get their system to recognize my new debit card.

Handle your social security number with care. Do not provide it when you use a web site or submit a cover letter, resume or other form of communication online.

Be careful when making online purchases. Make sure the site has a padlock symbol that represents a secure purchase. An https site is highly encrypted to prevent others from seeing your credit card.

Use these tips to prevent identify theft and loss of your money!

Todd Hicks owns Skill Development Institute, an enterprise that provides a keyboard typing lesson and academic study guide. To become a great typist or student, visit Skill Development Institute.

http://sdinst.blogspot.com

Virtumonde Attacking the Web

Virtumonde Trojan demonstrates that contemporary antivirus protection leaves much to be desired. This malware seems to have been specially created to make popular security programs look imperfect. Some are able to detect the infection, but cannot remove nor quarantine them.

At a closer look Virtumonde is nearly a perfect virus. It self-protects, monitors the system memory of the infected computer, randomly names its malicious files, and integrates with Windows critical processes.

This Trojan is responsible for adware pop-ups, redirecting browsers to websites with ads and malicious scripts. Virtumonde is able to change the desktop background (wallpaper), screensaver, and disable some tabs of Desktop Properties. Besides, some variations of the trojan are capable of disabling Task Manager and Registry Editor thus making everything to prevent its successful removal.
Virtumonde loads a .DLL file into memory to ensure it's always up and running. A special module watches the environment inspecting the processes, and puts the virus back into memory whenever any program (e.g. antivirus) tries to close it.

Self-restoring mechanism allows virtumondo to restore its associated files if some of them are removed by security programs. That is, upon next computer reboot the Trojan is back and fully functioning.
The main files that are integrated with Windows Explorer and Winlogon processes make the infection resistant and hard to remove. Popular Windows security suites from biggest software manufacturers often cannot break the tight linking of the malware to critical components.

This explains why specific steps and virtumonde removal tools are needed to clean out infected computers.

• First, it is necessary to unload malware services from system memory.
• Second, registry entries and keys related to Trojan virtumonde should be deleted at once.
• Third, malicious files should be permanently erased from the system.

All this has to be done in one Windows session, without restarting, or the Trojan will be able to restore itself to previous state.

Several software companies and volunteer programmers decided to develop special tools to help users remove Virtumonde. Among others, Symantec provides a free fix tool for certain variations of the virus.

If you're a victim of the infection and want to remove the trojan with as little hassle as possible, get your hands on free virtumonde removal tools. Available removers are known to fix the malware without the need to call for expert help.
Alberta Glamerheim is an author and consultant who writes about Internet privacy management issues, and publishes articles related to PC security maintenance.

Learning security lessons from the motives of malware

Security threats have changed greatly over the past several years. The worst "hacking" was comprised of kids defacting web pages to get improve their stats on defacement boards and sending out viruses to pronounce their undying love for some unfortunately girl. Concerted, financially motivated attacks did occur, but they were somewhat rare and normally involved industrial espionage of some form.

Today, though, an entire economy has been built around "hacking". Much like television networks trying to attract eyeballs for advertisers, today's hackers are trying to infect computers with trojans and other malware. These "botnets" are sold and traded in an underground market. The purposes for the botnets are varied: stealing backing information from the victims, using the collection of computers to implement an protection racket against DDOS attacks (as we have seen many times lately), to simply installing adware. Because of this, attackers are racing to find and exploit new vulnerabilities in software as quickly as possible - at least before someone else does. There is also no honor between theives - it's not uncommon for some piece of malware to intentionally disable the malware from some other group, so the former can keep his network pure and maintain the profitability of the botnet.

So, what can we learn from this?

We will continue to see faster and faster virus propogations. The virus writers are now financially motivated to infect as many computers as possible before anti-virus signatures are available and applied. Using non-conventional tactics to defend against these viruses are going to be needed. Such tactics include using behavioural virus scanners, rather than singature based scanners. Internet Security Systems and Panda both offer implementations of this.

We will continue to see worms that are released either before or shortly after acknowledgement of a weakness - and quite often before a fix is available. In the past, a rigorous patching program was typically enough to provide a reasonable amount of protection. Again, though, non-conventional tactics are needed - such as general buffer overflow exploit protection, more diligence around segmenting network assets to minimize the spread of worms, and tools to identify when a worm is present. Certainly, this aslo underscores the importance of tightening up already rigorous patching processes. An additional layer of protection can often be found in host and network intrusion prevention tools. Such tools are often updated quickly in response to a new threat and provide a buffer between the release of a worm and the time that systems are patched.

Certainly, organized crime is not the only source of malware - plenty of enterprising individuals are participating. Keeping up with the motivations of hackers will give you a better understanding of what you need to protect against and what threats you can expect down the road.

About the Author

Jerry Bell has been in the information security industry for 8 years and has spent 4 years as the Director with responsibility for information security and regulatory compliance at a $300M public company. IT Capability

Can You Recover After a Security Breach?

If you haven't already taken adequate steps to ensure your data and computer security systems are up to date and working to protect you against hackers and other potential threats, then you should do it right now to ensure the chances of being subjected to a security breach are as small as possible.

Unfortunately some businesses take the attitude that there are always more important things to be doing - such as winning new clients for example - and they never quite seem to get around to it. But if you can number yourself and your business among that group, you could be heading for disaster.

If you need an incentive to make sure your network security is as good as it should be, then consider what you would do and how you would be affected if someone did manage to break into your systems and cause havoc as a result.

A lot of people immediately think of the practical considerations. That is understandable, as you will want to see how much data - if any - was compromised or lost during the security breach. The natural step then is to do what should have been done in the first place and plug those holes so no one can get through them again in the future.

But that isn't the only problem you would be faced with if you did fall victim to the hackers. News of the breach would almost certainly reach your clients in one way or another, and that would mean some serious damage limitation exercises would be due on your part.

Just consider how you would feel if you discovered that your personal information had been compromised like this. Even if you were reliably told that the chances of your information actually being used or accessed by someone else were extremely slim, you would still wonder if that tiny chance would actually happen.

But even if it was safe you would begin to wonder how reliable that company is when it comes to looking after your data. Some people may have been with that company for some time - and yet they would still be thinking about whether or not they should go elsewhere. This is the kind of situation you would be faced with if you became the owner of a business that was known for having been hacked into remotely.

It's not unknown for some businesses to be affected like this and never recover from the damage that is done. This is where many people slip up - they assume the damage is physical and can be repaired, ensuring that nothing similar happens again.

But the real damage is that caused to your customers, and no matter how much apologising you do, the decision of whether those customers stay with you or go elsewhere is, at the end of the day, down to them and them alone.

So why chance the future of your business by leaving its security until tomorrow? If you do, tomorrow might just be too late to do anything about it.

Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Penetration Testing

Computers Get Sick Also - About Computer Viruses

A computer program capable of copying itself and infecting a computer without even the user's permission or knowledge is known as a computer virus. When the host of a computer virus is carried to an uninfected computer, then the virus spreads from one computer to the other. Viruses get transferred over a network, Internet or through removable mediums like floppy disk, CD and USB drive.

There are three basic categories of computer viruses which are boot infectors, system infectors and generic application infectors. The boot sectors of diskettes and hard disks are attacked by the boot infectors. During the first access of a diskette the virus transfers itself to the sector 0 of the diskette and it then spreads to the system that are booted from this diskette. The Pakistani Brain Virus is an example of a boot infector. The system infectors are found to be attached to the operating system modules and Lehigh virus is a typical example. The Generic application infectors have the capability to harm any application program. Well known viruses of this kind include the Israeli Virus and the Scores Virus.

There are various theories and controversies regarding the first known computer virus. But majority support the view that The Creeper was the first virus that was detected on ARPANET which happens to be the forerunner of the internet in the 1970s. It found its way through the TENEX operating system and had the capability to use any linked modem to dial out to all remote computers for the purpose of infecting them. There are again beliefs about "Rother J" to be the first computer virus to have appeared "in the wild" which means outside the lab or the single computer where it originated. But the truth is that, it was the first virus to infect computers "in the home". A boot sector virus called The Brain was the first PC virus which appeared in the wild. In 1986, Farooq Alvi Brothers from Pakistan created this virus with the aim of discouraging pirated copies of software written by them.

CIH and Melissa are two well known viruses which created disasters in the years 1998 and 1999 respectively. The estimated amount of damage that CIH created was 20 to 80 million dollars. This virus originated from Taiwan and Windows 95, 98, and ME executable files were its main targets. This virus found its residence in a PC's memory. Soon after its activation, it started overwriting data on the host PC' hard drive and as a result it made it inoperable. It also prevented boot-up of the host by overwriting the BIOS of the host. Although it caused disasters and losses at some point of time but it is not a serious threat nowadays because of the migrations to Windows 2000, XP, and NT which are not susceptible to CIH. Melissa caused an estimated damage of 300 to 600 million dollars. This was a word macro script that infected the business PCs. The rapid spread of the virus made Intel, Microsoft and other companies that were using Outlook to shut their total e- mail systems down! This virus used the e- mail lists of the user of Microsoft Outlook to e- mail itself in the form of a .DOC file as attachment. Unsuspected receivers opened the file and got their systems infected.

There are a number of destructive viruses like Blaster, Bagle, MyDoom, Sasserbut I LOVE YOU released in 2000 deserves special mention. This acted like Melissa by e- mail itself with an irresistible message: I love You. It even used to find the IDs and passwords of the users of infected machines to send e- mails to its author. The amount of damage was estimated as 10 to 15 dollars. The irony is that Philippines had no law against computer viruses at that time and so it failed to punish the author of I LOVE YOU who was from Philippines itself!

For more PC security tips, advice and antivirus software reviews visit http://www.antivirus-software.com

What Governments and Agencies Are Doing About PC Security

If you felt isolated and susceptible in the battle against cyber-space terrorism - virus and malware attacks - then there is no need. Numerous forces have joined together to help safeguard the nation's computer infrastructure from abuse. Just like the US armed forces guard the homeland - and indeed every nation has armed forces - there is an army of technical staff out there who have put their heads together to come up with computer security and defense strategies.

One such agency is The United States Computer Emergency Readiness Team (US-CERT). The department of Homeland Security has collaborated with other private and public sectors to respond to national cyber attacks and correlate defense. You can learn a lot about them and about viruses from their website us-cert.gov/, from which you can also subscribe to mailing lists for firsthand knowledge.

US-CERT professionals evaluate and decrease the threat of cyber attacks, interact with other federal agencies, research communities, industry and governments at both state and local levels to decide if and what action should be taken. And they are responsible for alerting the general public as to what action needs to be taken.

They are available for communication from the general public about cyber issues that may arise. You can report a virus to them and they will investigate it to determine its seriousness and find how to stop it from spreading. Confidential information may be submitted through the Protected Critical Infrastructure Information (PCII) Program. This will be safeguarded from public disclosure.

There are many other government agencies that work to try and preserve computer security, whether their own or that of the general public. But generally it is private organizations that do the most work in creating patches to exclude new viruses or in upgrading anti-virus software. Let a new virus spring into being and a whole host of goodies also swing into action. And they soon spot ways to eradicate the danger.

Microsoft works hard to give the personal computer user additional protection. Parents can get special programs that permit them to watch over their children and protect them from identity theft and corrupted viewing. Windows Vista and Xbox parental controls will control the type of movies they observe and the games they play online. The parent can become the Administrator and allow only limited or restricted use for the children's user accounts. Instant Messenger can be configured to only allow known contacts.

Garey Simmons writes about computer troubleshooting from personal experience. Garey performs his own for his small office computers and likes http://1ComputerHelp.com

Security and Multi-Layer Antivirus

No computer network can be 100% protected from threats that the internet and attackers can bring. But with a smart IT security policy and using a layered approach, you can reduce your company's risk to attack.

Viruses today are more blended and have a higher payload than ever before. This means that they are easier to distribute and can do greater damage. Viruses today can attack networks at even the lowest level which means they can bypass desktop and server antivirus software. Software antivirus no longer provides the complete protection that it once did.

So what is layered antivirus and network security and how should you approach it? Simply put, it is like placing a defense barricade at every possible entry point onto your network. A typical layered antivirus solution will include server AV, desktop AV, gateway AV, email AV, and sometype of intrusion detection/prevention service (IDS, IPS).

This approach will not only protect from threats that come in at the computer and file system level, but will also protect your network from denial of service and other network level attacks.

A layered approach also helps provide efficiency and load-balancing on your network. If you find that your email server is getting pounded by daily phishing or virus emails, then having gateway antivirus can help take some of the load off of your email server by stopping those emails from ever reaching the server.

It also provides greater security on desktops using gateway antivirus. If a user attempts to download a virus onto their computer, rather than letting the desktop AV software handle the quarantine/deletion, the gateway appliance will built the packet stream and scan it as the virus passes through. If the stream matches that of a known virus signature, then the stream is cut off by the gateway and the virus never reaches the desktop to begin with.

Protecting your network with a layered approach is now not just a security design for enterprise networks, it is a requirement for all business networks.

Aaron Guhl is an IT professional that specializes in security. He frequently writes on his blog regarding security issues to help IT professionals get a better understanding of security in their networks. Visit his website at: Multi-layered Antivirus

Spam - The Internet's Biggest Virus

We all know that virus's cause our computers to crash, and unfortunately at times rendering them completely unusable. That's why we have virus shields and scanners that can take care of these mechanical viruses for the most part. Well there is a virus that has long been attacking the internet itself, and it is not mechanical-it is completely organic and it has a brain. This virus is called a spammer.

Spammers.. viruses? No way, you think... they just send out unsolicited Emails and are extremely annoying.

In the most general sense a virus is a bad thing that is constantly adapting in order to continue attacking, and a vaccine is a good thing that is constantly adapting to mitigate attacks from viruses. If you think about it, web services all over the internet (Google, Spam filters, etc.) are constantly having to adapt and change rules and algorithms to keep spammers on edge-but somehow they manage to get through. Spammers are more than just annoying marketers (or wannabes) that want to fill up your Email inbox.

I often wonder: Are spammers slowly destroying the internet?

Here are my thoughts on that question. Social media and many other web 2.0 services on the internet (social bookmarking/networking, blogs, etc.) are in fact good things. They allow people to express opinions, share useful resources, share lesser-known knowledge, etc. and on the other end of the spectrum other people are able to read opinions, gain more knowledge, visit useful resources, and so on. But as time goes on the amount of genuine content is being far out-weighed by crap content produced by spammers in an attempt to trick search engines, trick users (to gain money), etc.

For example, hundreds (maybe thousands?) of blogs are created each day, but how many actually end up being genuine blogs, and not spam-generated blogs, re-produced content, blogs created for the sole purpose of getting links, etc. Lets look at social bookmarking. There are so many fake accounts are there all linked to one specific person in an attempt to send their website to the top of the rankings. Social networking is the same way along with every other web service/idea both new and old-all are getting plagued by spammers.

However, in the midst of the darkness among all these negatives, there is in fact a light that emerges. I'm a positive thinker, so after giving this subject some thought, I got to thinking about the life expectancy of the so called spam content being mass produced on a daily basis. Not very long. Most spammers probably give it a try for a few days or weeks only to find that their strategies take a lot longer-which narrows down the number of actual spammers that pose a threat to honest bloggers, social networkers/bookmarkers, etc.

So the answer to my question above (Are spammers slowly killing the internet?), I think would have to be a big NO. Search engines are getting better and better at finding the real content and weeding out the crap, and the one's who usually stick around are genuine web users who are producing valuable content-valuable content meaning real content (someone's opinion may not seem valuable but it is in fact useful to the overall internet if it is genuine).

If this issue has ever bothered you, such as having thoughts run through your head such as, I'm never going to get a good search engine ranking because there is way too much competition, don't worry about it because although the numbers tell you there is a rising amount of competition in any certain niche (hard to find a non-saturated niche these days-if you go strictly by the numbers), you have to stop and think of how much actual competition there is. Most people enter a market (many of which are spammers looking for the money) and give up within a few weeks, if not a few days... but their websites, blogs, etc. remain so while it may seem like there is competition, you will actually surpass them very quickly just by being an honest web user that is persistent in whatever niche you are trying to attract traffic within.

The question for this article:

Have you ever felt overwhelmed by competition in a certain niche (whether you were trying to sell something, or just make a blog that will build a readership) but didn't stop to think how much of that competition was dry spam that isn't going anywhere?

Learn to make money online the right way, exactly how I do it. This blog focuses on profits earned via blogging and certain affiliate programs. Observe this blog as a live case study and discover insightful tips to help you with your own ventures.

Blogging HQ - Discover Proven Ways to Make Money Online.

Antivirus Comparisons - How to Choose the Best Antivirus Software Product

Years ago it used to be important that you had some antivirus software on your machine. With the Internet, it is now imperative. Viruses can spread extremely quickly thanks to email, file sharing and chatrooms. To protect yourself you will want the best products available to you. Here is how to carry out antivirus comparisons to make sure you are using the best product.

First you should visit the websites of companies that carry out antivirus software reviews. Virus Bulletin and AV-Comparatives specialise in this type of software and both have a respected position in the industry. You can also visit the websites of computer magazines or buy them from a newsstand.

These reviews will concentrate on how effective the software is at doing its job: finding and eliminating viruses. Narrow your search down to the top performing products. But there are a lot more factors that will affect your choice. The first of these are speed and stability.

Find user reviews online that discuss how the software has performed on people's computers. Has it adversely affected the speed of the computer or are their conflicts with other software? Once you have carried out this bit of research, download a trial version. Any problems with stability will now show up before you actually spend money on the product.

Use the trial to evaluate other features such as ease of use and the graphical user interface. This type of software is very advanced but some manufacturers have succeeded in making it very easy to use. Others still have a way to go.

Another feature that many people ask for is a 'set and forget' option. This allows you to set the software to automatically perform scans and pick up updates. You should evaluate this process with the free trial.

When you are carrying out antivirus comparisons, don't be afraid to put several products on free trial. Just be aware that most antivirus software is incompatible. You have to remove one before you can install another.

Learn more about free virus software by visiting http://www.top-antivirus-software.com. Can free antivirus programs be better than paid? The results are surprising.

Usability & Security - Unlikely Bedfellows?

With an ever increasing online population - 41 million users in the UK alone - computer security and user authentication have never been more vital. Unusable security is expensive as well as ineffective. According to Password Research, two-thirds of users had to reset their passwords/PINs three or more times in the last 2 years. With each password reset estimated at £35 in help desk costs (source: Mandylion research labs), it's easy to see how expensive an affair this can be.

Passwords

Passwords are by far the most widely used method of authentication. We're all having to remember more usernames and passwords by the day. It comes as no surprise then that over half of us use the same password for everything from work to banking to ecommerce, which is known to be poor security practice. More worryingly, 21% of people revealed their passwords in exchange for a bar of chocolate (source: Infosecurity Europe)! Clearly it's not all about making systems secure but making them usable too.

Passwords have long been considered insufficient within the security industry. Bill Gates even called for an end to passwords 2 years ago (source: CNET news). As that day still seems a long way away, let's consider what we can do to make the best of a bad bunch.

What you can do

As a website owner, you can make your customers' lives easier, and your site more secure by adhering to the following guidelines:

* Use e-mail addresses as usernames - Don't ask site visitors to create separate usernames as this increases the number of items they have to remember.
* Allow passphrases rather than just passwords - Passphrases are just like passwords but longer, being entire phrases instead of single words. They're typically 20-40 characters in length, an example use being Wi-Fi security. A sample passphrase would be 'PASSphrase1234567890'. Phrases provide context and are easier to remember than words in isolation. Passphrases are also harder to crack than passwords.

Helping users remember their passwords

To help your users choose secure passwords that are memorable, try suggesting some of the following tips to them:

* Use a passphrase instead of a password, if the system permits.
* If not, take a phrase and use the first letter of each word to make up a password that's easy for them to remember but difficult for others to guess. For example the phrase 'my favourite sweet in the world has to be chocolate' becomes 'mfsitwhtbc'.
* Then replace some of the letters with capital letters and throw in numbers and symbols to increase the password strength. For example use '1' or '!' for an 'i', '4' or '@' for an 'a' and so on. The above sample password 'mfsitwhtbc' then turns into 'Mfs!twht6c', which is much stronger.

Do your users have one password that they use for everything and want to keep it that way? They can have an easy life and be security-conscious. Here's how: Advise them to append an additional word/number at the end of the universal password to make it longer and more secure. The add-on can be related to the application/site they're on, so it's easy to remember and yet unique.

Here's an example - let's say the universal password is 'password' (which it should never be of course!). This is of course a rather weak password in terms of security. For a florist's site they can turn it into 'p@ssw0rdfl0wers' (for 'passwordflowers') and for e-mail it can be 'p@ssw0rdem@1l' (for 'passwordemail'), both of which are much more secure than the initial choice and unique to the respective sites. With just a few modifications, the new password 'p@ssw0rdfl0wers' becomes very secure.

Encourage your users to find out how secure their passwords are by checking their password strength on sites like Security Stats, Password Meter and Microsoft's Password Checker.

What's the future?

Passfaces

Should passwords disappear then what'll replace them? An alternative is a system called 'passfaces' that utilises our innate ability to recognise faces with speed and accuracy. Users are required to correctly select their pre-chosen faces from a random set in order to gain access. Passfaces has already been implemented by a number of websites.

Random number generators

Some online banking customers are being sent chip-and-pin card readers to add a layer of security. A lot of banks and large corporations are using tokens such as random number generators in addition to passwords to increase security.

Biometrics

Another alternative is biometrics where a person's physical or behavioural characteristics such as fingerprint, iris or voice are used for authentication. Examples include laptops with built-in fingerprint readers and the new biometric passports in the UK.

These approaches aren't solutions in themselves but will have to consider the human as being central to the whole authentication process in order to succeed.
In a nutshell

Traditionally, security has been considered more important than usability. In reality, security measures only succeed when users' needs are taken into consideration. Contrary to popular belief, security and usability can and should go hand in hand. Let's hope whatever replaces passwords is designed with usability in mind so we don't have to lose ours!

This article was written by Mrudula Kodali. Mru's crazy about improving online user experiences - so crazy that she works for Webcredible ( http://www.webcredible.co.uk ), an industry leading user experience consultancy, helping to make the Internet a better place for everyone.

Scanning the Box

This article provides details on the scanning phase of any penetration test (blackbox, whitebox, gray box). Let's start from defining the types of scan we can use while performing a penetration test.

Scanning the box means performing the scan on the target to blueprint its security measures and than to penetrate into the box.

Types of scan we can perform on the selected target:

1. OS Scan (OS fingerprinting)

2. Port Scan ( Service detection)

3. Vulnerability scan (finding the hole)

Let's discuss the above types in detail:

OS Scan (OS fingerprinting):

When we are performing a pen-test we need to detect what OS is being running on the remote machine so what we can search for its related critical patches and vulnerabilities. OS fingerprinting is also known as banner grabbing.Banner grabbing and operating system identification - can also be defined as fingerprinting the TCP/IP stack. Banner grabbing is the process of opening a connection and reading the banner or response sent by the application

Following are the two techniques used to detect OS fingerprint:

a. Active Stack fingerprinting

b. Passive Stack fingerprinting

Active stack fingerprinting:

Active stack fingerprinting is the most common form of fingerprinting. It involves sending data to a system to see how the system responds. It's based on the fact that various operating system vendors implement the TCP stack differently, and responses will differ based on the operating system. The responses are then compared to a database to determine the operating system. Active stack fingerprinting is detectable because it repeatedly attempts to connect with the same target system.

Passive stack fingerprinting:

Passive stack fingerprinting is stealthier and involves examining traffic on the network to determine the operating system. It uses sniffing techniques instead of scanning techniques. Passive stack fingerprinting usually goes undetected by an IDS or other security system but is less accurate than active fingerprinting.

Port Scan (Service detection):

Port scanning is used to gather information about a test target from a remote network location. Specifically, port scanners attempt to locate which network services are available for connection on each target host by probing each of the designated (or default) network ports or services on the target system.

In a broad approach Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. For example, a port-scanning tool that identifies port 80 as open indicates a web server is running on that system. Hackers need to be familiar with well-known port numbers.

Vulnerability scanning (finding the hole):

The primary distinction between a port scan and a vulnerability scan is that vulnerability scan attempt to exercise (known) vulnerabilities on their targeted systems, whereas port scan only produce an inventory of available services. That said the distinguishing factors between port and vulnerability scan are often times blurred.It is the automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

Tools available for Scanning the BOX

Port Scanners: de-factor for port scanning is NMAP some more tools are available for port scanning are net cat, advance port scanner, super scan etc

Vulnerability scanners: de-facto standard for vulnerability scanning is Nessus some more tools are available for vulnerability scanning are GFI Languard, SARA, Shadow security scanner etc.

Spy Scanners - Don't Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually called. These are scouts that monitor your web activities. The work undercover to check on your surfing patterns, spending habits, items bought, they extract email addresses, hijack browsers, steal credit card information. These are just some of the things a spyware is capable of.

A spyware is mainly an information hungry parasite determined to gather data from a user or surfer without him knowing it.

The information gathered by these parasites are then sent to the originator without the users consent. Most often, the information gathered by the spyware are used to generate ads and pop-ups on the user’s PC.

Spywares and Adwares aside from being a nuisance and an invasion of privacy can also jeopardize the optimal performance of your PC. They can eat up unused disk spaces and position themselves in an inconspicuous location in your hard drive. They can also eat the bandwidth, crash your system and oftentimes inflict themselves in the Registry or in the memory of your computer.

Spyware and Adwares have become very rampant nowadays. Prevent yourself from being a victim of these by:

* Being careful of Freeware and Shareware Downloads

- Some of these downloads are tagged with spywares which may be unknown to the user. Refrain from downloading sharewares and freewares from unknown sources.

* Installing a good spyware/adware scanner and removal software

- There are a number of spyware scanner and/or removal softwares in the market today. A good spyware scanner can effectively locate all spywares installed on your PC and a good spyware removal tool can effectively remove all the spywares detected.

Spy Scanners are programs designed to detect spies in your PC. A good spy scanner can effectively search through the most unnoticeable embedded files that spy on you.

Most Spy scanners include a spyware removal function. Other spy scanners do not entail spyware removal features but display the logs of the spyware detected in your PC. The information in the logs contains the location and nature of the spywares.

For spy scanners with no built-in spyware removal functions, a manual deletion of the spyware files could also be done since the location and the file type is specified in the logs. Some Spy scanner products on the market today have spyware scan available for non-paying users and the removal tool available only for paying users.

Spy Scanners when installed can be chosen to run on demand or periodically.

-------------------------------------------------------------------
Gina Marie Capatar is a Technical Writer by profession and writes articles for http://www.isnare.com, also accepts freelance writing jobs. feel free to drop by http://www.isnare.com or email her at gcapatar@gmail.com

The Importance of IT Alerting and IT Incident Handling

In the Information Technology industry, immediate notification of critical events is essential. The Internet never sleeps, and neither do customers or employees in this age of global business and commerce. IT services must be available 24 hours a day, 7 days a week, without exception. When a computer or email server goes down, it can mean the difference between a corporation closing that $1 million dollar deal or losing it, or between a small business making its 100th sale or losing it. In any business or organization that contains more than a handful of people, enterprise email and communications are essential tools that must be available at all times. Electronic shopping carts and informational websites also must have near-zero downtime in order to be successful and effective.

So how can IT professionals ensure that they are notified the instant an error occurs on one of their systems? IT alerting is the answer. A notification service can contain a database with all IT employees contact information, including email, home phone, cell phone, work phone, and instant message screen name. These individuals can be divided into groups and scenarios can be created based on what type of event occurs. Then, when an incident does occur, the appropriate person can be notified based on the severity of the event. If multiple servers go down and a company's main revenue-generating service becomes unavailable, then most like the Chief Technology Officer and his team as well as Customer Service, the CEO and other executives should be notified. If a single email server goes down or becomes overloaded, then only a lower IT technician would be notified in order to fix the relatively small problem.

IT incident handling can be made much simpler using a reliable notification service. If a major IT incident occurs, then IT professionals need to be reached no matter what time of day, no matter where they are. It is not guaranteed that an IT expert will be located in front of his computer, able to receive email, when an emergency occurs. That is why robust, customizable notification service is necessary-to be able to send a voice and text message to the IT professional at all of his or her contact points, including email, cell phone, home phone, work phone, instant message screen name, or BlackBerry PIN, and also to get word back from the employee in response to the message. This guarantees the fastest possible reaction to an unforeseen event.

Learn more about IT Alerting and IT Incident Handling

Web Applications Penetration Testing - Security Measures - Security Assessment

1. Introduction

What is a web application? Why web applications are the first target for hackers? Why vulnerabilities occur in web applications? How we can make a web application a cure portal. As I understand a web application is a portal available on internet for the general public who can easily make use of it positively for different purpose or for the reason the web application exists. You must be aware, web applications are the easy target for hackers to gain access because it is publicly available, and a hacker needs to know only the name of the organization which he wants to hack. Vulnerability is the weakness or lack of control exists in the application. Vulnerabilities can be due to insecure programming in web applications, lack of access control places or configured, miss configuration of applications and server or due to any other reason, there is no limit.

There are many ways to harden your web application or your web server we will discuss this in a while. Let's see what are the key requirements which makes up a web application live?

a. Web Server

b. Application content displayed

c. And or databases

These are the key components of any web application.

Web server is a service which runs on the computer and serves of web content/application content. This server typically listen on port 80(http) or on port 443(https). There are many web servers which are freely available or commercial including top contributors

a. I.I.S by Microsoft

b. Apache by Open source community

c. Tomcat etc

Application content is what you see on the website, it can be dynamic or static, dynamic content containing web applications are at more risk as compare to static content containing web applications. Dynamic content containing web applications uses database to store the changing content. This database can be one of the following types.

a. MySql Server

b. SQL Sever

c. Oracle Server

d. MS Access or any other

We have discussed a lot on web application architecture now I will show you how to perform penetration on web application (what we say a Pen-test).

2. Information Gathering

Any pen-test can not be accomplished without performing the information gathering phase. This is the phase which is the heart of pen test, there are many ways to do information gathering lets discuss here.

a. Hacking with Search engines.

I would not list specific search engine which can be used in information gathering phase, there are lots of search engine which are more power full from which secret/confidential information can be gather. There are techniques which you can use to gather information on the target.

b. For example

You can use 'inurl:' in search engines to know what are the complete site map of the web portal, you can also use intitle: admin to gain access to the admin panel of the web portal, you can use inurl: Admin filetype: asp or aspx in order to search for admin login pages or simply you can lock for login page for any portal.

c. You can also look for the email address of the technical staff, email address shows the user id for that specific person

d. You can also use archives for more info to gather. This is the short list of the techniques, to explain more I would be writing a book

3. Attacks

Here I will explain you what are the major attacks which hackers use on web applications or the attacks which are dangerous for web applications. We will only discuss application level vulnerabilities and attacks.

a. Miss configuration? If you are a technical person your priority would be availability of your server, you should be asked by your senior management for the 100% up time of your server, this is the point where technical staff left security holes in the configuration just to make it live or in order to give 100% up time as directed. This miss configuration may lead to the compromise of the complete server.
Examples: default passwords, default settings for server, weaker passwords.

b. SQL Injection? A very high rated attack which can lead to complete web server compromise or complete administrative level access to hacker. SQL is a query language which programmers use for query the content from database in dynamic web applications. Many times a less experienced programmer left bugs in applications which if attacker discovered can be very harmful. SQL injection attacks occurs due weakness in input validation, insecure programming or due to insecure web application architecture. SQL inject can be used to by pass logins, gain admin level access, can be very harmful if a hackers gain access to admin logins. SQL Injection 'UNION' attack is commonly used in dynamic web applications penetration testing. There is more stuff which can be written on sql injection, I think this info is more than enough at this stage.

c. CSS/XSS (Cross site scripting)
XSS/CSS is a client side vulnerability which can be used in phishing attacks. Many hackers use XSS in order to gain secret information which can be credit card numbers, login passwords, private information and more. As XSS runs on client's browser hackers use to insert scripts in order to gather information from user. If XSS used in phishing attack it can be highly rated vulnerability.

4. Be Cure

To be cure complete assessment of web application should be performed in order to test the application and make it bug free, continuous testing should be maintained. Input validation should be implemented. Default configurations should be removed or changed, secure database connectivity should be maintained and in last directory listing on every directory should be turned off, file permissions should be reviewed, access rights need to be maintained.

5. Summary

This is the short article to develop awareness on web application security, what are the holes which can be used by hackers to do security breaches. These days there is a war on survivability of web applications. Is cure being long live?

article by Raheel Ahmad, CISSP

3 Tips To Remove Spyware From Your Computer For Free

Your computer is the portal to the Internet. It allows you to speak to friends via email or instant messenger, to play games on or even to educate you or your children. However your computer is at risk the minute you browse on the Internet. All kinds of nasty files from spyware, adware, malware to computer viruses which are lurking to attack your computer, all without your knowledge. I am going to give you three easy to follow tips that will enable you to repel and remove spyware infections from your computer.

Tip No.1 - My first tip is to practice safe browsing techniques. This sounds obvious, although it is tempting to visit those sites that offer downloads and goodies for free. Most of the time they come with a price, infected files within the download itself.

So to prevent spyware files from being downloaded onto your computer in the first place, do only download legitimate files or programs from safe and trusted websites. If you are unsure then ensure you have the latest browser installed on your computer. Preferably you should be using Firefox as this can warn you if you are visiting a potentially 'dodgy' website.

Tip No.2 - You should ensure that you have an anti-spyware program that has an online guard contained within. Anti-spyware programs that remove spyware are great at removing infections, but that is all they can do remove after the infections has occurred.

The best way to combat spyware is to limit the amount of infectious files that will be able to infiltrate your computer. As this article is to help you remove spyware for free, then I can recommend two products at the time of writing this. The first program is Spyware Doctor. The free version does have a decent online guard. [The paid for version is slightly better, but the free version is a very good product in its own right]. The second program is Spyware Terminator. You will only need one of them not both.

Tip No.3 - My final tip is to run a regular scan of your computer with whatever anti-spyware program you use. Ensure that you also regularly update your anti-spyware program for the latest file definitions so the anti-spyware program can find the latest spyware that is released to attack your computer.

How regular you run your anti-spyware program is based on how much you use your computer. Once a week is fine if you use your computer frequently but to not to excess. Personally I run a scan every 2 days as I do use my computer every day. My computer is pretty clean.

Unless you are using a Macintosh or Linux based machine, it is near impossible to stop spyware from infecting your computer. However, by following the above tips you can reduce the amount of infectious spyware files get through your computer defences and cause you too much havoc.

Want to discover more tips and secrets that can speed up and protect your computer for free? Then check out my online blog at http://www.john-french.net

John French has been breaking, repairing and building computers for over 15 years. He has expertise in computer security and maintaining a healthy computer.

How A Computer Virus Works

A virus is a small computer program designed to do mischief by destroying data, altering information or even sabotaging entire computer networks.

The computer virus was originally a concept of science fiction. It was used in David Gerrold's book When Harlie Was Once in 1972 and also in John Brunner's The Shockwave Rider in 1975.

The concept in John Brunner's science fiction novel was a worm, the computing equivalent of a parasitic tapeworm, generating new segments for itself in all machines of a network and therefore unstoppable. Although this type of program was beyond the capability of programmers at the time.

The figurative use of the word virus is based on the biological virus which multiples itself within an organism. So too a computer virus has the same ability to replicate itself in a computers system.

A virus spreads by burying itself deep within the computer's disk operating system (DOS). The DOS is a set of instructions coordinating the activities of the disk drive, the keyboard, the monitor and the CPU that performs the arithmetic and logic operations. The DOS must run every time the computer is turned on.

Viruses tend to sneak past many users of computers because the viruses, like legitimate programs, are written in a computer programming language, a type of code made up of letters, numbers and other keyboard. A programming code gives instructions to the computer "behind the screen" so that most users are never aware that their system has been breached. Until it is too late.

As well as infected legitimate software or the illegal copying of software sold on disks, viruses are transmitted through the internet.

Once a virus has been discovered it is easy to write a simple program to delete the virus. Creators of such viruses, however, can just as easily upgrade their viruses to override such a program. Furthermore, some viruses can change the characters in their code every time they reproduce, making it almost impossible to stop them.

The first real virus was the subject of a computer science experiment in November 1983, presented by Fred Cohen, a professor of computer science at the University of Cincinnati in Ohio, to a seminar on computer security. He developed the first computer virus as part of his research on computer security for his doctoral thesis.

When Cohen introduced the concept to the seminar, the name virus was apparently suggested by Len Adleman.

According to Cohen, computer viruses are so easy to write that "anybody can do it". He said that it was possible in some programming languages to write a virus in as few as 11 characters.

By the second half of the eighties the virus had become a serious and prolific hazard to individual and corporate computer users; because the code copies itself into the computer's memory and then causes havoc, it became advisable to avoid using floppy discs which might conceivably contain a virus - freeware and discs supplied by clubs, for example.

In one famous incident, London's Royal National Institute for the Blind temporarily lost six months' worth of research after being attacked by a virus contained in files on a floppy disc. Considerable financial loss was suffered as a result of the epidemic, not to mention research time and valuable data.

The proliferation of viruses has seen the rise of a new business within the computer industry, the anti-virus. A number of software companies began to offer virus detection programs and 'good' viruses which could guard against threats.

Prevention is better than a cure: The best Antivirus Software available online free review

Protecting Your Website From Unethical Online Predators

If you have ever created something from nothing you are a true artist. And you are most likely familiar with the feeling of contented satisfaction. Mix that with the excitement of being a powerful creator, and you may feel like this is your destiny. Whether it is a child, an oil painting or a novel it is as if you are presenting a little bit of you to the world.

The same feeling applies if you have created your own website. Particularly, if you have introduced an absolutely unique and patented product on this website. The web is such a wonderful window to the world. Reaching millions upon millions of people, what could be a better place to show off your "baby"?

Hold on, though. Before you get too excited, I urge you to take some very important precautions. If you were taking your baby home from the hospital, would you make sure that some details are in place first? Of course, you would! You probably would get yourself a crib, some disposable diapers, formula, a car seat, etc.

Well, you should have an appropriate safety checklist for your website, as well. You will need certain details taken care of to protect your site from the greedy, unseen predators that stalk around cyberspace. If you don't you could wind up losing what you spent so much time and money to build.

How do I know? Because it recently happened to me. So before you do anything else, stop, and read this very carefully. I am here to give you a heads up when it comes to protecting your website.

I manufacture and distribute an electronic fireflies product with my partner, Mark. Since 2003 we have sold this cool gadget as "a certain name". In 2004 another website popped up selling their version of the electronic firefly-their fireflies are stagnant lights that only blink, and do not move (like Christmas Lights on their last legs). For their uninspired product, they selected a url that was similar to the one that we were using at the time. This was fine with us, we just looked at it as healthy competition. And we felt that our product was uniquely different (our fireflies actually moved), so we would always have a healthy flow of customers.

So what does our competition do? 5 years later ( in January 2008) this business trademarks the exact name that were using to sell our product. They proceed to hire a lawyer, and file a claim to have our website transferred to them. This unscrupulous business was not content with their current profitable situation, they wanted more. And they were determined to take it.

Not once did they try to contact us in the 5 years we have been online. The only communication they initiated to us was to inform us that they were planning on stealing our website. We filed the response ourselves (lawyers cost too much!) to the National Arbitration Forum, confident with our overwhelming evidence. This was probably not wise, since their lawyer was obviously much more schooled in the domain registry law lingo. This was our second mistake. Our first mistake was not having our name trademarked from the get-go. We were naive to think that there were such unethical predators slinking around. We lost our PR 4 website and now our customers are left not knowing where to find us. Despite all that, we have bounced back under a new name...and yes, it is trademarked.

Do not let this happen to you. Keep in mind that Mark and I had our original website protected under copyright laws since 2003. We clearly used the name that our competitors wound up stealing from us; this is why we did not think we needed a lawyer. Copyright laws clearly state, material that is marked as copyrighted is protected. Under these federal laws, the descriptive works (whether is fireflies or socks) is yours, and no one has the right to take that from you. This is why we did not hire a lawyer...clearly we would win. Well, we did not. Apparently a trademark trumps a copyright, even if it is implemented in an unethical way.

When things like this happen, I always try to look at the bright side. I know our loyal customers will find us, and karma will take care our greedy competitors (can't escape the law of attraction!). And I also know whomever reads this article will spread the word, and learn from our unfortunate mistakes. Be prosperous and keep safe.

Copyright 2008 / Avenstar Enterprises, Inc / Zen Fireflies

Kim McGinnis is a freelance writer/entrepreneur. She co-owns Avenstar Enterprises, Inc with her partner, Mark. One of her many websites features her amazing Zen Fireflies. The only electronic fireflies product on the market that actually MOVE. Come see for yourself at http://www.ZenFireflies.com

Spam The Spammer - Will It Work?

Spam is everywhere. It’s the “in-box lunch meat” nobody likes, wants or looks forward too. Unfortunately, many folks enjoy “eating” this product because if they didn’t, there wouldn’t be any. Read on…

The federal government’s ill-conceived CAN-SPAM Act did little more than make a few legislators feel better about themselves. Did this legislation stop spam? No. Did it at least slow down the flow of spam? Nope.

You can’t eliminate a problem by treating the symptoms. If you want to eradicate a problem, you must make its environment one that will not support it.

There’s a new plan recently hatched by some well-intentioned folks at Blue Security that several of my clients have asked about. On the surface, it sounds like a good idea but, in my humble opinion, the model is fatally flawed. Here’s the scoop…

1. You sign up for their "list" which is basically a "do not spam me list" and that gives them the authorization to act on your behalf.

2. You then have to send EACH spam message to them for inclusion on their list.

3. They then send the spammer a "stop order" (which, if they can even find the spammer, will be ignored).

4. They then flood the spammer with basically a DDoS (Distributed Denial of Service) attack hoping to bring down the spammer's server.

This all sounds great until you think about it rationally...

1. Spammers use "open relays" and hundreds of addresses to prevent you from finding their originating location.

2. The "stop order" they send is just their way of fulfilling the letter of the law under the CAN-Spam act.

3. The part I have the biggest problem with is they then effectively BECOME A SPAMMER by sending thousands of messages in a Distributed Denial of Service attack (DDoS). This is the same thing hackers do when they bring down a website by sending so much traffic to a server it basically shuts down.

4. Most spam is sent from your neighbor's PC. I spend a great amount of my time cleaning “bad guys” from client’s computers. There are MILLIONS of "zombie computers" that are infected with auto-dialers and trojans that are being used without the owner's knowledge to send spam. Don’t believe me? Just run Counter Spy on grandma’s PC and tell me what you find!

5. How long do you really think it will be until the spammers turn the tables on Blue Security and initiate their own DDoS attack? It will be interesting to watch.

Other fight-back tactics against spammers have failed in the past. Last year, Lycos Europe rolled out a screensaver that conducted DDoS attacks against known spammers. Within days, however, Lycos buckled under pressure from security groups, which called it vigilantism, and ISPs who worried that attacks originating from their members would make them liable to legal action on the part of spammers.

Spam will NEVER go away until you attack its real source engine. If you don't order anything from a spammer and don't even click on his link to open the message, the monetary incentive for spam is removed. Spammers operate under the same economic rules as the rest of us...supply and demand.

Take away the demand and you eliminate the supply. Simple.

Allan Gunnneson is the CEO of Gunner Web Group (http://www.gunnnerweb.com), a website design and marketing company based in Kansas.

Online reprint rights granted as long as the article is published in its entirety, including links (http://www.gunnerweb.com).