If you’ve ever had an email address and have given that email address to family members and friends, then you’ve been the victim of FW: otherwise know as a email forward, chain letter, or some funny video, story, joke, etc. These type of emails are some of the worst emails to perpetuate, for a number of reasons.

Unless you believe that being gullible is a good thing and you want everyone you know to also believe anything anyone will say, then go ahead and continue passing on those emails to 10, 20, 100, or a million people so that your wildest dreams will come true, or so that you won’t have every single bad thing possible in the world happen to you…hey, it’s what the email said, right? (FW: Cute Story, Pass it on to 1 Billion People in the next 5 minutes OR ELSE!!!)

So you may ask, why are these emails sent so often? Is it just because someone something interesting to share and it continues to be perpetuated? No, I’m afraid not, if you believe that, you’re skating towards the gullible crowd.

Email like this and others are ultimately generated and sent out by spammers for one of two general purposes. First, to harvest new email addresses for spamming. and second, to clog email systems all over the world.

Spammers don’t make money from people buying the products advertised in the spam email. Spammers usually aren’t the one selling the products. Spammers are hired by shady companies to deliver the company’s advertisement to the greatest number of people possible. The spammer is then paid by the company per number of successful email deliveries of the advertisement.

So ask yourself, if a spammer had to get a very large number of VALID and ACTIVE email addresses (remember, they only get paid if the spam email is safely delivered to an email address, rejected emails don’t count), how would you go about it? Searching online? Too time consuming. Randomly guessing email addresses? Not guaranteed to get active email addresses. Email forwards are a spammers dream. In any given email forward, you can find anywhere from 25 to hundreds of valid and active email addresses, and they are guaranteed because when you forward it to your friends and they send it on to their friends, it perpetuates this cycle of sending the forward to valid email addresses.

Every time a forward is sent, the previous email addresses specified in the email are sent in the message so after a couple of rounds you find the joke or story of the email at the bottom of the message after scrolling through hundreds of email addresses.

Now imagine this giant email message being sent to 25-100 people everytime you forward and copy your entire hotmail or yahoo address book. Then each of those individuals does the same. After a couple of rounds, the giant message is being delivered to thousands and thousands of email inboxes all over the world. As a one time email administrator, I can assure you that email servers don’t like giant messages, they don’t work well and bog down the mail delivery process. Another sick pleasure of spammers and other Web sadists, to cause as many problems for servers and administrators all over the world.

So next time you get one of these messages, please don’t forward it. Trust me, you won’t get that $10. And if you really want to read some funny jokes and cute stories, that’s what search engines are for, just search: “cute story” or “funny jokes”. You’ll get much more than you would from that email. Then, reply to the person who sent you the forwarded message and kindly ask them to never include your email address in another message like that because it’s just a way for spammers to gain access to your email address. Hopefully they will respect your wishes and will be sure to never do it again. If all else fails, create a brand new email address and don’t share it with anyone, that’s always a safe bet.

ShareThis

Ever found yourself in an organization that locks access to many technology features you’re normally used to? If you’ve ever been in a large corporate environment or in a university setting, you’ve probably been there. Even with the limitations placed on users in these settings, there are some easy ways to still be effective and efficient.

read more | digg story

ShareThis

If you’ve ever had to view multiple images online at the same time and get tired of having images open in a separate browser window or tab, you can force the Windows Picture and Fax Viewer to be the default application to open all image types. This will cut down on the opening of new browser windows and tabs and lets you keep your productivity while working online.

The command todo this is a bit backwards because the Windows Picture and Fax Viewer isn’t a normal application with an executable file, it’s run as part of a DLL file in Windows so updating the setting for this program requires you to edit the Windows Registry.

To make the program be the default used to open images click on Start > Run… then enter the command:

regsvr32 %windir%\system32\shimgvw.dll

Hit Enter and you’re done. All images should now open with the Windows Picture and Fax Viewer by default.

ShareThis

I recently came across an article from InfoWorld magazine which I absolutely loved. It listed 30 skills that every IT person should have. I couldn’t agree more with the article. It seems that more and more IT programs in colleges and universities are moving away from general Information Technology and having students focus on programming or information management. Schools are doing less and less of teaching the nuts of bolts of computers, how to fix minor issues, and that gray area where business and technology meets in the workplace.

It seems that more of the recent college graduates enter the workforce with either a very strong technical programming background with little to no business savvy or they come knowing the in’s and out’s of business but lack even the basic technology knowledge to take care of basic tasks.

For a few years now I’ve been a big champion for university programs to develop a middle ground between Information Technology or Information Systems and Management programs for IT professionals who love technology and see its application to business processes and understand the key role technology plays in business.

In any case, the InfoWorld article, states that these skills are a must, to the point that if you don’t have them, you should be fired.

Here are the key skills:

1. Be able to fix basic PC issues. These can be how to map a printer, back up files, or add a network card. You don’t need to be an expert and understand how to overclock a CPU or hack the registry, but if you work in IT, people expect you to be able to do some things.

[ If you have IT staffers who aren't up to snuff, fire them. Learn how to do it right. ]

2. Work the help desk. Everyone, from the CIO to the senior architect, should be able to sit down at the help desk and answer the phones. Not only will you gain a new appreciation for the folks on the phones, but you will also teach them more about your process and avoid escalations in the future.

3. Do public speaking. At least once, you should present a topic to your peers. It can be as simple as a five-minute tutorial on how IM works, but being able to explain something and being comfortable enough to talk in front of a crowd is a skill you need to have. If you are nervous, partner with someone who is good at it, or do a roundtable. This way, if you get flustered, someone is there to cover for you.

4. Train someone. The best way to learn is to teach.

5. Listen more than you speak. I very rarely say something I didn’t already know, but I often hear other people say things and think, “Darn, I wish I knew that last week.”

6. Know basic networking. Whether you are a network engineer, a help desk technician, a business analyst, or a system administrator, you need to understand how networks work and simple troubleshooting. You should understand DNS and how to check it, as well as how to ping and trace-route machines.

7. Know basic system administration. Understand file permissions, access levels, and why machines talk to the domain controllers. You don’t need to be an expert, but knowing the basics will avoid many headaches down the road.

8. Know how to take a network trace. Everyone in IT should be able to fire up wireshark, netmon, snoop, or some basic network capturing tool. You don’t need to understand everything in it, but you should be able to capture it to send to a network engineer to examine.

9. Know the difference between latency and bandwidth. Latency is the amount of time to get a packet back and forth; bandwidth is the maximum amount of data a link can carry. They are related, but different. A link with high-bandwidth utilization can cause latency to go higher, but if the link isn’t full, adding more bandwidth can’t reduce latency.

10. Script. Everyone should be able to throw a script together to get quick results. That doesn’t mean you’re a programmer. Real programmers put in error messages, look for abnormal behavior, and document. You don’t need to do that, but you should be able to put something together to remove lines, send e-mail, or copy files.

11. Back up. Before you do anything, for your own sake, back it up.

12. Test backups. If you haven’t tested restoring it, it isn’t really there. Trust me.

13. Document. None of the rest of us wants to have to figure out what you did. Write it down and put it in a location everyone can find. Even if it’s obvious what you did or why you did it, write it down.

14. Read “The Cuckoo’s Egg.” I don’t get a cut from Cliff Stoll (the author), but this is probably the best security book there is — not because it is so technical, but because it isn’t.

15. Work all night on a team project. No one likes to do this, but it’s part of IT. Working through a hell project that requires an all-nighter to resolve stinks, but it builds very useful camaraderie by the time it is done.

16. Run cable. It looks easy, but it isn’t. Plus, you will understand why installing a new server doesn’t really take five minutes — unless, of course, you just plug in both ends and let the cable fall all over the place. Don’t do that — do it right. Label all the cables (yes, both ends), and dress them nice and neat. This will save time when there’s a problem because you’ll be able to see what goes where.

17. You should know some energy rules of thumb. For example: A device consuming 3.5kW of electricity requires a ton of cooling to compensate for the heat. And I really do mean a ton, not merely “a lot.” Note that 3.5kW is roughly what 15 to 20 fairly new 1U and 2U servers consume. One ton of cooling requires three 10-inch-round ducts to handle the air; 30 tons of air requires a duct measuring 80 by 20 inches. Thirty tons of air is a considerable amount.

18. Manage at least one project. This way, the next time the project manager asks you for a status, you’ll understand why. Ideally, you will have already sent the status report because you knew it would be asked for.

19. Understand operating costs versus capital projects. Operating costs are the costs to run the business. Capital equipment is made of assets that can have their cost spread over a time period — say, 36 months. Operating costs are sometimes better, sometimes worse. Know which one is better — it can make a difference between a yes and no.

20. Learn the business processes. Being able to spot improvements in the way the business is run is a great technique for gaining points. You don’t need to use fancy tools; just asking a few questions and using common sense will serve you well.

21. Don’t be afraid to debate something you know is wrong. But also know when to stop arguing. It’s a fine line between having a good idea and being a pain in the ass.

22. If you have to go to your boss with a problem, make sure you have at least one solution.

23. There is no such thing as a dumb question, so ask it … once. Then write down the answer so that you don’t have to ask it again. If you ask the same person the same question more than twice, you’re an idiot (in their eyes).

24. Even if it takes you twice as long to figure something out on your own versus asking someone else, take the time to do it yourself. You’ll remember it longer. If it takes more than twice as long, ask.

25. Learn how to speak without using acronyms.

26. IT managers: Listen to your people. They know more than you. If not, get rid of them and hire smarter people. If you think you are the smartest one, resign.

27. IT managers: If you know the answer, ask the right questions for someone else to get the solution; don’t just give the answer. This is hard when you know what will bring the system back up quickly and everyone in the company is waiting for it, but it will pay off in the long run. After all, you won’t always be available.

28. IT managers: The first time someone does something wrong, it’s not a mistake — it’s a learning experience. The next time, though, give them hell. And remember: Every day is a chance for an employee to learn something else. Make sure they learn something valuable versus learning there’s a better job out there.

29. IT managers: Always give people more work than you think they can handle. People will say you are unrealistic, but everyone needs something to complain about anyway, so make it easy. Plus, there’s nothing worse than looking at the clock at 2 p.m. and thinking, “I’ve got nothing to do, but can’t leave.” This way, your employees won’t have that dilemma.

30. IT managers: Square pegs go in square holes. If someone works well in a team but not so effectively on their own, keep them as part of a team.

ShareThis

In the interests of full disclosure, I didn’t come up with this idea. I read about it in a computer magazine a year or two back but of course when I wanted to refer to it for this article, I couldn’t find it! But someone on Digg eventually managed to find it so here is the original article if you want to see it.As email providers give away more and more storage space, more and more personal information is being stored in those accounts. People are increasingly using their email accounts for more than just email - it has become their online document storage area with backup documents such as passwords, bank account numbers, account usernames, scans of correspondence and much more. Even if you don’t use your email for this purpose, you may still be inadvertantly revealing personal information in general conversation emails to family and close friends. A 6GB Gmail account or an unlimited space Yahoo account is potentially an information bonanza source for identity thieves who manage to figure out your email password and then go snooping. But if someone HAS cracked your email password, it may not be apparent to you. A snooper can easily read an email then mark it as unread again. So the best thing to do would be to set up an “electronic tripwire” so if someone breaks into your account, you’ll know about it.

Here’s how to do it :

1. Sign up for a website hit counter at www.onestatfree.com. You can leave a fake name and whatever URL you want (I used Google.com for mine).

2. You will then receive a welcome email from OneStat with a text attachment called OneStatScript.txt. Download this attachment to your computer and then delete the email (you don’t want any email snoopers finding it later). But before deleting the email, write down your OneStat account number as you will need it later.

3. Change the name of the text document to something that will make the email snooper salivate such as passwordlist. Also change the file format from a text document to a website page. So make it something like passwordlist.htm.

4. Email this newly-renamed file as an attachment to the email account you want to monitor. Make sure the email subject title also lures the snooper in (maybe something like List of Passwords. You get the idea :).

5. The trap is now set. Basically if someone opens the email and opens the attachment, OneStat will record a hit. If you then log into your OneStat account say once a day, you will see how many hits you have had to your

The OneStat account page then gives you details on each “visitor” including the date and time they accessed the web document and more importantly their location and IP address! So how does having this information help you? Well first of all, it will alert you to change your password to something stronger. Secondly, if you see the snooper’s location and you only know one or two people there then it narrows down your list of potential suspects. By the way, I recommended signing up for One Stat because the author of the original idea mentioned them. But if you know of any other hit counter services that send text documents to your email address, then please mention them in the comments. I don’t have any financial advantage recommending One Stat so I am perfectly happy to consider alternative companies. (By) Mark O’Neill is a blogger, writer and English tutor. Check out his blog at BetterThanTherapy.net

ShareThis

It seems like with every new version of an anti-virus, spyware, ad-ware, etc. programs are being made to hog more and more of your computer resources. With anti-virus providers attempting to increase their user base, each new generation of anti-virus program attempts to do more than the last and by so doing, also ends up stealing more of your computer’s resources. When you’re in the middle of a game, or editing a video and feel your system slowing down and come to find out that your anti-virus program decided that it was the best time to run a on-the-fly scan of running files on your computer, it’s time to ditch that program.

I’ve personally tried Symantec, Norton, AVG, ClamAV for Windows, but settled with Avast. All of the other anti-virus programs just hijacked my system attempting to run all sorts of real-time scans which sap previous CPU time and RAM. Avast easily takes the backseat while I do what I want, then when the system is not being used, it takes care of its business.

Out of all of the programs that I have used and  worked with, Norton Internet Security has to be the absolute worst of them all. Not only is it a paid program with features that several free programs offer, but it also has to be one of the most resource intensive programs. Many of the features users rely on will be blocked by Norton, so you can expect to have issues with sending pictures in email, have problems with Internet connection, and not to mention if you rely on remote connections to servers for FTP, SSH, or any other remote administration, Norton will see to it that you jump through hoops to use those. Try disabling the program and it doesn’t allow you to disable it permenently, just until the next system startup.

AVGFree has also gone the way of the resource hog. I’ve been a big fan of AVGFree but the company has to begin to offer a smooth upgrade from one version to the next. When Version 7 was first introduced, users on Version 6 received a nasty message every time the computer was restarted stating that the program would no longer be supported after the release of the new version. Why not just offer a nice upgrade message? Not quite sure what the thinking was but you had to install a separate instance of the new version of the program to “upgrade”. The same thing has happened with the release of version 8.  Version 8 also has a number of complaints from users about the amount of system resources it uses, so it’s best to avoid it. It’s a shame that an excellent program has become so bad.

Avast!, at least for the time being, is a safe alternative. Free to download and install, you will just be required to register with an email address to receive a license. The license is free so why you’re required to do this is a mystery, but at least you have a program that will give you the strong protection but is light on resources as to not become cumbersome to you as a power users.

Avast! Free can be downloaded here (download offered by Download.com: http://www.avast.com/eng/download-avast-home.html

ShareThis

In laymen’s terms, a Windows Registry is a centralized database used in Microsoft Windows 9x, Windows CE, Windows NT, and Windows 2000 to store settings and options for the operating system. It contains information and settings for all the hardware, software, users, and preferences of the PC.

The Registry contains information that Windows refers back to again and again as you use your computer, referencing profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.

It is important to keep your Registry clean and the only way to do this is to run a registry clean program, one specifically for the windows registry. A registry fix will identify and remedy any problems in your windows registry by removing the little bits of information that are left behind every time you have a failed installation or receive error messages when you add/update software on your computer.

ShareThis

Let’s face it, Windows machines get hacked, and in some environments it happens a lot. Fortunately, Microsoft has built numerous tools into Windows so administrators and power users can analyze a machine to determine whether it’s been compromised. In this tip, which is the first of a two-part series, I’ll cover five useful command-line tools built into Windows for such analysis.

1) WMIC: A world of adventure awaits
Windows Management Instrumentation Command-line (WMIC) is not merely a command; it’s a world unto itself. Offering a command-line interface to the ultra-powerful Windows Management Instrumentation API within Windows, WMIC lets administrative users access all kinds of detailed information about a Windows machine, including detailed attributes of thousands of settings and objects. WMIC is built into Windows XP Professional, Windows 2003 and Windows Vista. To use WMIC, users must invoke it by running the WMIC command followed by the area of the machine the user is interested in (often referred to as an alias within the system). For example, to learn more about the processes running on a machine, a user could run:
C:\> wmic process

Output of that command will likely look pretty ugly because an output format wasn’t specified. With WMIC, output can be formatted in several different ways, but two of the most useful for analyzing a system for compromise are the “list full” option, which shows a huge amount of detail for each area of the machine a user is interested in, and the “list brief” output, which provides one line of output per report item in the list of entities, such as running processes, autostart programs and available shares.

For example, we can look at a summary of every running process on a machine by running:
C:\> wmic process list brief

That command will show the name, process ID and priority of each running process, as well as other less-interesting attributes. To get even more detail, run:
C:\> wmic process list full

This command shows all kinds of details, including the full path of the executable associated with the process and its command-line invocation. When investigating a machine for infection, an administrator should look at each process to determine whether it has a legitimate use on the machine, researching unexpected or unknown processes using a search engine.

Beyond the process alias, users could substitute startup to get a list of all auto-start programs on a machine, including programs that start when the system boots up or a user logs on, which could be defined by an auto-start registry key or folder:
C:\> wmic startup list full

A lot of malware automatically runs on a machine by adding an auto-start entry alongside the legitimate ones which may belong to antivirus tools and various system tray programs. Users can look at other settings on a machine with WMIC by replacing “startup” with “QFE” (an abbreviation which stands for Quick Fix Engineering) to see the patch level of a system, with “share” to see a list of Windows file shares made available on the machine and with “useraccount” to see detailed user account settings.

A handy option within WMIC is the ability to run an information-gathering command on a repeated basis by using the syntax “/every:[N]” after the rest of the WMIC command. The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:
C:\> wmic process list brief /every:1

Hitting CTRL+C will stop the cycle.

2) The net command: An oldie but a goodie
While WMIC is a relatively new command, let’s not lose site of some useful older commands. One of my favorites is the venerable “net” command. Administrators can use this to display all kinds of useful information.

For example, the “net user” command shows all user accounts defined locally on the machine. The “net localgroup” command shows groups, “net localgroup administrators” shows membership of the administrators group and the “net start” command shows running services.

Attackers frequently add users to a system or put their own accounts in the administrators groups, so it’s always a good idea to check the output of these commands to see if an attacker has manipulated the accounts on a machine. Also, some attackers create their own evil services on a machine, so users should be on the lookout for them.

3) Openfiles: Deep scrutiny
Many Windows administrators are unfamiliar with the powerful openfiles command built into Windows. As its name implies, this command shows all files that are opened on the box, indicating the process name interacting with each file. It’s built into modern versions of Windows, from XP Pro to Vista. Like the popular lsof command for Linux and Unix, it’ll show administrators all open files on the machine, giving the process name and full path for each file. Unlike lsof, however, it doesn’t provide many more details, such as process ID number, user number and other information.

Considering the volume of information it gathers, it’s no surprise that the openfiles command is a performance hog. Thus, the accounting associated with openfiles is off by default, meaning users can’t pull any data from this command until it is turned on. This function can be activated by running:
C:\> openfiles /local on

Users will need to reboot, and when the system comes back, they will be able to run the openfiles command as follows:
C:\> openfiles /query /v

This command will show verbose output, which includes the user account that each process with an open file is running under. To get an idea of what malware has been installed, or what an attacker may be doing on a machine, users should look for unusual or unexpected files, especially those associated with unexpected local users on the machine.

When finished with the openfiles command, its accounting functionality can be shut off and the system returned to normal performance by running the following command and rebooting:
C:\> openfiles /local off

4) Netstat: Show me the network
The Windows netstat command shows network activity, focusing on TCP and UDP by default. Because malware often communicates across the network, users can look for unusual and unexpected connections in the output of netstat, run as follows:
C:\> netstat -nao

The –n option tells netstat to display numbers in its output, not the names of machines and protocols, and instead shows IP addresses and TCP or UDP port numbers. The –a indicates to display all connections and listening ports. The –o option tells netstat to show the processID number of each program interacting with a TCP or UDP port. If, instead of TCP and UDP, you are interested in ICMP, netstat can be run as follows:
C:\> netstat –s –p icmp

This indicates that the command will return statistics (-s) of the ICMP protocol. Although not as detailed as the TCP and UDP output, users can see if a machine is sending frequent and unexpected ICMP traffic on the network. Some backdoors and other malware communicate using the payload of ICMP Echo messages, the familiar and innocuous-looking ping packets seen on most networks periodically.

Like WMIC, the netstat command also lets us run it every N seconds. But, instead of using the WMIC syntax of “/every:[N]“, users simply follow their netstat invocation with a space and an integer. Thus, to list the TCP and UDP ports in use on a machine every 2 seconds, users can run:
C:\> netstat –na 2

5) Find: Searching output for useful stuff
Most of the commands I have discussed so far spew a lot of output on the screen, which could be hard for a human to look through to find a specific item of interest. But, Windows comes to the rescue. Users can search through the output of a command using the built-in find and findstr commands in Windows. The find command looks for simple strings, while findstr supports regular expressions, a more complex way to specify search patterns. Because the regular expressions supported by findstr go beyond the scope of this tip article, let’s focus on the find command. By default, find is case sensitive – use the /i option to make it case insensitive.

The find command also has the ability to count. Invoked with the /c command, it’ll count the number of lines of its output that include a given string. Users often want to count the number of lines in the output of a command to determine how many processes are running, how many startup items are present, or a variety of other interesting tidbits on a machine. To count the lines of output, users could simply pipe their output through find /c /v “”. This command will count (/c) the number of lines that do not have (/v) a blank line (”") in them. By counting the number of non-blank lines, the command is, in effect, counting the number of lines.

Now, with the find command, users can look through the output of each of the commands I’ve discussed so far to find interesting tidbits. For example, to look at information every second about cmd.exe processes running on a machine, type:
C:\> wmic process list brief /every:1 | find “cmd.exe”

Or, to see which autostart programs are associated with the registry hive HKLM, run:
C:\> wmic startup list brief | find /i “hklm”

To count the number of files open on a machine on which openfiles accounting is activated, type:
C:\> openfiles /query /v | find /c /v “”

Whenever counting items in this way, remember to subtract the number of lines associated with column headers. And, as a final example, to see with one-second accuracy when TCP port 2222 starts being used on a machine, along with the process ID using the port, run:
C:\> netstat –nao 1 | find “2222″

Researching output
With these five tools, users can get a great deal of information about the configuration and security state of a Windows machine. To use each command in identifying a compromise, however, a user needs to compare the current settings of the machine under analysis to a “normal,” uninfected machine.

There are three options for establishing a baseline comparison. First, if the user is an experienced malware hunter, he or she may have a sense of what is right and what is wrong with a given kind of machine, identifying evil or unusual stuff based on experience. Alternatively, this comparison can be performed against a clean, uninfected machine, if there is one handy. If there isn’t, a user may need to rely on a third option — researching specific files, process names, file names and port numbers identified by these commands and searching for them online to determine whether they are normal for a given machine and the software it has installed, or whether they are associated with a some type of malware.

In this tip, I have discussed five powerful built-in Windows commands. In a future installment, I’ll finish out our top 10 list by looking at some little-known but immensely useful features of the tasklist, reg and ipconfig commands, as well as iterating with FOR loops and launching administrative GUIs via the command-line.

About the author:
Ed Skoudis is a SANS instructor and a founder and senior security consultant with Intelguardians, a Washington, DC-based information security consulting firm. His expertise includes hacker attacks and defenses, the information security industry and computer privacy issues. In addition to Counter Hack Reloaded, Ed is also the author of Malware: Fighting Malicious Code. He was also awarded 2004, 2005 and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. As an expert on SearchSecurity.com, Ed answers your questions related to information security threats.

ShareThis

With the huge number of things we can do today from our computers and laptops, a computer users worst fear is that someone has illegally accessed their computer and has access to their files and their information. With online banking, E-Bay, and other online shopping, our computers now store an immense amount of sensitive financial and personal information. The last thing any user would want is that information floating around the Internet to be used by others online. The number of identity theft crimes reported is growing exponentially and it can be stopped by users practicing safe computer and Internet usage.

One of the most key items any computer user should have installed on their computer is a software firewall. Most users will have at least some form of anti-virus, and maybe some anti-spyware software, but most users lack a software firewall. A firewall is one of the most important things you can have installed on your computer because it is your last line of defense against intruders on your computer.

Let’s face it, users are going to download music, and other things online so just advising users to not download items that they know they can trust is not feasible. People are going to download music, free programs and more. Files are going to come into the average computer users computer regardless of what security experts advice. It’s like saying that if you just cover up your mouth and never breath, then you won’t catch a cold. That’ s just not going to happen. You are going to go outside sometime and be around other people, and it is inevitable that you will catch a cold. Likewise, users will download files and a malicious file will at some point enter a users computer/

Once a malicious file is in, it’s up to that computer’s safety programs to protect the user. Many of the malicious programs out there are going to try and hang around the computer until important information is entered into a form on the Internet and once the user types in the information, the bad program takes a copy of it and tries to send it back to the owner of the bad program. All of this, obviously, without the user knowing. These programs will attempt to send the information back through non-standard ports on the computer, ports that can be blocked by a good firewall program.

Now, don’t just rush out there and buy some $60-$100 firewall security program at your local computer store. There are alternatives that will secure your computer for free. I recommend using Zone Alarm. It is 100% free and can be downloaded for free from download.com here: ZoneAlarm.

ShareThis

DigiCert’s unique business model for Certificate Authorities (providers of Trusted SSL Certificates to Secure Web servers) has been gaining noteriety and is now on the radar for phishers and other scammers.

This week, according to McAfee’s Top Phishing Email Report, thousands of emails have been sent out regarding Comerica Bank’s DigiCert SSL Certificate Expiring requesting users to click on a link to update the certificate. The link downloads a virtus-infected file to the user’s computer. Although Comerica Bank is not affiliated with DigiCert and not even a DigiCert customers. This wave of phishing emails shows that DigiCert is the dark horse of the SSL community.

For the last few years DigiCert has quietly gone about drawing in new clients with their amazing SSL technical support and extremely affordable prices. With Verisign, Thawte, and Commodo clients flocking to DigiCert for SSL certificates, DigiCert is now on the radar for phishers, scammers, and also other SSL certificate providers. Utah-based DigiCert, offers the highest level of trust and security for its clients. DigiCert’s certificates are domain and company validate so if you see a site using a DigiCert certificate you need not worry, they’re not scammers. SSL Certificate authorities generally validate just the domain name, meaning that when a customer purchases an SSL certificate, all they’ve had to do is respond to an email….that’s it.

DigiCert takes SSL certificate validation to a whole new level validating companies to ensure that they are legally active with a government registration entity, that customer’s actually have control over the domain name to be secured, and that the business’s current office address is verified. When a business received a DigiCert certificate, they are legit.

With a unique business approach and DigiCert’s fresh, industry changing management style, they’re here to stay….and other certificate authorities are feeling threatened. With DigiCert’s growth will come more backlash from other certificate authorities as they stand to lose thousands, even hundreds of thousands of dollars due to their clients opting to do business with DigiCert.

ShareThis