Protecting Your Workplace: 10 Anti-Virus Rules

Regardless of how one makes his or her living, computers and the Internet are becoming an increasingly important part of our daily professional lives. When it comes to protection against viruses, worms and Trojans, there is little real difference between the needs of an accountant, a an entreprenuer, a tradesman or any other professional working with a computer. No matter what the work, the fact remains viruses and other malicious code can be enormously destructive to the vital information and the computing systems that individuals and businesses rely on for their success.
Despite all the advances in anti-virus technology, malicious code remains a constant threat. However, if users learn these fundamental rules, and follow them diligently, they can rest assured that they will as well-protected as possible.

Rule 1: Update your anti-virus program regularly
Anti-virus scanners are only able to detect and delete a computer virus that is found in its anti-virus database. (There are anti-virus programs that are capable of identifying and deleting recently developed viruses that are not described in the current edition of the anti-virus database. However, even this is not enough to ensure absolute protection from computer viruses.) That is why it is very important to update your anti-virus database regularly. The more often you update the database, the more viruses your anti-virus software will be equipped to detect, and the more securely protected your workplace will be. The best solution is to update your anti-virus software on a regular basis, either weekly or daily.

Rule 2: Do not open unexpected attachments
Increasingly, viruses are sent as attachments to e-mails. This is a particularly insidious method of transmission because often people will open attachments that have been sent by acquaintances, co-workers, or friends, only to find that the attachment is in fact a virus. As a result, the best rule for protection is to never open an unexpected attachment. Sadly, this rule even applies to attachments sent by otherwise trusted sources, such as friends and family. Attachments sent by your trusted parties may be infected without their knowledge. More importantly, your acquaintance's computer may have been used by another person without their permission.
Users should never open attachments with executable files, which carry the .EXE file extension. No less important is the fact that files with "absolutely safe" formats may also contain viruses. If you think that files with the extensions .PIF, .GIF, .TXT cannot carry malware, you are mistaken. Even these formats can hide a virus. Better yet, do not execute any attachment until it has been processed by your anti-virus scanner.

Rule 3: Limit the number of people that are authorised to use your computer
Ideally, you should be the only person to use your computer. However, if this is not possible, you should assign limited access rights to others using your computer, clearly defining which operations may be performed by them. This is especially true if people are likely to be using mobile media, such as floppy disks and CDs, in your machine.
The only way that you can truly control the security of your computer is to know who has been using them, what they have been using them for, and how they have been using them. If you follow each of these ten anti-virus rules, you can be reasonably sure that your risk of infection is acceptably low; however, another user on your computer may not follow the necessary rules of security, in which case, he or she will be placing your computer and your vital information at risk of infection.

Rule 4: Install patches for the software you use in a timely manner
There are viruses that exploit 'holes' or vulnerabilities in operating systems and applications. Anti-virus programs are generally able to protect you from this kind of 'malware' even if you have not installed the appropriate patch for that vulnerability. However, it is still recommended that you visit your software manufacturer's Web site regularly to download and install new patches in a timely fashion. Remember, the less weaknesses that exist in your defences, the more secure your system will be.

Rule 5: Always scan floppy disks and CDs for viruses before using them
Despite the fact that approximately 85% of all registered cases of computer infection are transmitted through e-mail, we should not ignore the traditional transport for malware: the mobile media (diskettes, compact disks, etc.) Floppy disks and CDs offer an opportunity for viruses to be carried from an infected machine around the defences of another machine, exposing it to subsequent infection. Users should always check these external media for viruses before using it on their computers. It is a simple, straightforward procedure to scan a disk with an anti-virus program. It takes just a few seconds, and can save hours of aggravation.

Rule 6: Be careful with software, even from a credible source
It is not just pirated software that may be infectious. Sometimes even licensed CDs with software from well-established, credible vendors may contain viruses. As well, software downloaded from Internet may carry a virus. You may be certain that the site you are visiting is virus-proof, since a very famous software or hardware company owns it. But it may not be. Sometimes, mistakenly, these sites offer infected software to their visitors. Users may recall the case when Microsoft's site, for several weeks, contained a Word document that was infected with the macro-virus called Concept.
Another source of infection may be a computer that has been taken in for maintenance that may be returned to its owner with a hard drive that is infected with a virus. As a rule, repair shop technicians use the same diskettes to install software and test the hardware of all computers being serviced. In this way, viruses may be transferred from one computer to another. So, if you have just had your computer in for servicing, remember to check it for viruses.

Rule 7: Combine various anti-virus technologies
Do not limit your anti-virus protection to an anti-virus scanner, which can be started manually or automatically by the built-in task scheduler. There are a number of other technologies that, if applied in combination with an anti-virus scanner, can ensure the anti-virus protection of your data. These technologies include:

1. Anti-virus monitor: a memory-resident program that checks all your files before they are opened, executed or installed in real time;
2. Integrity checker: checks files, folders and disk sectors for any modification that may indicate a virus infection and informs the user of any such occurrence;
3. Behavioural guard: searches for viruses, not according to their unique code, but according to the sequence of their actions.

A combination of anti-virus technologies as described above can successfully protect your computer against any kind of malware.

Rule 8: Create a virus-free start-up disk for your computer and keep it in a safe place

Sometimes an infected computer cannot be started. This does not mean that a virus has deleted data from your hard drive; it only means that your operating system cannot be loaded any more. To solve this problem, you should use a virus-free start-up diskette containing an anti-virus program that has been developed for your operating system. This diskette will help you to start your computer and delete any viruses in your operating system.

Rule 9: Back up your files regularly

Although this rule will not protect against virus infection, it will allow you to protect your valuable data in case your computer becomes infected (or, as an added bonus, if you have any other problems with your hardware). Whether or not it was a virus that caused your system to malfunction, the only thing that matters is that unless you back up important data, you may lose years of hard work. That is why it is advisable to back up your most valuable data using external media, such as diskettes, MO disks, magnetic tapes, CDs, etc. In this case, whatever might happen, you will always be prepared. (For added protection, the back-up copies should always be stored in a separate location away from the working copy. That way, in case of fire, or other destructive occurrence, the back-up copy will still be safe.)

Rule 10: Do not panic!

Viruses are computer programs, just like the Windows Calculator or NotePad. The only difference is that viruses can replicate themselves, penetrate files computer systems and network resources, causing them to perform tasks as dictated by the virus without a user's permission. Viruses are created by ordinary people and do not have any supernatural attributes. Much more dangerous is your reaction to a virus; i.e., you may panic and make hasty decisions trying to disinfect your computer.

If you believe your computer contains or is infected by a virus, you should do one of the following: if you are a corporate network user, you should immediately contact your network administrator; if you are working at home, make sure to contact the company that sold you the anti-virus program. You must allow professionals to remedy the problem. After all, that is their job, and it is a service for which you have paid.

Furthermore, as part of a comprehensive information security policy, you should have a pre-established procedure that you can fall back on in case of a suspected infection. This will give you a framework to follow that will minimize the potential for panic and, consequently, minimize the damage that a virus can inflict on your information.

Some may find this to be an exaggeration of the danger; however, in practice, caution is mandatory for the safety of your computer and the vital information that is stored on it. Fortunately, steps can be taken to minimize the risks that are inherent in using computers. While, it would be negligent to suggest that anyone who uses a computer is ever 100% safe from malicious code, by following these ten anti-virus rules, users can protect themselves, as much as possible, against all types of viruses.

A Brief History of The Worm

The first active Internet worm that required no human intervention to spread was the Morris worm released in 1988. It spread very rapidly, infecting all vulnerable machines in a matter of hours. Most recent active worms use the techniques pioneered by Robert Morris. The Morris Worm infected multiple types of machines (Sun 3s and VAXes), attacked multiple security holes (including a buffer overflow in fingerd, debugging routines in Sendmail, and password cracking), and used multiple streams of execution to improve its throughput when attacking other machines.

Although intended to be a benign proof of concept, the Morris worm had a significant impact due to a bug in the code. When it reinfected a machine, there was a fixed chance that the new infection wouldn't quit, causing the number of running worms on a machine to build up, thereby causing a heavy load on many systems. Even on a modern machine, such bugs would have a similar effect of overwhelming the system. This caused the worm to be quickly noticed and caused significant disruption. Most subsequent worms have mechanisms to prevent this from happening.

In 1996, the first Word macro virus appeared and became quickly widespread. This was due to two reasons: the far greater tendency for people to exchange documents, as opposed to executables, and the accidental inclusion of the virus on at least two Microsoft CDs. For the most part these were just annoyances, but they showed how the blurring of data and programs could create fertile ground for mobile code.

All this changed in 1999 when the Melissa worm appeared. Unlike previous macro viruses, this one would spread in a semi-active manner. When an infected file was opened for the first time, it looked through all Outlook address books and sent a copy of itself to the first 50 individuals. This was the first major e-mail worm and it quickly spread around the globe. The Melissa worm clearly illustrated the dangers of mixing code and data: items perceived by the user as benign data could contain malware.

After Melissa, mail worms have become annoyingly common, complete with toolkits. There have been some improvements in social engineering (ILOVEYOU and AnnaKornikova showed how proper subject choice can make a difference in the successful proliferation of a worm,) more comprehensive searches for new addresses, included SMTP routines.

Active worms have recently returned to prominence. The first one that attracted major attention, Code Red, demonstrated how swiftly a relatively simple worm can spread on the current Internet infrastructure: it effectively achieved complete infection in a little over twelve hours, even with the aborted early release of a buggy version. Code Red exploited a recently discovered (but patchable) buffer overflow attack in Microsoft's Internet Information Server.

Code Red 2 ended up being significantly more disruptive then Code Red even if the change in infection strategy was relatively mild. Instead of searching only randomly selected addresses, Code Red 2 preferentially probed for machines on the same subnet and nearby subnets. As a result, once a single machine within a corporate firewall was infected, it would quickly probe virtually every machine within the firewall and since it was attacking an on-by-default service, Code Red 2 quickly infested entire corporate networks.

Nimda
The latest worm of note, Nimda, did not really bring anything new to the table. It simply resurrected the idea of multimode operation: it was an e-mail worm, it attacked old bugs in Explorer and Outlook, spread through Windows shares, and an old buffer overflow in IIS. It also borrowed Code Red 2's preference for logically adjacent IP addresses in its scanning routines. The net result was a highly virulent, highly effective worm that revealed that several old bugs can be used even if each hole is patched by most machines: one needs all patches and vulnerabilities closed to stop a Nimda-like worm. Such a worm is also somewhat easier to write, as one can use many well-known exploits to get wide distribution instead of discovering new attacks.

The biggest lesson from both Code Red and Nimda is the sheer speed with which these fairly simple active worms can spread. By the time humans detect the presence of worms on the Net, through firewall activity or probes of monitoring IP ranges, they may well have spread worldwide.

Minimizing the Spread

The best way to defend against worms is obviously to prevent infection - once a single machine within a local subnet is infected it may be too late. One obvious defense is diversity, using less common operating systems and servers. Assuming there is no way to directly find vulnerable machines, the rate at which a worm spreads is directly proportional to the number of vulnerable hosts. This is because with fewer potential targets any given random probe is less likely to find a vulnerable machine, limiting the rate of spread. Thus, if one only has a few machines open to the wide internet, using a less common (i.e., non-Windows) OS offers an advantage, as there are less likely to be worms written for less common platforms, and those which are created will spread more slowly.

For example, Linux has had it's own fair share of worms, such as Ramen, Lion, and Cheese. But since the Ramen worm only attacked Red Hat 6.2 and 7.0 systems, it couldn't spread very fast when compared to Code Red, simply because the odds of any particular scan finding a vulnerable target are so much lower when compared to Windows worms. As an additional side benefit, most attempts to construct a worm for the purpose of wholesale information terrorism will target the most common platform, currently Windows, to increase the spread and damage done.

Firewalls are also essential to prevent both active worms as well as human intrusion. But external firewalls are not sufficient for larger institutions. With multimode worms like Nimda and local scanning worms such as Code Red, it becomes critical to split large internal networks with internal firewalls. Such a design is akin to how ships are designed with watertight compartments, the result being that a single intrusion should not allow a worm free reign in the corporate network.

Similarly, all executable content which crosses the firewall should be regarded as suspicious, especially e-mail. All macros and programs sent in e-mail should be quarantined to prevent future mail worms from spreading. There should be severe limits on what is allowed to cross firewalls, with a general attitude of "that which is not explicitly allowed is forbidden." If available, operating system options which only allow cryptographically signed code should be exercised, executable stacks should be disabled, and bounds-checking modifications should be used at all times.

Finally, there needs to be continued development of firewalls and anti-virus systems that detect and autonomously respond to new attacks. Since new viruses can spread much faster than humans can respond, the defenses need to be automated. Pure pattern matching methods, suitable against file and macro viruses or human-run exploit scripts, are not sufficient to defend against worms because worms can spread faster than updates are created. For the same reason anti-worms are not generally effective since by the time an anti-worm is ready for release it will be far too late.

Conclusions
Once a system is infected, there is not much that can be done to mitigate the damage. Regular backups are critical, as a malicious worm could easily overwrite or corrupt the existing data. Any reflashable BIOSes should be write-protected while software control of voltages, overtemperature set points, and clock rates should be disabled to prevent a malicious program from stressing a CPU through overtemperature and overvoltage conditions. Machines containing particularly sensitive information need to be completely isolated from the Net to prevent a SirCam-style worm or determined hacker from extracting information.

Social networking spam on the rise

Four out five social network users have received unwanted 'friend' invitations, messages or postings over the past year, new research suggests.

Messaging security firm Cloudmark said that this rise in 'spam' threatens growth and membership retention at the popular networking sites.The attacks work in much the same way as traditional email spam in that they target users with unsolicited product messages or attempt to redirect them to a phishing site or one hosting malware.Users have reported receiving an average of 64 unwanted communications in the past 12 months, and 37 per cent have noticed an increase in the number of unwanted messages in the past six months."The results of this survey should be of concern to social network operators and users," said Neil Cook, vice president of technology services at Cloudmark in EMEA.

"Social networking sites need to be concerned about the proliferation of spam and phishing attacks and the impact it could have on their ability to grow and retain members.
"Social networking providers must address the security issue head-on or risk declining usage and revenues."
Although not nearly as big a problem as spam email, two-thirds of users said that they would consider switching to another social network if they received a lot of unwanted messages.
Figures suggest that nearly half of the online adult population has at least one social or professional networking website account.

Common Mistakes By Web Designers Forms

A call-to-action is often the most important thing on a website. You want the visitor to do something and many times that something is to email you. Back in the day, web designers could just publish an email address on the site.

However, this led to problems with spam filtering and limited the visitors that used web-based email services. Most often, when a visitor did send an email, it contained very little detail. These problems can now be resolved by implementing a contact form, instead.

Contact forms allow the website visitor to fill in as much information as you require of them. Then, the user simply hits the Submit button and the form data is sent directly to your email address. Currrently, forms are a website must-have to get a response from site visitors. Many web designers, however, overlook critical issues and make common, yet costly mistakes.
The Thank You Page
There have been countless times where I have submitted a form and was taken back to either the homepage or an ugly page that showed only the form output. Be sure to create a response page that matches your website template. A Thank You page should also tell the user that the form was submitted successfully and when to expect a reply. Keeping the user informed should be a top priority.
Form Validation
It is terribly annoying when I submit a form and am presented with an error page that tells me to hit Back and fill out fields that I left blank. Be sure to use JavaScript or AJAX to provide validation when the form is submitted on the original form page. This way the user isn’t directed to a page telling them to hit the Back button. Alternatively, you can perform server-side validation that will take the user back to the form page and explain what areas need to be corrected so that the information can be successfully submitted.
CAPTCHAs

Spam control is important when it comes to contact forms. There are numerous types of auto submission software that will post random bits of information on contact forms. Many are setup to post comments on blogs to advertise their products or to gain backlinks for search engine ranking purposes. This is where a CAPTCHA comes in handy. A CAPTCHA is a puzzle that will check to see if there is an actual human being on the other end submitting the form. These “puzzles” can range from words to simple math equations.
Hijacking Prevention
A majority of online contact forms can be hacked and used for evil purposes. Hackers can change the recipient, who the email is from and the message of the email. The spam sent using a hacked form can be traced back to you, which could result in your web host kicking you off their servers or even lead to a legal dispute. Make certain that your form processing has filters that will detect, prevent and notify you when a form hijacking has occurred.
Testing Out The Forms
Testing is one of the most overlooked things when it comes to contact forms. I have seen web sites with absolutely fantastic designs, but contact forms that do not work. It’s not unusual for a designer to check a form in only one web browser. More often than not, the form code may be poorly written and interpreted differently in other web browsers. Test, test, test.
Print Only Forms
Some inexperienced web designers have no clue how to make a contact form work or how to prevent hijacking and spam attacks. So, they create a form just for printing. Do you think that any online visitor will visit a site, fill out a form, print it out and send through regular mail?
Missing “Submit” Buttons
Have you ever filled out a long contact form only to find out that there are no “Send” or “Submit” buttons for it? This frustrates visitors and doesn’t give them a good reason to return. It’s shocking to know that one of the most important parts of a form can be one of the most overlooked. Prevent this by thorough testing.

In the web world, contact forms are a necessity. but common mistakes that web designers make when it comes to forms happen every day. So let’s review: make sure your forms have “Submit” buttons, don’t make your form print-only, thoroughly test forms in different browsers, make sure that your form processing has hijacking prevention, use CAPTCHAs to kill spam, provide on-page form validation and always supply the user with a “Thank You” or confirmation page.
By correcting these ever so common mistakes, you can ensure a better web site performance for you and a better experience for your visitors.

10 Tips for Wireless Home Network Security

The recommendations below summarize the steps you should take to improve the security of your home wireless network.

1. Change Default Administrator Passwords (and Usernames): At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.
2. Turn on (Compatible) WPA / WEP Encryption: All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.
3. Change the Default SSID: Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.
4. Enable MAC Address Filtering: Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
5. Disable SSID Broadcast: In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.
6. Do Not Auto-Connect to Open Wi-Fi Networks: Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.
7. Assign Static IP Addresses to Devices: Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.
8. Enable Firewalls On Each Computer and the Router: Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
9. Position the Router or Access Point Safely: Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
10. Turn Off the Network During Extended Periods of Non-Use: The ultimate in wireless security measures, shutting down the network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline.

5 Easy Steps to protect u from Spyware

Computers on the Internet are almost constantly bombarded with viruses and other malware- so users employ antivirus software to protect themselves. Email inboxes are constantly flooded with pathetically useless spam- so users employ anti-spam programs and techniques to protect themselves. As soon as you think you have things under control you find out your system has a myriad of spyware and adware programs silently running in the background monitoring and reporting on your computer activity.
The more benign spyware and adware simply monitors and tracks your the sites you visit on the web so that companies can determine the web-surfing habits of their users and try to pinpoint their marketing efforts. However, many forms of spyware go beyond simple tracking and actually monitor keystrokes and capture passwords and other functions which cross the line and pose a definite security risk.
Below are 5 easy steps you can follow to try to avoid and, if not avoid, at least detect and remove these programs from your computer system:

1. Be Careful Where You Download: Unscrupulous programs often come from unscrupulous sites. If you are looking for a freeware or shareware program for a specific purpose try searching reputable sites like tucows.com or download.com.
2. Read the EULA: What is an EULA you ask? End User License Agreement. It's all of the technical and legal gibberish in that box above the radio buttons that say "No, I do not accept" or "Yes, I have read and accept these terms". Most people consider this a nuisance and click on "yes" without having read a word. The EULA is a legal agreement you are making with the software vendor. Without reading it you may be unwittingly agreeing to install spyware or a variety of other questionable actions that may not be worth it to you. Sometimes the better answer is "No, I do not accept."
3. Read Before You Click: Sometimes when you visit a web site a text box might pop up. Like the EULA, many users simply consider these a nuisance and will just click away to make the box disappear. Users will click "yes" or "ok" without stopping to see that the box said "would you like to install our spyware program?" Ok, admittedly they don't generally come out and say it that directly, but that is all the more reason you should stop to read those messages before you click "ok".
4. Protect Your System: Antivirus software is somewhat misnamed these days. Viruses are but a small part of the malicious code these programs protect you from. Antivirus has expanded to include worms, trojans, vulnerability exploits, jokes and hoaxes and even spyware and adware. If your antivirus product doesn't detect and block spyware you can try a product like AdAware Pro which will protect your system from spyware or adware in real time. One of the best free Anti-spyware that I have used is "Spybot - Search & Destroy" made by Safer Networking Limited.
5. Scan Your System: Even with antivirus software, firewalls and other protective measures some spyware or adware may eventually make it through to your system. While a product like AdAware Pro mentioned in step #4 will monitor your system in real time to protect it, AdAware Pro costs money. Scan your system periodically and also keep your Anti-Spyware Up-to-date.

Security Threats to Your Email Communications

This section describes many of the common security problems involved in communications and email in particular.

Eavesdropping: The Internet is a big place with a lot of people on it. It is very easy for someone who has access to the computers or networks through which your information is traveling to capture this information and read it. Just like someone in the next room listening in on your phone conversation, people using computers "near" the path your email takes through the Internet can potentially read and copy your messages!

Identity Theft: If someone can obtain the username and password that you use to access your email servers, they can read your email and send false email messages as you. Very often, these credentials can be obtained by eavesdropping on SMTP, POP, IMAP, or WebMail connections, by reading email messages in which you include this information, or through other means.

Invasion of Privacy: If you are very concerned about your privacy, then you should consider the possibility of "unprotected backups", listed below. You may also be concerned about letting your recipients know the IP address of your computer. This information may be used to tell in what city you are located or even to find out what your address is in some cases! This is not an issue with WebMail, POP, or IMAP, but is an issue when sending email, securely or insecurely, from any email client over SMTP.

Message Modification: Anyone who has system administrator permission on any of the SMTP Servers that your message visits, can not only read your message, but they can delete or change the message before it continues on to its destination. Your recipient has no way to tell if the email message that you sent has been altered! If the message was merely deleted they wouldn't even know it had been sent.

False Messages: It is very easy to construct messages that appear to be sent by someone else. Many viruses take advantage of this situation to propagate themselves. In general, there is no way to be sure that the apparent sender of a message is the true sender - the sender's name could have been easily fabricated.

Message Replay: Just as a message can be modified, messages can be saved, modified, and re-sent later! You could receive a valid original message, but then receive subsequent faked messages that appear to be valid.

Unprotected Backups: Messages are stored in plain text on all SMTP Servers. Thus, backups of these servers' disks contain plain text copies of your messages. As backups can be kept for years and can be read by anyone with access to them, your messages could still be exposed in insecure places even after you think that all copies have been "deleted".

Repudiation: Because normal email messages can be forged, there is no way for you to prove that someone sent you a particular message. This means that even if someone DID send you a message, they can successfully deny it. This has implications with regards to using email for contracts, business communications, electronic commerce, etc.

Tips/Advice for preventing misuse on Orkut

1.Don’t write your personal contact numbers anywhere on Orkut You might wish to give your personal contact details (phone number, email address etc) to someone but avoid posting it in scrapbook as it’s public. You can send it using the “write message” which is private to a user.
2.Avoid uploading your personal photographs in album.
3.Validate person’s identity before you add him/her as your friend .
4.Make sure the testimonial written for you comes from genuine person and the text is ok before you approve it.
5.Although keeping the scrapbook clean is a good habit, but people like to keep the scraps but make sure you delete scraps that contains info you don’t like others to read, contain your personal information, contain friends personal information etc.
6.As cloning and fake profiles are on rise, make sure the profile is genuine before you add him/her as your friend.
7.Some companies may have policies that restricts employees from posting company name or confidential details anywhere on the web, obey them.
8.Don’t just join any community, make sure it’s authentic and you really need it.
9.Last but very important, Don’t run behind the numbers, you are not contesting on orkut, are you? nobody cares for how many friends are there on your list or how many scraps you have or how many communities you have joined. Remember more the number more unsafe you are on the orkut.

7 Tips on How to Protect Yourself Online

Any time you connect to the Internet you are vulnerable to cyber attacks. Hackers can steal your credit card numbers, tax records and passwords, or even completely disable your PC. Follow these tips to help avoid problems:

1. Create smart and strong passwords. Make it difficult for hackers to crack your password. You can create a smart password by incorporating capital letters, numbers, and special characters, and using more than six characters. An example of a strong password is: Go1dM!n3.
2. Use email wisely. Email is a great way to keep in touch with friends and family, and as a tool to conduct business. Even if you have good security software on your PC, however, your friends and family might not have the same protection. Be careful about what information you submit via email. Never send your credit-card information, Social Security number, or other private information via email.
3. Be smart when using instant messaging (IM) programs. If you use an IM program to communicate with friends and family, be careful about sending any personal information through online communications. Protect yourself by using a nickname for your IM screen name, so your name isn’t identified through IM. Never accept strangers into your IM groups. Be smart about how you use IM at work because your employer has the right to monitor and view your messages.
4. Shop safely. If you plan to order from an online store, be sure that the Web site uses secure technology. Check the web site’s home page to be sure they have a “HackerSafe” logo with the current date under it. When you are at the checkout screen, verify that the Web address begins with https. Also, check to see if a tiny locked padlock symbol appears at the bottom right of the checkout screen, or that there is a statement on the checkout screen stating that the pages are secure with a security technology vendor. Check that the security technology does exist by checking the security technology company’s web site.
5. Watch out for phishing scams. Phishing scams use fraudulent emails and fake web sites, masquerading as legitimate businesses, to lure unsuspecting users into revealing private account or login information. To be safe, if you receive an email from a business that includes a link to a web site, make certain that the web site you visit is legitimate. Instead of clicking through to the site from within the email, open a separate Web browser and visit the business’ web site directly to perform the necessary actions. You can also verify that an email is in fact from a legitimate business by calling the business or agency directly.
6. Fun and carefree online gaming. Internet games are fun for the whole family. Make sure you are careful when playing online games, especially when communicating with other players. Be sure that your security software still functions when you are in gaming mode.
7. Pay attention to your children’s online activities. Keep your home computer in a community area so that you can monitor their activity. Use child software that is age-appropriate. Limit your children’s time spent online. Install and use parental controls software that allows you to monitor your children’s activity online. This will keep your children from accessing undesirable Web sites and sharing personal information via online communications

Tips to avoid Phishing Attack

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Tips to avoid Phishing Attack

1. Learn to identify e-mail messages that could be scams ( Phishing )

Some characteristics to identify these e-mails:

• Use of names and image of existing companies like PayPal, eBay and other Online banks
• Using the name of a real company employee as the sender.
• Include Internet address that seems to belong to real bank
• They threaten with either financial loss or loss of the account itself. like Dear User. We want to verify your account, so please supply as your username and password. If you don't supply us your details we will close your account

2. Check the source of your inbound message. Your bank will never ask you for your password or personal details via e-mail.

3. Never access a Bank website by clicking on links included in e-mail messages. Even web address that look correct in the e-mail message can be the path to a fraudulent website.

4. Strengthen the security of your computer.

5. Always ensure that you are using a secure website. The web address should begin with https:// and a closed padlock displayed on the status bar of the browser.

6. Regularly check your accounts

7. Phishing websites speaks many languages.

8. Remember: If you doubt ( or slightest doubt ), don't provide any confidential information.

9. Keep updated about the evolution of attack techniques.