China delays rule for Net-screening software

Friendly Computers read that the Chinese government is is delaying the enforcement of internet filtering software. Read below for more details:

 

China has indefinitely delayed enforcement of a requirement that PC makers preinstall Green Dam-Youth Escort software that experts believe would have screened not just Internet pornography but also some online political content.

Green Dam allows users to specify categories of sites to block.

(Credit: University of Michigan)

The reprieve, announced by China's Ministry of Industry and Information Technology, according to reports in The New York Times and the Associated Press, came just one day before the preinstallation rule was to go into effect.

But thus far the reprieve appears temporary: the ministry said the delay will give computer makers more time to comply with the rule, and the government also will continue to equip school and cybercafe computers with the software, according to the New York Times report.

Experts have warned that the Green Dam software poses security risks, and last week, the U.S. Trade Representative protested that Green Dam violates World Trade Organization rules

PC makers had been cagey about their plans to comply with the rule to install the software. Technical and other objections must be weighed against business concerns, and China is a large and growing market. Companies that deal directly with Internet content have been in the hot seat for years, and Google has had to wrestle with new Chinese censorship requirements this month.

 

Source: http://news.cnet.com/8301-13578_3-10275778-38.html?tag=mncol;title

Microsoft's free security beta fills up

Friendly Computers read that Microsoft has already met their quota on free beta security downloads. Read below to find out more:

Well, that didn't take long.

A day after making available a free beta of its Microsoft Security Essentials software, Microsoft has stopped offering new downloads, saying it has reached the number of participants it was looking for, at least here in the U.S. The software maker had said it was only looking to initially have about 75,000 downloads of the product, formerly code-named Morro.

"Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time," Microsoft said in a posting on its Web site. "Please check back at later a date for possible additional availability."

Microsoft Security Essentials is the free product that Microsoft promised it would create last year, at the same time the software maker said it was discontinuing its paid Windows Live OneCare product.

The program hits the antivirus basics, including built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection. It's also similar to other free products on the market, such as those from AVG and Antivir.

Download.com's Seth Rosenblatt contributed to this report.

 

Source: http://news.cnet.com/security/?tag=hdr;snav

Finjan offers free SecureTwitter browser plug-in

 

Most people use social networking sites such as Twitter and Myspace and worry about their account security. Keeping our computers protected is one of the most important things when doing anything online. Friendly Computers found out that there is a new plug in which will scan links and notify you of any potential threats associated with that link for Twitter. Read below for more information:

Finally, there's a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.

Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTwitter that warns users when they encounter a malicious URL in Twitter, as well as in Gmail, Blogger, MSN, social networks MySpace and Bebo, news aggregators Digg and Slashdot, and the Google and Yahoo search sites.

SecureTwitter scans the Web pages that the URLs lead to in real time to analyze the code, as opposed to querying a database of blacklisted URLs, as other safe Web browsing services do, Yuval Ben-Itzhak, chief technology officer at Finjan, said on Thursday.

Green checkmark icons appear next to URLs that are deemed safe and red "X"s for URLs to sites with code that could be a virus, a Trojan, or other malicious program. Yellow question mark icons appear next to URLs that lead to a page that was not available for scanning by SecureTwitter for some reason.

SecureTwitter appears to be the first safe browsing service that scans URLs within applications and not just in search results or browser address bars.

In a quick test of the service I didn't find any warnings for malicious URLs on the various sites, but it did put a yellow question mark next to URLs that appeared at the top of my Gmail page that linked to legitimate CNN articles, for some reason.

I would love to have SecureTwitter warn me about URLs in Facebook, but Facebook requires people to log in to see profiles on the site, which means the company would need people's passwords to access those pages. Since the other sites do not, Finjan could easily scan the URLs on those sites without needing access to private information like log-in credentials, so that's where the company decided to focus their efforts, Ben-Itzhak said.

The service would have protected followers of venture capitalist Guy Kawasaki, whose Twitter feed automatically re-distributed a malicious URL from an un-moderated section of a user-generated news site earlier this week.

It also would protect people against the kind of worm attacks that hit Twitter in April in which people who clicked on the name or image of someone whose account had been compromised by the worm got infected and re-broadcast the malicious message.

And SecureTwitter could protect Twitter users against a clickjacking attack, which also hit the site this year. In these attacks, clicks are basically hijacked and users forced to do things they don't intend to, such as redistribute malicious Twitter updates.

 

Source: http://news.cnet.com/security/?tag=hdr;snav

Guarding against computer viruses

 

Here at Friendly Computers we post a lot about computer viruses. We sometimes forget that not everyone knows exactly what a computer virus is or how they work. Below is an article that helps explain what computer viruses are and how to protect yourself from them:

It has been about 26 years since the creation of the first computer virus. Today, the number of viruses has increased to over 250,000, and each one has the potential to damage your computer and your business — damage that ranges from bothersome to devastating — and can be very costly.
Companies are hit on average with 113 virus infections every month for every 1,000 PCs they own, according to an ICSA Labs survey.
According to a 2006 FBI report on computer viruses, “dealing with viruses, spyware, PC theft and other computer-related crimes costs U.S. businesses a staggering $67.2 billion a year.” Every business, large or small, needs to protect against computer viruses. If you download files from the Internet or share files with outsiders, you stand a chance of getting a computer virus.
How does a business guard against this threat? First, it’s helpful to understand what a computer virus is. A good definition is offered by Amer Neely in “Virus Protection Rx for Your PC”: A virus is a program that attaches itself to other programs and/or disks and makes copies of itself whenever it can. It is vandalism by computer. Most viruses cause damage, either by design or accident; others merely become a nuisance by putting messages on your screen.
The important thing to remember is that someone wrote the program on purpose. Viruses do not appear out of thin air or by accident. In all cases, you will have to scan your hard disk and all your external disks and remove the culprit.
Viruses attach themselves to other files that are “executable.” This means any file that can be loaded into your computer’s memory and “run.” Files ending in .exe, .com, .sys, .dll and .ovr are some common PC extensions for executable files. Image files (.jpg; .gif) are not good hosts for a virus, since they are not executable. Audio files and video files are other “safe” types. A compressed file, such as .zip, by itself is not dangerous, but it may contain an executable file, which carries a virus. If this file is extracted and run, the virus will infect your system.

Basic virus protection

Some common symptoms that could indicate your system is “infected” by a virus are:
• Unusual messages or displays on your monitor
• Unusual sounds or music played at random times
• A changed file name
• Missing programs or files
• The creation of unknown programs or files
• Files that become corrupted or suddenly stop working properly
• E-mails sent out to people on your mailing list or contact list without your knowledge
Don’t wait until you have these symptoms to take action. The consequences could be alarming. Here are some basic tips that you can use immediately to start the fight against harmful computer viruses:
• Keep up to date with critical software patches. The most damaging viruses in recent years have all been spread through software vulnerabilities that were patched at least months, and often years, before the virus was unleashed.
• Don’t open attachments that you did not expect to receive, especially if the person has not signed his or her name inside the message — and do not forward them.
• Delete all messages from unknown origins without reading them.
• Buy a virus protection program and keep it up to date. New viruses are detected and created daily and you must continue to update this software. Download the anti-virus update on a weekly basis.
• Use the latest versions of Web browsers. Virus writers are ingenious in a twisted way. They are always coming up with new attacks, oftentimes exploiting weaknesses in commonly used software. Software developers play a cat-and-mouse game, constantly trying to patch the holes with software upgrades and service releases.
• Set your security settings on “medium” or “high” for your e-mail reader and browser.
• Make sure you enforce a rigid backup schedule. If all of the above methods fail you and your data is gone, you must have a backup to save the day.
Keep in mind that these suggestions are just the tip of the iceberg when it comes to protecting your business from the serious threat of computer viruses. Virus protection should be an integral part of IT planning. Since it can be very complex, it should be handled by knowledgeable, highly trained IT professionals.

Source: http://nhbr.com/apps/pbcs.dll/article?AID=/20090619/INDUSTRY06/306199998/-1/INDUSTRY

New Facebook blog: We can hack into your profile

Friendly Computers read that FBHive, which is a new blog devoted to facebook topics found a crack that could expose users’ general account information. If you use facebook you may want to read this even though the threat has been resolved.

Well, here's an innovative way to get some buzz: FBHive, a new blog devoted to the discussion of all things Facebook, has debuted with the revelation that its creators have discovered a hack that can expose some crucial profile data.

No, it won't expose your personal photos or wall posts. But, FBHive says, it can bring up all the "basic information" that you have entered into your profile, even if you've elected to keep that information private. This is the section that includes location, gender, relationship status, relationships (significant other, parents, siblings), political views, religious views, birthday, and hometown. That's enough to be a problem in the identity theft department, as it could easily expose frequent password hints like dates of birth and mothers' maiden names.

Security holes are nothing new to social networks: last year, Facebook plugged a leak that exposed members' protected photos via the Facebook mobile site, and another hole was discovered about a year ago that exposed members' birth dates.

Admirably, FBHive has not shared the details of the newly discovered hack; more disconcertingly, it said Facebook has done nothing since it alerted the social network to the issue earlier this month.

"We are not malicious hackers, by any means, and our skills are far from advanced," the post read. "We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to (Facebook's) attention, it shouldn't take 15 days to fix."

A Facebook representative said the company is currently "looking into" the matter and will have more information soon.

UPDATE at 11:14 a.m. PT: "We have identified this bug and closed the loophole," an e-mailed statement from Facebook read. "We don't have any evidence to suggest that it was ever exploited for malicious purposes."

Source: http://news.cnet.com/8301-13577_3-10270002-36.html?tag=newsEditorsPicksArea.0

Microsoft's free antimalware beta on the way

Microsoft’s new security suite is well on its way, with a public beta being released on Tuesday. Friendly Computers has more information below…

Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on Tuesday as it phases out its Live OneCare suite in favor of a simpler free consumer security offering.

Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year.

The service works like traditional antivirus products in which client software monitors programs on a PC. When something changes on the computer, such as files being downloaded or copied or software trying to modify files, the system checks against a set of malware signatures in the client program to see if the code matches the signature for known malware. If so, it blocks it from getting downloaded.

If no signature match is found, the system will ping the server-based Dynamic Signature Service to see if any new signatures are available and, if so, it removes the malware. If it appears to be new malware, the Dynamic Signature Service may request a sample of the code in order to create a new signature.

The service updates its anti-malware database constantly and publishes new antivirus signatures to Microsoft Update three times a day, Alan Packer, general manager of Microsoft's Anti-Malware team, said in an interview on Thursday.

"The hope is that people who install Security Essentials and enable auto updates in their Windows configuration will be protected" automatically, he said.

The service also includes new technologies that help protect against rootkits, programs that are designed to hide the fact that a PC has been compromised, and is also designed to run efficiently by scanning when the PC is idle and conserving on memory usage.

If you already have antivirus software installed you probably don't need this service. Security Essentials doesn't detect if you have security software installed but does provide a message upon install that says two antivirus products aren't necessary and could interfere with each other, Packer said.

Microsoft announced in November that it was dropping its Live OneCare service in favor of a slimmed-down free offering designed to encourage more people, particularly those who don't want to pay for it and fear it will slow down their computer, to use antivirus software.

The new service lacks features like managed firewalls, performance-tuning, backup and restore, printer-sharing and multi-PC management that the OneCare service offered.

"We don't see Security Essentials as a direct competitor to other free products and suites," which try to "upsell" users, or get them to eventually pay for a product, Packer said. "We're targeting people who aren't protected" already.

A spokeswoman for AVG, likely the main rival to Microsoft's service, said AVG offers a free Internet security suite that has advantages because it is operating system agnostic and was developed by a company that specializes in security products.

Asked what Microsoft's strategy is for mobile, Packer said he couldn't comment on what the Windows Mobile team is doing.

"In general, the way we look at mobile from a security standpoint is that you are better off preventing the malware from getting on a mobile device rather than trying to run anti-malware or antivirus software," he said. "We haven't targeted mobile antivirus software because we felt that's not the right approach."

Microsoft Security Essentials will be available for download from Microsoft's Web site beginning on Tuesday.

Source: http://news.cnet.com/8301-1009_3-10268040-83.html

That e-mail attachment is not a Twitter invite

 

Friendly Computers wanted to make sure that you were aware of this fake Twitter invite which can infect your computer with a virus. See the information today and be on the lookout for this email in your inbox:

Symantec is warning about a mass-mailing worm that comes in an attachment pretending to be a Twitter invite.

"The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body," a Symantec blog post says. "Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card."

The name of the attachment is "Invitation Card.zip" and Symantec identified it as W32.Ackantta.B@mm, a worm targeting Windows computers that was discovered in an e-card virus attack in February, according to Symantec. The worm gathers e-mail addresses from compromised PCs and spreads by copying itself to removable drives and shared folders.

 

Source: http://news.cnet.com/security/?tag=hdr;snav