Main advantages

At a first glance, Avira has a user friendly interface making it easy to understand and handle. Apart from this, there are several other features you can notice from the first day of use:

Simple installation process. It only takes a few minutes and several clicks!

Easy to set up. You don’t have to be a computer guru in order to understand the way it works and set it up according to your preferences and needs.

Excellent scanning technology and frequent updates. Avira uses up-to-date technologies and updates its virus signature database regularly in order to provide top notch virus protection in real time. Avira is one of the antiviruses that perform signature database updates most frequently.

Effective protection. This antivirus monitors every active process and acts immediately if any threat is found.

Includes all virus protection tools. Avira is fully equipped with Antivirus, Anti Spyware, Anti Adware, Anti Dialer, Anti Spam, Anti Bot, Anti Rootkit and Anti Phishing tools.

Game Mode. Avira won’t pester you with notifications while you play!

The WebGuard module. This is a recently added feature. It will protect you against threats while surfing the worldwide web or downloading from web pages.

Avira Premium license. If you purchase Avira Premium, the protection of three computers will be guaranteed.

What is the WebGuard module?

This element sounds a bit fancy, so you might have been wondering what it’s all about. The moment you access a web page, WebGuard will perform routine checks to determine whether the page is compromised or hosts malicious content. It can completely block and isolate the page if it poses a threat to the security of your computer. The WebGuard feature acts like a toolbar and is compatible with most of the well known web browsers.

Moreover, if a certain web page prompts you to download a dangerous file, WebGuard can recognize it before you download and install it on your computer. This is something most antiviruses can’t do!

Outstanding firewall

A firewall acts like a virtual barrier against online threats. A firewall blocks network ports suspected to be involved in malicious activity. For example, a firewall can offer effective protection against spyware or prevent “evil” cookies from sending over private information that would normally be stored in your computer (cookies are files containing information about your user identity and also about your computer). A weak firewall can make your computer vulnerable to attacks that can bring your system down to its knees and jeopardize your personal information or files.

Avira comes with a very powerful firewall. It is user friendly and easy to configure, since you can adjust its settings using slide controls. However, avoid setting it up to be too paranoid, you might end up facing useless restrictions that can be even more annoying!

Free vs. Premium

All these features sound amazing indeed, but we all know nothing is entirely free. Since Avira comes in both free and premium versions, the question is: where did its developers set the limit? From what point will you have to pay in order to benefit from complete protection? When we think about the fine line between a free license and a paid license, there are three common questions we tend to ask ourselves:

Which features are restricted in free versions?

Avira comes in three versions: Free, Premium and Internet Security. Avira Internet Security is the full version of the software, comprising all features. The free version does NOT include: AntiVirProActiv, RescueSystem, MailGuard, access to Fast Premium update server, Anti Spam, Firewall, Game Mode, Backup System, Anti Bot and Parental Control. The Premium version includes all features, except Anti Spam, Firewall, Backup System, Anti Bot and Parental Control

How much will it cost?

A full Antivira Internet Security license for one year costs about $52, whereas for a one-year Antivira Premium license you will have to pay $26.

The third common question – which is also the conclusion for today – is it worth it? Well, this is only up to you to decide. Avira is a powerful antivirus with 99.5% detection rate. It gained the first place in 2008 for speed, followed up by an “Advance+” distinction. Moreover, both antivirus and antispyware components are entirely compatible with the most common network technologies developed by Cisco Systems or Juniper Networks. This is what made Avira one of the first developers to receive an OESIS OK Gold Certification.

So the answer to our question is yes. It’s totally worth it, and given the above mentioned facts, it’s fair to say Avira is one of the most powerful antivirus programs on the market. So if you were thinking about getting protected, you now know what to choose!

Related posts:

• Keeping Your Website Free of Malicious Scripts
• The Overlooked Connection Between Computer Viruses and Site Security
• Clickjacking: What is it and How You Can Protect Yourself?
• Securing Windows for Web Hosting Safety
• The Release of the February 2011 Email Security Report
• Understanding Website Viruses
• Website Viruses – The Importance of Secure Web Pages
• Website Security – 4 Ways to Secure Your Website
• The Top 3 Web Hosting Security Issues
• The Need for PCI Compliant Hosting

The private goes public

It’s actually more accurate to say that Facebook is becoming the epitome of just about every internet privacy complaint ever lodged.  Their bad reputation began in 2007, when their underlying code was leaked onto the Internet.  This was a gold mine for hackers, showing them all of the backdoors they needed to extract all sorts of personal information quickly and quietly.

Once this issue was fixed, in November of the same year, a project called “Beacon” allowed 3rd party websites to embed a small script onto their pages that would automatically send all sorts of user information and statistics to Facebook.  Facebook was now places that Facebook users didn’t even know about, creating a very creepy feeling.  Astoundingly, this program was allowed to continue for almost two years.

Identity games

Facebook makes it amazingly simple for users to make accounts that are in the likeness of someone else, enabling all sorts of easy defamation.   While this has always been a concern online, Facebook’s construct makes this very easy to do, and very difficult to combat.

In one case, a man who goes by the online handle of “Lefty” has documented the lengths that someone decided to go through to impersonate him.  The way that Facebook’s privacy settings work makes people like his stalker extremely difficult to stop, as someone with a new account can block you the moment they create it, making it impossible for you to know they exist unless someone tells you.  “Lefty” went so far as to drive to Facebook’s headquarters to get answers.  Facebook’s response amounted to little more than a shrug.

A worrisome alliance

That Facebook would use, sell, and allow compromising of a user’s personal information is all bad enough.  Worse was that it wasn’t only to other companies that they’ve proved willing to make these deals.  Facebook showed that it was just as willing to bow down to governmental requests as it was to other businesses.

Buckling under pressure is one thing.  Webmasters who face legal action have to confront this question all the time.  Facebook, though, has shown almost a gleefullness in willing to fork over to just about whatever government agencies just about whatever information they want.  They’ve stated that, all that they require of the requesting agency is a “good faith belief” that they will use the information obtained in nothing more than an honest pursuit of evildoers.  Those of us a bit jaded these days at the notion of any government agency earning such “good faith” would rightly get a chill at this naiveté.

It gets worse.  Facebook announced in mid-2011 the launch of its own PAC (political action committee) that would allow its corporate employees to donate money to their favored political candidates.   This is not an unheard of strategy for large software developers or for large web companies; Google and Microsoft both have PAC.  But combine this with the above kowtowking, and then add into that the assertions that Facebook as a whole leans to one side of the political aisle, and you have the recipe for one gargantuan mess of corruption that would make Richard Nixon proud.

Anti-social Extremes

One more area in which Facebook creates problems for the user concerned with privacy is in their sudden, unpredictable update of entire systems of software.  Now, software updates by themselves are normal.  Facebook, though, takes it to new anti-social extremes, with wholesale layout and information access makeovers with no forewarning.  It’s starting to become commonplace to wake up one day and find your feed looking utterly different than it did before.

On a simple usability scale, this is irritating.  On a privacy level, this is nightmarish.  Users never seem to have any notion anymore of what information is private and what is public.  By all measures, there seems to be more help shared between users than there is between those users and Facebook.  It’s an unbelievable bit of callousness, one that has resulted in an amazing phenomenon: there are half a billion Facebook users, and most of them are conscious of the fact that this is a relationship based on mutual disrespect.

Looking forward

Privacy giant EPIC (Electronic Privacy Information Center) has begun to lead the charge to the Federal Communications Commission to look into Facebook and their privacy statement as well as their practices.  Pardon the obvious pun, but at this point it’s hard to not look at Facebook’s approach to its own user base as, literally, an EPIC failure.

What does this mean for their future?  Right now Google+ is starting to siphon off their user base, and it’s likely that both they and other networks will endeavor to do the same.  On the other side, Facebook has not yet shown anything beyond the barest of lip service that they have any intention of changing course on any of these approaches.

At the same time, Facebook is still the largest social networking web site in existence, and that momentum means something.  Look at, for example, the Occupy movements, or for that matter, any of the major political movements that have sprung up in the last 3 years.  It’s a hard sell to try to tell these people to move to a complete different service when they know full well that all of the people that they want to reach are on this one, and time is of the essence.  Many of them would like to do so, but have to consider pragmatics as well as values and privacy concerns.

This is a hard one to predict.  Unless Facebook changes course, what will most likely determine its future is how well sites like Google+ and other competitors make it easy to jump ship.  If they do, all of the things that Facebook is doing to ignore privacy and other concerns just might soon come back to bite them.  Bigger empires have fallen before.

Related posts:

• Competition in Social Networking: The Rise of Google+ and the Status of FaceBook
• Web Site Or Facebook? Depends On Your Needs!
• Arm Yourself with the Top 5 Android Apps
• Top 10 Features of Facebook
• Facebook vs. MySpace – The Battle for Supremacy
• Facebook vs. Google Plus
• Top 5 Social Networking Platforms
• Top Apps for Blackberry Smartphones
• A Dark Cloud: Anonymity and Privacy Fall Further Before a Cloud Computing Experiment
• Life Blogging and the Web 2.0

Changes, Changes

The interface will be one of the places where you begin to see the wide host of differences that have been made with this year’s edition of Bit-Defender. Now showing a dark minimal interface that lacks the options of the past for their intermediate and advanced options panels, they have cut down on clutter and chaos by deciding for you which options you need available right at hand. You can, of course, change this in the options panel and make sure that you have your advanced tools there as well, but starting out, this is it. However, finding the menu to do so if you choose to change these options might prove a bit tedious and confusing.

While definitely lower priced than its competitors, the thing that their competitor has that this program lacks is the ability to install alongside or with other security programs also installed. Bit-Defender is so anti-social that it will refuse to install when there are even any remnants of other security sources installed. So it is recommended that you use an uninstall sweeper program to make sure that every last bit of your old security and anti-virus programs are gone first or install only on a fresh computer, otherwise it simply will not install.

Some of the new tools that have been added include:

• Chat scanners
• Phishing protection
• Firewall
• Parental Controls
• File encryptions
• System optimizer
• Online backup

It is safe to say that while other programs offer these kinds of tools, they do so at a much higher price and a much longer installation time. With install time (and this includes registration) clocked at just under 2 minutes, Bit-Defender definitely has the market cornered on efficiency.

Interestingly enough, Bit-Defender now has an application that is also free for all FaceBook users: http://apps.facebook.com/bd-safego/. Having tried this little application, we definitely would have to say that it is non-invasive and trustworthy having caught and filtered out the infamous “Facebook Pornography Spam Attack” of last week. That little catch in and of itself was quite impressive!

Does not play well with others

Once installed, Bit-Defender does a preliminary scan and makes certain that it is not being put on an already infected machine (sorry, you folks who bought this as the answer to your virus problem, no go, here). Then, you can go into choosing one of many levels of scans available for your needs from the basic levels to the highly paranoid. Best to make sure you read the help files about the one you chose though. If you do not currently have time for a forced boot time scan, you need to choose full, not complete, or you will wind up having to do this tedious bit of work.

Once uninstalled, you’d think that a program so anti-social would make sure to clean up after itself, but unfortunately this is not the case with Bit-Defender and is perhaps our biggest issue with it. When the program is uninstalled it leaves behind traces in your registry that will need to be fixed in order to ensure proper running of your machine or of any other security program that you might choose to install. Once you uninstall the program, you should, to be safe, make sure that you use a registry fixing tool in order to ensure the health of your machine and its proper running.

All in all, if you can put up with the quirks of this program or you are installing it on a brand new, just built system, then you will be in heaven with this program and it’s relatively small cost. The tools that it offers are indeed extensive and will protect your computer from even the harshest of viruses and malware.7. However, if you are looking for help for an already infected machine, best to look elsewhere for the program that will best suit your needs.

Related posts:

• Data Backup and Recovery Solutions
• Secure Shell Security Tips
• Locking Your Online Business Using Website Encryption
• The Overlooked Connection Between Computer Viruses and Site Security
• Top 3 Important Aspects of Web Hosting Security
• Website Security – 4 Ways to Secure Your Website
• Website Security: Avoiding Downtime That Results in Loss of Profit
• Five Simple Website Safety Tips
• SSL vs. TLS: Which Provides the Best Protection?
• Hack-Proofing Your Dedicated Server

The point of the study was to investigate how the emergence of multiple information technologies simultaneously combined to create a synergistic effect in information sharing.  In other words, the study meant to ask this question: with all of the information that exists on the web, combined with the increasing power of artificial intelligence to decipher it, is there any privacy anymore?

Do you really want this answer?

While the study fell short of saying “no” outright, the results are sure to send a chill up the spine of any privacy advocate.  The combination of all three parts of the study showed that, just using publicly accessible data, you can go from a picture of them to private information in a matter of minutes, assuming that the information they grabbed was already publicly accessible.

Let me repeat. If you are walking down the street, someone can take a picture of you using their cell phone and potentially know your Social Security number, sexual orientation, or home address in just a few minutes.

Why isn’t anyone saying anything?

If it seems like this should be major headlines and isn’t, there are two reasons for this, and neither of them have anything to do with the importance of the topic.

1. It’s not that new

No one single technological element of this study is new to us. Facial recognition technology goes back decades, and has been in more frequent open use in the last 10 years following post-9/11 security upgrades.

As for the other side of the equation, illusions of any real privacy on the internet have mostly disintegrated.  FaceBook may make headlines now and then when they do something bone-headed with their accounts, but we’re well aware that they are far from the offenders, and this is likely to continue.

What’s new isn’t any one item, it’s what you get when you combine them all together, something which is much harder to notice until someone does a study like this one.  In that sense, then, we might be the proverbial frog in the pot of water.  Now that we’re starting to see where this is all going, we may be wondering if this is just a bit too toasty warm for us all.

2. Have too many of surrendered?

The other reason that you may not hear too much about this is that there are a lot of people who have assumed these types of developments are inevitable.  Even before “World Wide Web” became a household term there were a number of pop culture fictional worlds in just the 1990′s alone that essentially told the viewer “Abandon all hope, ye who enter here.”  “The X-Files,” “Enemy of the State,” “The Matrix,” even “The Truman Show” were among the onslaught of movies and TV shows that convinced the user that it didn’t matter what they did: Big Brother was moving in, so you might as well setup a bed for him.  The fact that a TV show by that name (“Big Brother”) premiered in the 1990′s, and people tuned in without seeing or caring about the irony involved might be the strongest proof of this phenomenon imaginable.

So what do I do?

I hate to compound bad news with more bad news, but the simple truth is this: we don’t know.  No one seems to.

Right on this very website are articles about how to get your information more publicly visible through various search engine optimization tricks.  We talk all over the place about how important it is to make it easy for others to find you.  Now suddenly we want to change course.  Can we?

Here’s the problem: all of the advice we can give for you on this you’ve heard already.  Use good passwords, don’t give out personal information when you don’t have to, all of this you’ve been beaten to death over.  This also doesn’t do anything for the fact that your name and information will make it out there in all sorts of ways that you don’t think of.

Anything more secure than that starts to move you towards places where you simply reduce your electronic presence entirely.  Is it that easy, though?  If you are some web-based business, of course the answer is no.  If you are just some artist trying to get by perhaps you can envision this, but that’s a lot easier than doing it.  The internet is sort of like the mafia that way: once you’re a part of the family, trying to remove yourself later from it is a dubious proposition.

I’ll give a few quick tips that can maybe dull the danger a bit:

1. Don’t give out information needlessly

2. Use secure connections at all times

3. Always use your common sense

4. Find other privacy advocates.  If you are really are diehard about trying to make yourself invisible again, there are movements based around this idea that can give you decent advice and support.

The best advice: Just be ready for it

Truthfully, though, I’m wary of giving too many tips because I don’t want to setup the impression that any of these things are magic shields.  I’d rather in turn just get you used to the idea that this is how it is.

Here’s an exercise: when you do anything whatsoever online, start out with the assumption that the entire world is over your shoulder watching you.  Pretty scary, huh?  Let it sink in though.  Once you accept this worst-case scenario, you realize that in the end this is something you can deal with.  It’s a huge life lesson to work into what you probably thought was just a technical article, but it’s true: if you  base less of your life and livelihood on secretiveness, and more of it on “things that can’t be taken from me”, you’ll have less to worry about.

19^th century theologian Søren Kierkegaard said as much, that the man who bases his safety on how secret is his life is doomed to failure.  Maybe coming here for a sermon was not what you had in mind.  As we start to realize that cyberspace is a monster that has long gotten out of our control, though, maybe a word or two from our wise men is not such a bad idea.

Related posts:

• Data Backup and Recovery Solutions
• New Cloud Security Platform
• A Look at Security in the Cloud
• Is Cloud Computing Behind the Twitter Hack?
• The Insecurity of Web Upload Forms
• Microsoft Cloud Solutions
• Web Site Or Facebook? Depends On Your Needs!
• IaaS, PaaS and SaaS Explained
• Seriously, What is the Cloud?
• Battle of the Giants: Linux and Windows Compared

How does it work?

Click jacking works by hackers creating a button on a web page that does something other than what it is saying it will do. For example, the button could be a simple submit button. However, instead of submitting the information for that newsletter you wanted, you just ordered a 4-year subscription to playboy magazine. It is the art of overlaying an invisible page over the page that you see and collecting information which is then used to defraud you. Some of the tricks that have been used are:

• Tricking users to enable their web camera and audio through a flash pop-up (Adobe has fixed this);
• Making users social networking profile information public if it was previously private;
• Forcing someone to follow someone else on twitter. This is usually someone who posts bad pornography and other things found repulsive;
• Forced link sharing on FaceBook and other link sharing networks.

Another way that it works is when hackers are paid for how many clicks on an advertisement that is found on their web pages, or how many times a particular ad is shown. They use a form of malware called “DnsChanger” which depends on subverted servers and a user becomes redirected through infected networks, putting money in the hackers’ pockets and opening up your computer for serious infection.

I have a Mac (Linux, UNIX or other OS). I’m not at risk, am I?

Yes, you are at risk. Because this kind of attack uses the browser as its carrier, anyone can be at risk no matter what operating system you run. Also, since the software that gets installed into your computer from clicking on an infected link or button prevents you from getting to anti-virus sites that would remove it, most users who are not paying close attention would never know that they were infected.

What can I do to protect myself?

There are a few things that you can do to keep yourself safe. First of all, making certain that you are keeping an eye open to the web pages that you get directed to when you click on any links. Make certain that they are within the domain that you expect them to be! For example, if you go to an iTunes website to buy some music, it should read something like store.itunes.com. If you have been click-jacked, it will read something similar enough that you may not notice it unless you read it carefully. So please, keep your eyes open! Also, there are add-ons for your browsers that you can use that, while taking some functionality away, will keep you safe. For Firefox there is NoScript which blocks all potentially dangerous scripts. If you want to see a You Tube video though, you will need to tell the add-on to let you through. It can be tedious, but it is worth it.

One other option that is a bit on the extreme end is to use a text only browser like Lynx. It is exactly what it sounds like it is, a browser that allows nothing but text through. This is a very extreme action and one that is sure to make less of your internet browsing experience, but if you are that worried it is a good idea. Just make sure that the instructions are read through carefully; many users have reported that the program is difficult to get up and running and the developer admits to not having the time to offer technical support.

What are my options for server side protection?

You can protect your website users from click-jacking attacks by using a bit of Java code called a Frame Killer. What this does is stops any of the triggered content from being showed within a frame, which prevents click-jackers from making their move. For those who wish to implement it, a good cross-browser code set is:

<script type=”text/javascript”>

If (top != self) top.location.replace(location);

</script>

By using this, most click-jacking attempts will be thwarted as well as several other types of attacks that rely on frames being used within a website. While this can be reliable in almost all circumstances, it still pays to be as cautious as possible and to urge your website users to install things like NoScript and to use practical sense when browsing the Internet. Such words of caution will help both your readers and yourself by keeping attackers from your site.

What do I do if I think I’ve been affected?

The FBI website has an entire taskforce that is on just this issue. The project is called “Operation Ghost Click” and has materials on their site to help you determine if you have been infected. If after doing this simple test where you put your IP address into their searching box and it turns up that you have been affected, you will be given further instructions on how to file a report and assistance on gaining control over your IP again.

After you have made your report to the FBI, please bring your computer to a computer professional who you trust to remove such malware from your system. Because of the fairly new and complicated strategy that has been taken concerning this attack, users should not take their computer safety lightly. Have a professional help you.

It once again all comes down to being safe on the internet. Keeping an eye to your browser address window and not clicking on things that your gut may be telling you are not right in some way are things that you should follow through. Also, keeping good anti-virus software up to date on your system will help you to remain away from sites that are infected.

Related posts:

• Avira Antivirus Features
• The Overlooked Connection Between Computer Viruses and Site Security
• The Top 3 Web Hosting Security Issues
• Protect Your Site From Maliciously Activities
• Malware Attacks on the Rise
• How to Find Secure Shared Hosting
• Data Backup and Recovery Solutions
• Battle of the Giants: Linux and Windows Compared
• Bit-Defender Internet Security Review
• A Dark Cloud: Anonymity and Privacy Fall Further Before a Cloud Computing Experiment

However, as with all children, the internet grew up. Other governments began implementing the code, began connecting themselves across the network of fiber optic cables that had now been laid and they “went online” doing many of the same things the US government did. Then, it was that the creators of this marvelous invention learned that, as a teenaged creation, it had many of the problems a normal human teen had.

The Internet and its Growing Pains

Fast forward to present time, the internet as we know it is about 20 years old right now and is experiencing the issues that many young adults do when they are given their first taste of freedom. They start letting in friends that their parents don’t like (Viruses). As people are taught to understand how to program and code for the military also for civilian causes, there was going to be those people who learned how to get around systems security and how to exploit weaknesses in code. In fact, there are hundreds of people hired annually by various governments that this is their only talent. They affect the system that has been created so that those who own the system can make it stronger. As was only expected though: there are those who do not put their skills to such use and, either through actual malicious intent or just idle curiosity, they begin to do things such as hack into satellites and take control of them. Perhaps they just wanted to peek in on the young women who are skinny dipping in the ocean. On the other hand, they might have been testing their ability to do so in order to go ahead and hack into one of the spy satellites and gather valuable classified information and use it against that country. Unfortunately, in this day and age we dare not take any chances when guessing the motives of the individuals in question.

Those are the Money Words, my friend.

The knowledge of an assault that occurred some years ago was finally released to the public last week, in which it was suspected that Chinese nationals hacked into 2 satellites and took total control of them. While china denies the allegations made, the fact remains that someone did. This means that, as a nation, we are vulnerable in a way that no one thought would happen. So it was that military and government agencies have begun to reach out to what they are calling the “visionary hackers” for assistance in the matter. A visionary hacker, from what I can conclude, is a hacker who is capable of doing all of these things but only does them in order to:

1. See if they can
2. To sell their knowledge to governments in order to secure paid positions

What better way to do combat in the world west than to hire those who would be outlawed by the rules of “more civilized society”?

The phrase of the time seems to be the desire to “converge with the threat” which can only be done by getting into the heads of those who are capable of launching these types of attacks.

Where did we go wrong?

After some advanced analysis, it was shown that the governments’ security systems are based off of huge banks of code, running into tens of thousands of lines. In comparison, most malware is only a negligible 125 lines. Short, clean, simple and to the point seems to be the key to their effectiveness. Most coders who choose to do this as a living, either legally or illegally, pride their ability to deliver what they call “elegant” code. This means that the code is well notated so that others can see exactly what the code is supposed to do. The longer that a program’s code is, the more chances for failure present themselves.

Unfortunately, it would not be the logical thing to totally disable nations system of protection protocol and software in order to clean up the system and to make it simpler. There is only one option left to those in power and that is to engage in those who can get into the base of the code and clean it up while it is still doing its job. This is not a simple task and presents its own dangers, of course, but at least it would not leave the entire nation unprotected while it was being worked on.

Where does this leave us as a country?

First, we need to make sure that we are not just looking at this as a one country only problem. We are actually experiencing the birth of a global community and global economy. Never before in our history have so many countries been interdependent for basic needs such as defense and economics; if one link fails, the whole house of cards will be tumbling down.

Once that viewpoint is strengthened and we are looking at the situation with those lenses, we can begin to work on the actual problem at hand. We have a need for simpler, more stringent code. We also need to make sure that we do not take so many human positions out of the picture that we leave ourselves open to attacks that were not possible before. When you replace a human soldier on a reconnaissance mission with an unmanned drone, you open yourself up to hack attacks and, potentially, will lose control of that drone. When that occurs, on whose head are the deaths caused by the drone firing on the people of the country that created and deployed the drone in the first place?

Simpler code, more human positions and common sense will be the answers to these problems, if ever those in power can come to see it.

Related posts:

• Data Backup and Recovery Solutions
• Battle of the Giants: Linux and Windows Compared
• Avira Antivirus Features
• Bit-Defender Internet Security Review
• A Dark Cloud: Anonymity and Privacy Fall Further Before a Cloud Computing Experiment
• Clickjacking: What is it and How You Can Protect Yourself?
• Security Aspects to Watch for in Your Server Logs
• Keep Your Site Safe – Learn What Not to Do
• How To Deal With A Possible Intruder On Your Server
• How to Keep Your Server Safe From Common Security Problems

Piracy of information has been a problem for a long time.  Bootlegs of concerts and copies of videotapes have been black market staples for decades.  The advent of the internet, though, has raised this problem to a new level.  Just about all but the most in-person art forms are now easily digitizable.  If they are digitized, then they can be copied to every person on the planet almost instantaneously.

This is a startling development that few people saw coming, and a monumental problem for defenders of intellectual property.  In turn, they have often taken what amounts to “scorched earth” policies to combat it.  Arguably, the worst of these yet is now under consideration.  It is known as “SOPA” or the “Stop Online Piracy Act” … and it has internet freedom advocates sounding the alarm like never before.

Is it that bad?

As with all modern legislation, 112 HR 3261 is a plate of legalese spaghetti.  At 78 pages, it’s actually kind of short as modern legislation goes.  If you are reading it, though, and you fall on your face as you try to cut your way through lines such as…

“If an effective counter notification is made under subsection (b)(5), or if a payment network provider fails to comply with subsection (b)(1), or an Internet advertising service fails to comply with subsection (b)(2), pursuant to a notification under subsection (b)(4) in the absence of such a counter notification…”

…you could be a bit forgiven.  As always, then, we have to go by the read from the “experts” on this, and we know how often they’re in agreement.  Still, going to the authorities that we trust most here, such as the Electronic Freedom Foundation, this looks really bad.

A first power – private enforcement of complaints, and lots of it

What seems to make SOPA so bad is that its approach to potential “rogue” web sites or copyright infringers is little less than “Whatever you have to do”.  The main target for this legislation is anyone who abets the web site in question.  This includes not only those who host the site but anyone who has even an indirect hand in its continued operation, with payment processors the primary target.

The way that SOPA works for most reviews is this.  Someone lodges a complaint against a web site.  The web site operator passes the complaint on to the web site operator, who has 5 days to issue a retort.  At that point, if the original one complaining wants to, they would take legal action.

This is not new; it is roughly how the DMCA (Digital Millennium Copyright Act) works.  What makes this worse is that it is not just web hosts that are required to cut off the accused web site, but payment processors and ad networks as well.  The potential for abuse here is obvious.

Enforcements expands to almost everything

Search engines would also be saddled with the duty to prevent the offending site “from being served as a direct hypertext link”.  Software to get around any such blocks would be outright illegal.  This is an especially ominous precedent, as it states that certain types of programming now be made illegal.  Step back for a second and just picture what a future based on that kind of idea could lead to.

A further extension of this attack exemplifies why such blunt measures often have the potential to do far more harm than good.  ISPs would be included in the list of companies whose responsibility it would be to cut off access from the offending site.  But this is like finding a fish by draining the ocean.  A domain name can handle traffic that serves all manners of functions related to all types of web sites.  Forcibly shutting it down over a single complaint could rip the interplay of websites, indeed the very concept of the “web” apart.  A past example of this occurred when 84,000 sub-domains of “mooo.com” were shut down due to a complain about the content on one of them.

Finally, the bill ventures into the creepy territory occupied by enforcement agencies which require that their citizens spy on each other.  Websites that don’t sufficiently target sites “dedicated to infringing activities” are also considered in violation.  As is often the case, what constitutes sufficient enforcement on their part is unclear.

Please tell me that some people are standing up against this!

Yes, they are, and it’s not just the EFF.  US Representative Zoe Lofgren, one of the most consistent voices in Washington DC against most intellectual property legislation, stated this legislation would bring about “the end of the Internet as we know it”.  From anyone else this might be laughable alarmism, but as the Congresswoman representing Silicon Valley, Lofgren has been described by one tech group as someone who “understands how the Internet works.”

Other opponents to the bill include Google Chairman Eric Schmidt, who vowed that even if passed, “we would still fight it”, a bold declaration of resistance.  Fred Wilson of the Business Insider described the bill as being crafted “without any input from the technology industry”.  Even some artists have spoken up stating that, to the contrary, SOPA will stifle creativity.

Why is this happening?

This is happening because the media empires of the world are getting frantic.  Oceans of copyrighted data are passing through networks all around the world and the efforts of those trying to stop it are roughly the equivalent of someone trying to keep the rain from hitting the ground by running around with a bucket.  Data about how much less money people are spending on copyrighted content comes in every day.  Sorry to be putting it in cynical sounding terms, but in the end, it is simply about money.

This isn’t to short-circuit the debate about intellectual property entirely.  This has been a long-discussed topic in technical and political circles, and even without this new legislation was likely to not be going away anytime soon.  In the meantime, though, this legislation from all we’ve seen signifies a very worrisome turn.  It seems to have been stalled for now.  We can only hope that this continues until something that seems like it responds to the IP conundrum with something less than taking a hatchet to the entirety of the Internet is crafted.

Related posts:

• SOPA: A Reflection of a Mighty Battle
• Controversial SOPA and its Siblings PIPA and OPEN

• Anyone at your email or Internet provider who wants to
• Anyone at your lover’s email or Internet provider who wants to
• Anyone who works at any of the places in between that house the routers that handled the data from your email who wants to.

Your secrets are not safe when you do not use encryption on your email.  While this situation is personally embarrassing, imagine how devastating this would have been if it were a corporate email sent speaking about the release details of their newest offering in the technology world.  The competition now has them and you might as well begin again at the drawing board, assuming that you still have a job.  With this article we hope to help you set up email encryption for your computers so that these situations never have to become a personal reality.

Software Solutions

Perhaps the simplest and least aggravating approach to applying encryption to your email messages is to make use of one of the many software solutions out there.  The very oldest and most well-known software for this would be PGP (Pretty Good Protection).

Using 128-bit encryption, this software (which is now owned by Symantec, creators of Norton) takes a lot of the guesswork out of the encryption experience by automatically discovering certificates and keys as needed and automatically encrypting all sent and received email without the user needing to do much of anything.  This particular software supports both common forms of encryption, S/MIME and OpenPGP, and uses a proxy as a method of keeping your information secure.

If you are brand new to encryption, then you would do well to look past the price tag, and realize that you are buying a lot of peace of mind.  This software is highly recommended as it does not disrupt the recipient or the senders email experience at all.

Client-based solutions

Many email clients now offer the ability to send and receive encrypted email through the use of settings within the program itself or add-on programs for the client.  At this time, the two most well-known clients for offering these options are:

• Microsoft Outlook
• Mozilla Thunderbird

Microsoft Outlook uses what they call a digital ID, which is essentially a personal security certificate for your email that gets sent to the email recipient for encryption along with your message.  If the recipient does not have your digital ID, they cannot read your encrypted emails (although you will be given an option to send it in unencrypted formatting in this case).

Mozilla Thunderbird makes use of an add-on called Enigmail in order to facilitate encrypted email sending and receiving.  Once Enigmail is installed on your Thunderbird client, then it can and will automatically encrypt, decrypt and manage all encryptions keys for you, making it a very simple option for those who just want the basics. It can be expanded upon by also downloading GNUpg which allows for further cryptographic functions.

There are other email clients also offering similar features.  However these two are the easiest and most straightforward to configure on your own without having to call your local techy friend for help.  If you wish to go ahead and plunge in deeper, by all means do so, but make certain that you read the manual: incomplete or incorrect security is about the same as no security.

Don’t want to bother with encryption? There are other ways.

Without encryption you will always lose some information to easily readable sources.  However, if for some reason you do not want to engage in encryption use, here are some suggestions on how to keep yourself as safe as possible.

• Make absolutely certain that you have two different email addresses. Use one for a small list of well-known friends and associates and the second email address for mailing lists and other more open forum email and subscription mail.
• When creating your personal email, keep it simple and professional such as using your first initial and your last name.
• When creating your public email do not use any kind of personally identifiable information.
• When emailing back and forth, do not send any information that you do not wish to be read by everyone on the World Wide Web at any time. This includes; names, addresses, phone numbers or passwords.
• Do not open email from sources that you have any reason to be wary of.
• Again, use an antivirus program that offers email scanning.
• For goodness sake, do not send personal email from a work email address.  More often than not, these email addresses are monitored by your company and their contents can get you in trouble!  This is more a precaution on their part than a danger on yours, as they usually have plenty of security procedures in place on their end as well.  Still, this danger potentially takes the form of unemployment.  If anything, learn from your employer’s security procedures, and consider implementing the same thing on a personal level.

If you follow these steps, you should be able to keep yourself relatively safe while emailing.

It’s privacy, and it’s personal

In the end, only you can decide how much encryption is comfortable for you to use.  Privacy is a personal matter and must be seen to in accordance with personal comfort levels.  More privacy is more secure, but it is also more work.  How much work you want to do is up to you.

There are people out there whose entire computer systems and networks are encrypted. They often do not do so for any reason other than they can, and that they enjoy that level of privacy not because they have something to hide. There are those who will only encrypt their emails and be happy with that.  Then there are those who trust their firewalls and antivirus programs to do their jobs and keep them safe. Whatever you choose, just be aware of the basics of how email security works, and you should be able to find the comfort level that’s right for you.

Related posts:

• Top 5 Email Clients for Windows
• The Disadvantages Associated With POP3 Email
• The Importance of Email Security
• Introduction to Exchange Hosting
• Top Tech Gifts Under $100
• The Resurgence of Apache
• Guide to Choosing a Free Dedicated Email Client for Windows
• Spam Assassin – Your Savior From Spam
• SharePoint’s Affect on Information Management
• Top 5 Cloud Storage Service Providers

Closed Networks

Most networks will be a closed system of one flavor or another. It can be a home network where a user does personal banking or a telecommuting employee whose laptop is like the best friend and travelling companion. The most common example of a closed network is a home network or a small organization or company network. It is those that we will be focusing on in this article. When configuring this setup, the most effective point of security will be the access point itself. Through the access point, there is access to options that will govern how information is sent and received and at what level of encryption. There are a few options available to ensure this; some are more effective than others. There are some methods of network protection like WIPS that will require more physical hardware.

They are:

• MAC address screening
• Using a Wireless Intrusion Prevention System
• Use of a Captive Portal
• Use of a secure VPN

MAC Address Screening

The best option is to require MAC address screening and to disable ESSID broadcasting entirely. The combination of these two precautions makes the network connection itself difficult to detect by outsiders let alone to initiate information theft. This option does not require the purchase of additional hardware or software and is configurable through the router gateway itself. This is the most popular choice and will be the option that most people require without additional steps. There are those individuals and organizations whose networks require more security though and the following options are available to them. Most often these options below are used by those who conduct work from home or for those who telecommute and may be anywhere in the world.

Use of a Wireless Intrusion Prevention System

In a nutshell, a wireless intrusion prevention system (also known as WIPS) is simply a network device that scans the wireless signals for unauthorized access point and then begins the process of locking them down and sending a notification through an instant messaging (IM) system or a pop-up or page to the currently on duty network administrator. This is an additional piece of equipment and the cost can vary from couple hundred dollars to many thousands, depending on the size of your network. Most private residences and networks will not have this protection unless they tend to work from home and are in a high security IT-related field.

Use of a Captive Portal

This is a fairly common approach taken by small businesses who either offer wireless access for its customers only, or for those who sell wireless access by the hour, day, week etc, like hotels. A captive portal turns the web browser into an authentication site that all traffic is driven to before having access to the entire network in order to provide authentication through a guest password, receipt number or payment type and only when those forms of identification are met, will a user have access to the entire network. This security will most often be seen at hotels, coffee shops and other places where customers might spend a usable amount of time with their laptops while enjoying the location they are at. Many city parks now have such wireless access, in fact.

Use of a Secure VPN

The use of a virtual private network, or more commonly called a VPN, is found most often with telecommuting workers who need access to the company’s entire network and applications, but on a secure line. Think of a VPN as a secret passage way through the World Wide Web, which protects the user from eavesdroppers and those who would virtually pick your pockets by stealing bits of private and valuable data while the user exchanges information between your network and your personal mobile computer.

In the past, companies would spend lots of money to lease telecommunications lines in order to ensure that their network was shut off from the internet. With the resurgence of VPN (for it is decidedly much not new technology) companies have the option to cut costs significantly, take some of the weight off of their likely over-worked IT network administration team and offer their workers a bit more in the way of flexibility when it comes to the location in which they choose to work.

When all is said and done, network security is becoming one of the world’s hottest topics because of how fast technology is moving along. In some cases, it is developing faster than there are ways to be found to protect one’s self from the privacy shredding changes that are being made. From cell phones having tracking and GPS abilities that make your information available to the manufacturer to programs that track your usage under the guide of a “customer experience improvement” program, there is no dearth of new learning available for those who choose the career of network security professional. There is also much to learn for the small corporate and home users.

When choosing a method of wireless security for a closed wireless network, the options are out there. Making certain that the settings are correct and hardware is installed right should fall to a network security professional. This will ensure that slight mistakes do not make your network open to those who would relish the secrets that your network will share with its users. Once implemented, you can be rest assured that the information shared on the network will remain safe, and out of the hands of those who are no better off than they should be.

Related posts:

• No Related Post

In the Beginning:

Tor was once an acronym standing for “The Onion Router” which was a reference to how the program layered and encrypted the users on the network; it became its official name in early 2006.  Tor began as a project of the United States Naval Research Laboratory for reasons that to this day are shrouded in mystery.  When it came to be funded through the Electronic Frontiers Foundation (EFF), it ceased to be a military endeavor and took its first breaths as an independent project.  It is currently run by “The Tor Project”, an educational 501c3 devoting its time and services to developing a web browser designed to preserve anonymity on the Internet.

The gritty details

Let’s get a little more technical and see how this works.  Tor protects the user by taking the outgoing signal and bouncing it through various relays across the globe. In order to do this however, one must download and install a Tor browser package which is available on the Tor Projects homepage.  The browser itself is very pared down and as no-nonsense as it gets, allowing no scripts to come through that you do not by hand approve and no cookies to be saved so that your information remains private.

When you visit a website, it sends out the signal to the first relay and that relay encrypts it which sends it along to the next for further encryption, and so on.  By the time it reaches its destination, often hundreds of relays have been used to get there.  This still usually happens in a matter of seconds, making Tor browsing not that much slower than using your normal services.  The browser itself is set up to access a different type of web page called an “unindexed site” or a “hidden service”:  these are web sites that are invisible to everyday search engines.  They achieve this by using public encryption keys and 16 character hash tags followed by the pseudo-top level domain marker “.onion”.

Doesn’t make sense?  That’s the point: to most browsers, it’s not supposed to.  Normal web browsers cannot decrypt the information produced by a .onion service or page.  When a user starts the Tor/Onion browser and enters in a .onion domain address the information going forward to the first relay gets encrypted and sent forward to the next relay.  Because the next relay in the line cannot tell from where the incoming connection came, the user is effectively protected from any attempt at traffic analysis.   Even if someone could either decrypt one node or get some legal order to release the data, it’s one of dozens or hundreds of nodes.  In summary, the traffic is effectively impossible for anyone to trace, even the people who themselves take part in it.  There’s literally not a single person on the planet who could trace a request made through Tor.

Oooh, this is intriguing!  What can Tor be used to reach, then?

In a word: anything.  This is the Internet unchained, the picture that many of you probably had of it when you first heard of it.  This also includes all of your “normal” sites, though naturally browsing Sesame Street is not going to be the first idea that comes to mind.  What does come to mind is all of the stuff that you imagined must exist somewhere out there on the Internet, if only you knew how to find it.

It is at this point, then, that we have to issue more than just a typical warning, and state that there is no, we repeat, no endorsement of any activity through this article.  Truthfully, we know a lot of you will be naughty.  That’s the reality, and we can’t stop it, no matter how stupid it might make you.  But we can tell you that these things are underground for a reason.  You investigate any of this at your own risk, and that’s not a risk we want to see any of you take.  Are we all clear?

Tor in the News and the future of anonymous usage

The development of Tor is not an isolated phenomenon.  While it may have been a military project initially, it’s still true that there is a higher push for privacy on the Internet as time goes on.  Tor is a somewhat accidental response to it, but it’s nonetheless one that answers this call.

That being the case you would think that Tor would be in the headlines more.  It has instead attracted oddly little attention.  A branch of the collective Anonymous used it recently to infiltrate a child pornography web site.  It was the subject of governmental ire for giving access to a network that they couldn’t reach (ironic, no?).  It was also cited as a tool that was used by Egyptian rebels in their recent insurrection.  Despite these isolated incidents, though, this pathway to the electronic underground remains mostly as invisible as the sites that it accesses.

It’s hard to say what this all means.  One thing we can say is that the technology is solid.  One renowned security expert accessed a black market selling just about every manner of illegal goods, to try to find a security weak point anywhere whatsoever in the process.  Shockingly, he could find none.  Think for a moment about what that would mean if that were to remain the case and become more publicly known.

There’s really only about one thing we can say for certain regarding the future of Tor and its relationship to web security: it’s going to be mighty interesting.

Related posts:

• Facebook and Privacy: A Strain too Great?
• Competition in Social Networking: The Rise of Google+ and the Status of FaceBook
• Securing FTP Connections
• Benefitting From VPS Hosting