There are many bad places on the World Wide Web. And by bad I don’t mean poorly designed Web sites containing pages filled with useless information (my personal Web site would qualify here). I am referring to Web sites that are specifically designed to do bad things to your computer. These so-called malicious Web hosts have but one purpose: to infect your computer with Adware, Spyware and even Malware when you visit their Web pages. There is a lot of money to be made in stealing your private information, tracking what you do on the Internet, and gaining control of your computer. Malicious Web sites are a significant tool used to accomplish these nefarious goals.

I know what you are thinking: “There are a lot of free Spyware and Malware scanners out there. I’ll just use one of those!” Yes, there are many free and low-cost anti-Spyware and anti-Malware programs. However, most virus and Spyware scanners work by identifying malicious software after it has infected your computer (and if you attempt to remove the Malware you can never be sure that it is truly gone). In other words, scanners are reactive to the presence of malicious software on your computer. What you really need is protection that is proactive and prevents the Malware from infecting your computer in the first place. And wouldn’t it be nice if this protection were simple to install, transparent to operate, and be free of charge as well? Have you ever heard of the hosts file?

(more…)

After you installed your first copy of Windows Vista, how long did it take you to realize that you didn’t know the administrator’s password? With me it was about a week before I needed to make some changes in the file system. It suddenly occurred to me that being logged in as administrator might make the User Account Control dialog box go away, but I didn’t know the administrator’s password! What the heck is the Vista administrator’s default password?

Unlike the previous releases of Windows, Windows Vista does not automatically create an Administrator account during installation. The theory is that the typical Windows user does not need to run with administrator privileges. Using a non-administrator account will prevent a Windows user from accidentally deleting operating system folder, files, and registry information, and prevent any Malware infecting the computer from doing the same. However, if you really need to run as an Administrator, you can easily activate the built-in Administrator account yourself.

(more…)

Desktop computer workstations with 64-bit processors are now commonly found in advertisements presented to home and small office computer buyers. Dell is offering 64-bit desktop systems with Intel Xeon and AMD Athlon 64 CPUs. Apple has had 64-bit Power Mac G5 systems for years and now also offers an Intel Xeon-based Mac Pro with four 64-bit cores. Do-it-yourselfers can easily buy 64-bit motherboards for Intel and AMD 64-bit processors from hundreds of vendors on the Web.

There are also 64-bit versions of Mac OS X (10.5), Linux, and Microsoft Windows XP and Windows Vista to run on 64-bit hardware. Software developers are now writing true 64-bit programs that can make full use of the resources of 64-bit operating systems, and not simply rebuilding 32-bit programs with a 64-bit compiler. Power, speed, and capacity for the future are all part of the 64-bit promised for consumers.

But, despite the increasing available of 64-bit technology, do you really need a 64-bit desktop computer?

(more…)

A happy Microsoft Windows Zero-Day Wednesday to you all! Microsoft had released its monthly and ongoing series of updates for Microsoft Windows and applications for May 2007. These updates address a total of 19 security vulnerabilities, including two known zero-day vulnerabilities. The zero-day vulnerabilities involve Microsoft DNS Server and Microsoft Word 2000, and exploits have been verified to be in use or have had proof-of-concepts released to the Internet.

The Microsoft DNS Server zero-day vulnerability involves a stack-based buffer overflow in its RPC interface, which allows remote code execution using the account privileges of the DNS Server. This vulnerability affects Windows 2000 Server SP4 and Windows Server 2003 SP1 and SP2.

The Word 2000 zero-day vulnerability causes Word to crash when performing an undisclosed action, possibly when opening a Word file containing the exploit.

There are also three known remaining zero-day exploits for Microsoft Windows or Microsoft applications that are active but still unpatched. Hopefully, these patches for these vulnerabilities will be released next month.

The remaining updates repair remote execution vulnerabilities in Microsoft Office Applications (Word and Excel), Microsoft Exchange, and an ActiveX control associated with the Windows Cryptographic API. There is also a cumulative security update for Internet Explorers 6 and 7 which also fix several remote code execution vulnerabilities. These patches apply to Windows 2000, XP, Media Center, Vista, and Server 2003.

If you need to know more details about this month’s Microsoft Windows updates or the problems they address, please visit the links below. See you next month!

Microsoft Security Bulletin Summary for May 2007

Microsoft Security Bulletin Summaries and Webcasts

eEye Digital Security - Microsoft Patch Disclosure - May 2007

Network security people have long warned about the dangers of unsecured 802.11 wireless networks. Failing to enable even basic security measures on a wireless network will leave your computers–and your private data–exposed to any wireless hackers that might be in living your neighborhood, or simply driving by your house. So how do you keep the information streaming across your wireless network secure?

The recommendation for many years has been to enable WEP encryption. WEP (Wireless Equivalent Privacy) was the very first security mechanism for 802.11 wireless networks. It provided data privacy by encrypting the data contained within each wireless network packet. WEP provides a greater level of privacy than found on a open wireless networks, and insured that your data could not be “sniffed from the air” by someone using a scanning or packet capturing tool. However, in the present day, it has been proven that WEP itself is not secure–and therefore neither is your WEP-encrypted wireless network.

(more…)