Online Tests

About PC Flank’s tests

You can easily test your system for vulnerabilities to Internet threats with
Flank’s on-line tests. PC Flank’s testing facilities consist of six on-line
tests: Quick Test, Advanced Port Scanner, Stealth Test, Browser Test, Trojans
Test and Exploits Test. As a rule each test takes no more than 3 minutes
depending on the speed of your Internet connection.

Here are the descriptions of each test:

Quick Test

This test shows how vulnerable your computer is to various Internet threats. The
test also determines if a Trojan horse already infects your system and if your
Web browser reveals personal info about you or your computer while you’re web
surfing. This test is a combined version of Advanced Port Scanner, Browser Test
and Trojans Test. The test take less than three minutes. Afterwards you will see
a full report including recommendations on how to improve the security of your
system. This test is recommended to rookie users and users who do not have
enough time to pass all the tests. To start the test click
here.

Stealth Test

With the help of the Stealth test you can determine if your computer is visible
to the others on the Internet. You can also use this test to determine if your
firewall is successful in making ports of your system stealthed. To determine if
your computer is visible on the Internet the Stealth test utilizes five scanning
techniques: TCP ping, TCP NULL, TCP FIN, TCP XMAS and UDP scanning. To start the
test click here.

Browser
Test

This test will check if your browser reveals any of your personal information.
This might be the sites you have visited, the region you live in, who your
Internet Service Provider is, etc. The test will recommend specific settings of
your browser for you to change. To start the test click
here.

Trojans
Test

This test will scan your system for most dangerous and widespread Trojan horses.
If a Trojan is found on your computer the test recommends actions to take. To
start the test click
here.

Advanced Port
Scanner

The Advanced Port Scanner will test your system for open ports that can be used
in attacks on your computer. You can select which scanning technique will be
used during the test: TCP connect scanning (standard) or TCP SYN scanning. You
can also select what ports of your system you want to scan: desired ports or
range of ports, typical vulnerable and Trojan ports, 20 random ports or All
ports. This test is recommended to experienced users. To start the test click
here.

Exploits Test

This test will detect how vulnerable your computer is to exploits attacks. This
test can be also used to test firewalls and routers for stability and reactions
to unexpected packets. Most of the exploits are in fact denial-of-service
attacks and if your system is unable to pass this examination it may crash or
reboot. To start the test click
here.

We recommend 3 main routes of passing PC Flank’s tests. These are “Rookie”,
“Advanced” and “Rush”.

Rookie:
This route is recommended to rookie users. Start from
Quick Test, then
run your system through
Stealth Test
and finish with
Trojans Test
to scan your system for most dangerous and widespread Trojan horses.

Advanced:
This route is recommended to experienced users. Start from
Advanced Port
Scanner
and scan the ports you want to check, then examine your firewall
with Stealth Test,
then check your browser’ privacy with
Browser Test
and finish with sophisticated denial-of-service attacks of
Exploits Test.

Rush:
This route is recommended to users who do not have enough time to pass all the
tests. Start testing your sytem from
Quick Test and
then examine your firewall with
Stealth Test.

If you have any questions regarding PC Flank’s tests send your message from the
Ask the Experts
page. 

Security Myths

Introduction

Over the summer, I started thinking about why people think about security the way they do, and what might be causing people to make elementary mistakes when securing their computers. I’m not talking about the choice of products or the measures they take to keep their computers secure, but rather what is fundamentally flawed in the way they think about security. As I found out during conversations with people as I traveled around Europe, most users’ security knowledge is far from what I, as a so-called ’security expert’, might consider adequate. As I delved deeper into the subject, I discovered that quite a large number of users have completely wrong ideas and misconceptions about how to tackle security issues. These conversations prompted me to write this article in an attempt to correct the most common myths and misconceptions.

Myth #1: 
I will be perfectly safe if I get the best security software and keep it up-to-date, – that’s all I need to do

It’s true that use of reliable software to shore up your computer’s defenses is vital, but before that comes careful and intelligent use of your computer to prevent security incidents in the first place. It is a truism that the weakest element in the security chain is the computer user himself. In my view, relying on security software alone is like relying on car’s crash test results to ensure that you’ll be unscathed after a major wreck. But I think we would all agree that it’s better to drive safely, wear a seatbelt, and obey the speed limit. The same applies to security: you need all the safety systems, but if you don’t adhere to basic standards of safe conduct, you put your computer at unnecessary risk. So think before you open unknown files or email attachments, or react to spam and phishing attempts – these are most likely designed to undermine your security. Also, don’t forget to install latest Windows and programs updates to keep you safe from known vulnerabilities found in vendors’ products. Remember, no matter how strong your preferred security program is, it will have one of the following weaknesses:

  1. Your anti-virus can’t recognize every virus in existence and is consequently not equipped to provide complete protection. A variety of factors contribute to this, including reliance on virus signatures and heuristics — based instruments — that struggle with the detection of different and ever-changing virus behaviors.
  2. Your firewall or HIPS may have one or more of the following weaknesses. Both MAY exhibit delayed reactions to a security incident. Both can sometimes miss an unwanted/illegitimate operation simply because these solutions cannot detect every possible type of system/network operation. Leak tests, no matter how theoretical their scenarios might be, serve as a good (but not perfect) indicator of a solution’s protective thoroughness. These systems may also fail to activate when it’s most needed – when a new attack strikes.
    Rootkits and system interceptors that remain invisible to the operating system and the majority of security programs can be used to hide the presence of a malware payload. Rootkits are being increasingly adopted by hackers to mask malware operations such as spam, botnets and Denial of Service (DoS) attacks.
  3. Security software sometimes interferes with normal operation of a PC, impacts its performance or displays alerts and action prompts that might be confusing for a normal person to respond to. It can also block WiFi connectivity or report false positives that may accidentally delete a legitimate file.
  4. Some security programs require that, once infected, manual remediation be used to undo the changes brought by malware – a task beyond the ability of most normal computer users.
  5. Your security program turns out to not be the trusted software you thought it was but instead is a rogue program that only advertises a promise to protect.
  6. Antispam and antiphishing solutions produce a high number of false positives, and phishing sites are so short-lived that, by the time a security company issues a security update to block the domain, the location has already harvested its share of stolen IDs and financial data and moved on.

Myth #2:
Why would I be hacked? I’m small fry, I’m not interesting to hackers

People do a lot of different things on the Internet, and sometimes they expose personal data. An average internet user is vulnerable to these kinds of threats:

  • Theft of personal or financial data. We shop, we enter our credit card numbers and other personal details. This creates risk and the data could be abused if you’re using an unprotected PC. A keylogger could be silently monitoring your keystrokes and capturing everything that you type on your PC; later, it will communicate this information to the hacker who sent it out hunting. If you shop and the channel of communication (i.e. the web browser traffic) is not encrypted, everything that you send over the Internet is vulnerable to being copied and used without your knowledge. Your log-in passwords, email and social network accounts can also be hijacked in a similar way. Using both known and new techniques, a sophisticated hacker can eavesdrop on your Internet sessions using what’s called “man-in-the-middle” techniques to intercept and later exploit seized data. To protect yourself from such threats, it’s vital that you use a robust firewall and ensure traffic is transmitted over an encrypted route.

And that’s not all.

  • Botnet infections, where the victim’s computer and Internet bandwidth are hijacked and used to harm other Internet users. Botnets are responsible for spewing out spam or phishing attacks that look like they come from the victim’s computer, and may also be used to conduct distributed Denial of Service attacks on legitimate organizations and take control of the organization’s website.
  • Hackers are always on the lookout for a vulnerable PC on the network. Once found, these PCs are earmarked for later use for nefarious purposes. By using special tools to probe for exploitable machines, a hacker doesn’t target a specific host, but rather, thousands of poorly protected computers that can be amassed in a matter of minutes.

Myth #3:
My company uses a gateway firewall, so I have nothing to worry about

Gateway firewalls, if properly configured, provide solid perimeter protection for your company. Malicious inbound data will be blocked and hackers probably will not be able to break into your PC. But outbound data can still leave your computer, meaning passwords, financial data stored on hard drives, and other critical resources will still be accessible to attackers. Plus, being protected from outside doesn’t necessarily mean you’re safe from hackers inside your company’s borders. You could be inadvertently attacked by a colleague who’s become a victim of, say, an Internet worm that spreads by sending itself to all contacts listed in someone’s address book.

Myth #4:
I only visit “good” places on the web, I never visit objectionable or adult sites. So I am safe from threats that spread over the Internet

If you’re being truthful, I’d say you’re in a low-risk group. However, there are some things to keep in mind as you surf around legitimate websites:

  • Sections of legitimate sites can be hijacked as easily as adult sites, and bad content placed on them temporarily until the problem is detected by the site’s operators. This happened to the Bank of India’s website not too long ago. Additionally, legitimate sites often incorporate Flash animations and JavaScript code that may be vulnerable and open up a backdoor to your computer. And last but not least, cross-site scripting (XSS) vulnerabilities may be employed by attackers to capture your logon session. You can read about XSS in greater detailhere.

Myth #5:
If I connect to a credible WiFi provider like British Telecom at the airport, my Internet connection is protected

We’ve covered the secure use of WiFi extensively in other articles, but it seems the message still has not fully got through to people. If you use an unencrypted wireless signal, regardless of the network provider, even a novice intruder can easily read what you send or receive over the network, so don’t ever take the risk and post anything confidential over a public WiFi connection.

Conclusion

Well, I hope this “back to school” article has served to remind you that, whatever protection you have on your machine, security still begins and ends with not taking unnecessary risks while you’re online. It’s a lesson every Internet user needs to learn.

Wifi Security Basics

Abstract
This article deals with the protection of wireless networks. It gives some practical insights and recommendations on how to set up and maintain a secure WiFi network.

Foreword
Wireless networks are becoming more common, and the hardware to support wireless connectivity is included on almost every laptop sold today. Being connected and staying mobile is a huge advantage both for business and personal Internet use – you no longer have to be in one place, tethered by cables, when you want to get online. Wireless ‘hotspots’ at airports and hotels are the norm today, and many handheld devices are equipped with WiFi modules that enable Internet access on the go. Wireless signals travel through walls, floors and other physical obstacles, so you can enjoy the Internet’s wealth of information and enjoy lying outdoors in the sun at the same time while your wireless router feeds an Internet signal to every computer in your household.

But of course, all this freedom comes with a caveat: a greater need to be aware of Internet security risks and to take extra steps to protect your wireless connection against them.

Security and public wireless access
Let’s start with the assumption that wireless networks are more susceptible to breaking and eavesdropping than physical, cable-based networks due to the inherent weaknesses of radio transmissions An intruder has to be physically connected to the target wired network to be able to capture or monitor data in transit, whereas all that’s needed to break into a wireless network is to be within the range of the signal.

Public hotspots represent a big risk because the data may pass through them in an unencrypted form, rendering it visible to hackers. Armed with the appropriate tools, hackers can easily “sniff” data packets, re-assemble them, and extract confidential information such as email account passwords, private IM chat sessions and other non-encrypted data that inevitably leave your computer as you connect to different authorization servers on the Internet. A technique called VPN tunneling can help to mitigate the security risks of unencrypted connections, but that’s beyond the scope of this article.

So, what can someone with a WiFi-enabled laptop do to ensure secure access in public places?

First, it’s important to remember to keep all your software updated: install all the latest OS and application patches and check the website of your wireless adapter manufacturer for the latest drivers and firmware updates.

Next, disable “File and Printer Sharing” for any public network you intend to connect to. This restricts access to your computer’s shared resources over the untrusted WLAN (wireless LAN) while still providing Internet connectivity.

Of course, you will also have installed a firewall such as Outpost Firewall Pro to protect your connections against “man-in-the-middle” attacks, where perpetrators seek either to set up a rogue Access Point (AP) and make you connect to it or to intercept data packets in transit through the sniffing techniques noted above.

Now, configure your wireless adapter software or the Wireless Network Setup Wizard in Windows to NOT automatically connect to any new-found wireless network. If there is more than one wireless network where you are, construct a prioritized set of networks according to trust level. Make sure to deactivate the wireless adapter switch on your laptop when you’re not using the Internet.

Make it a routine to know the available WiFi networks around you as you travel around – what’s operational and what entity is operating each network. Where possible, connect to a network that’s promoted by the location you’re currently in (hotel, airport information booth, caf?, for example).

One of the key things to remember is that you should never do anything that requires the submission of passwords and other confidential data over a wireless network that has not been protected with WPA2 encryption. This includes sending and receiving email, logging on to non-HTTPS pages, conducting financial transactions. Browsing the Internet and checking weather reports, sports scores or reading freely available news is probably not a big security risk, but any activity requiring personal identification should not be engaged in during any unencrypted browser session.

One final point: two wireless devices can connect to each other directly over the airwaves to establish an ad-hoc network. Some overlooked configurations in a number of wireless adapters enable the setting up of an ad-hoc network automatically without requiring consent from the users. Make sure your system is not configured that way.

Setting up a personal WiFi network and safely connecting to it
In wireless networks, encryption is the key to data security. To safely deploy your own wireless network, you’ll need a router or AP that supports WPA2 encryption. And even then, you should pick a strong passphrase that will be resistant to brute-force dictionary attacks. Consult one of the password generators here. Weaker encryption algorithms such as WPA (with a short passphrase) or WEP can be broken in a matter of minutes, so you’re strongly advised to use WPA2 encryption. Some routers provide an upgrade to WPA2 from earlier algorithms through a firmware change.

Another way to improve basic wifi network security is to change the default login for remotely accessing your AP’s configuration page. If your device comes with the standard “Admin”/“Admin” user name and password combination assigned at the factory, change this as soon as possible to something more unique and cryptic. This will prevent potential intruders from altering the security settings in your router and giving themselves access to your personal network using their own credentials.

Other recommended precautions include:

  • Assign a unique SSID (AP identifier) to your network – this is the name of the network that will be broadcast and visible to people searching for available WiFi networks. Communicate the WPA2 passphrase in a secure way to authorized people that will connect to your network (network clients), or manually configure those clients’ access settings and instruct them to only connect to the network with the specified name.
  • Monitor for the appearance of new access points in your vicinity and remind your mobile clients the dangers of connecting to a wrong or malicious access point. These could include hackers reading traffic to and from the clients and even taking over a wired network if the client is simultaneously connected to an Ethernet LAN.
  • Enable IP and MAC filtering in your router configuration. MAC filtering lets you manually whitelist network adapters with specific hardware numbers so that any device that doesn’t have a matching number will not be permitted to access the network. IP filtering uses the same principle – only clients with IP numbers that you define as trusted will be allowed to connect, but that requires turning off the DHCP server in your router configuration and manually assigning permissible IP numbers. Also, you may find it usable to limit the number of clients that can connect to the router (by limiting subnet numbers to what’s necessary) and define time intervals during which the router will let you join the network (subject to availability in some devices).
  • Limit the AP’s broadcasting range so that it can be accessible only within a certain distance; the signal will thus be suppressed once the range limit is reached This feature is available only in select devices.
  • CConsider hiding SSID – an option that’s available from the configuration page of your router – so that your network won’t be listed among the available networks when clients conduct new search. All previously-configured settings on the client will apply and computers that have already been paired with the SSID will continue to be able to detect this station.

Conclusions
Wireless networks extend both mobility and Internet access, which is useful in many situations. Unfortunately, most are not properly protected by default settings and require extra effort on the part of the user to make them secure. If you follow the advice provided here, you’ll be well on the way to ensuring that your wireless communications risk-free.

Hosts File

You can begin blocking ads and help keep yourself from being tracked by using the Hosts file with Windows and other operating systems.

What is the Hosts file, and how does it stop ads and tracking?

The Short Answer:
The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or “telephone number,” for that site. If you do, then your computer will “call it” and the site will open. If not, your computer will ask your ISP’s (internet service provider) computer for the phone number before it can “call” that site. Most of the time, you do not have addresses in your “address book,” because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

If you put ad server names into your Hosts file with your own computer’s IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a “busy signal” of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

The Longer, More Technically Oriented Answer:
The “Hosts” file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words – the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.
For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!’s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.

A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!’s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn’t have to ask another to translate where to look for Yahoo!

Computers have a host address of their own – it is known as the “localhost” address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer’s host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking – which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself – of course it won’t find any of it and will quit looking for it – and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won’t see the ads, they can’t put cookies on your hard drive, and you can’t be profiled by them.

Benefits of the Hosts File:

  1. Uses less resources: By using a function built into your computer, you will be able to block advertising sites (or any other site you wish) without the need for any extra programs. This will cut down on memory and processor usage, which will free up your resources for other tasks.
  2. Works on connections other than HTTP: Most ad-blocking programs will only intercept IP calls going to the HTTP (or web) port on your computer. Other transfers can still get through. The Hosts file, however, will block IP calls on any port, whether it is HTTP, FTP, or whatever else you happen to be doing.
  3. Eliminate many tracking and privacy concerns: By intercepting the IP calls before they ever leave your computer, the Hosts file can prevent advertising and tracking companies from ever even knowing you are viewing a web page. This will keep them from profiling you and help you keep your privacy. All sites in the Hosts file entered with a 127.0.0.1 address will never be accessed. Sites that are not in the Hosts file may still track you and send you ads.
    To find out which advertisers may be tracking you, please visit this excellent web site.
  4. The Hosts file is configurable: Rather than relying on others to decide what sites to block for you, you may edit the Hosts file entirely on your own. This means you can put any site you wish into the Hosts file and that site will not be able to be accessed. You can use this to block advertisers, trackers, or sites you would not want your small children to see. You get to decide entirely what you wish to block, and you don’t have to depend on someone else’s judgement!
  5. Increased browsing speed: By placing sites into your Hosts file with their correct addresses, your computer does not need to ask another computer where to find a site. This can significantly speed up your surfing experience because your computer will go straight to that site instead of having to ask directions. Also, by keeping ads from being loaded using the blocking technique in the Hosts file, web pages will be viewable much more quickly since they won’t have to load a lot of fancy graphics.

Some restrictions on the Hosts file:

  1. It will not work with wildcards, such as *.whateveryouwantgoeshere.com.
  2. It will not work with URL’s that begin with IP numbers. IP numbers are the numerical equivalent of the www.somesitenamehere.com address, and that is what your computer actually uses to find the web page. The names are there so that humans don’t have to remember long strings of numbers. You would need to find the www.whatever.com address that the IP number represents, and then block that name instead of using the IP number. For example, Yahoo!’s address is www.yahoo.com, and its IP address is 204.71.200.67 We can block www.yahoo.com but not the IP address. The reason for this is that Hosts is used to determine IP addresses. If we already know the IP address, Hosts will not be consulted and so can not block the site. I do not recommend actually blocking Yahoo! though, as it is a great search engine!
  3. It will not work with ads that are served from the same site you are viewing. The reason for this is that the Hosts file must block an entire site, and can not block subdirectories or pathnames on a site. For example, you could not block www.netscape.com/ads/ because you can’t block subdirectories. You would need to block the entire www.netscape.com server, and that would leave you without access to Netscape’s site. So you will have to use a different method to eliminate ads that come from the site you are viewing, such as an ad-blocking program.
  4. It may cause some sites to quit working properly. If you put the wrong server into your hosts file, it may mean that certain websites will no longer be viewable as they normally would be. To remedy this, remove the entry of the site you wish to unblock from your hosts file. In particular, you may notice sites that rely on Akamai’s servers will not function properly if Akamai is in your Hosts file.

Site Advisor

A Website Reputation Rating Program (or Site Advisor) warns the user what website is good, may be good or bad, or green, yellow, red. These programs are usually installed as an Add-on and is used and displayed while using a search engine (e.g. Google, Yahoo!). The Website Reputation Rating Programs usually rate the site bad from phishing or scamming, viruses or spyware, spam, browser exploits and etc.

The reputation metrics are typically collected from other users who have had dealings with the thing that is being rated. Each user would indicate whether he or she was satisfied or dissatisfied. In the simplest case, the reputation of something is the average rating received from all users who have interacted with it in the past.

I recommend WOT, Read more here.

Sandbox

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.

I Recommend Sandboxie for Daily use.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Some examples of sandboxes are:

  • Applets are self-contained programs that run in a virtual machine or scripting language interpreter that does the sandboxing. In application streaming schemes, the applet is downloaded onto a remote client and may begin executing before it arrives in its entirety. Applets are common in web browsers, which use the mechanism to safely execute untrusted code embedded in web pages. Three common applet implementations—Adobe Flash, Java applets and Silverlight—provide (at minimum) a rectangular window with which to interact with the user and some persistent storage (at the user’s permission).
  • A jail is a set of resource limits imposed on programs by the operating system kernel. It can include I/O bandwidth caps, disk quotas, network access restrictions and a restricted filesystem namespace. Jails are most commonly used in virtual hosting.
  • Rule-based Execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other apps and have access to the net. It also can control file/registry security (What programs can read and write to the file system/registry) As such, viruses and trojans will have a less likely chance of infecting your PC. The SELinux and Apparmor security frameworks are two such implementations for Linux.
  • Virtual machines emulate a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system is sandboxed in the sense that it does not run natively on the host and can only access host resources through the emulator.
  • Sandboxing on native hosts: Security researchers rely heavily on sandboxing technologies to analyse malware behaviour. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host.
  • Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability based implementations can work at various levels, from kernel to user-space. An example of capability-based user-level sandboxing would be HTML rendering in Google Chrome.
  • Online judge systems to test programs in programming contests.
  • New generation pastebins allowing users to execute pasted code snippets.

Firewall

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.

A personal firewall differs from a conventional firewall in terms of scale. Personal firewalls are typically designed for use by end-users. As a result, a personal firewall will usually protect only the computer on which it is installed.

Many personal firewalls are able to control network traffic by prompting the user each time a connection is attempted and adapting security policy accordingly. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.

Features

Common Personal Firewall Features:

  • Alert the user about outgoing connection attempts
  • Allows the user to control which programs can and cannot access the local network and/or Internet
  • Hide the computer from port scans by not responding to unsolicited network traffic
  • Monitor applications that are listening for incoming connections
  • Monitor and regulate all incoming and outgoing Internet users
  • Prevent unwanted network traffic from locally installed applications
  • Provide the user with information about an application that makes a connection attempt
  • Provide information about the destination server with which an application is attempting to communicate

Criticisms

  • Instead of reducing the number of network-aware services, a personal firewall is an additional service that consumes system resources and can also be the target of an attack, as exemplified by the Witty worm.
  • If the system has been compromised by Malware, Spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. It may be possible to bypass or even completely shut down software firewalls in such a manner.
  • The high number of alerts generated by such applications can possibly desensitize users to alerts by warning the user of actions that may not be malicious (e.g. ICMP requests).
  • Software firewalls that interface with the operating system at the kernel mode level may potentially cause instability and/or introduce security flaws and other software bugs.

How to Choose a Firewall
Three basic types of firewalls are available for you to choose from:

  • Software firewalls
  • Hardware routers
  • Wireless routers

To determine which type of firewall is best for you, answer these questions and record your answers:

  1. How many computers will use the firewall?
  2. What operating system do you use? (This might be a version of Microsoft Windows, Apple Macintosh, or Linux.)

That’s it. You are now ready to think about what type of firewall you want to use. There are several options, each with its own pros and cons.

List of Different Firewalls:

Software firewalls

Software firewalls are a good choice for single computers, and they work well with several operation systems. (Windows Vista and Windows XP both have a built-in firewall too.)

ProsCons
Does not require additional hardware.Additional cost: Most software firewalls cost money.
Does not require additional computer wiring.Installation and configuration might be required to get started.
A good option for single computers.One copy is typically required for each computer.

 

Hardware routers

Hardware routers are a good choice for home networks that will connect to the Internet.

ProsCons
Hardware routers usually have at least four network ports to connect multiple computers together.Require wiring, which can clutter your desktop area.
Provide firewall protection for multiple computers.

Wireless routers

If you have or plan to use a wireless network, you need a wireless router.

ProsCons
Wireless routers allow you to connect computers, portable computers, personal desk assistants, and printers without wiring.Wireless devices broadcast information using radio signals that can be intercepted by someone outside of your home (if they have the right equipment).
Wireless routers are excellent for connecting notebook computers to the Internet and networks.You might have to pay for extra equipment.
Not all wireless routers come equipped with a built-in firewall, so you might have to purchase one separately.

 

Start using a firewall today

Connecting to the Internet can pose dangers to unwary computer users. Use a firewall to help reduce your risk.

Installing a firewall is just the first step toward safe surfing online. You can continue to improve your computer’s security by keeping your software up to date, using antivirus software, and using antispyware software. You can find a list of different firewall with their test result Here.

Data Backup Essentials

Computer security is so multifaceted that it cannot be tailored to fit any one specific definition or approach. Comprehensive computer security comprises numerous subcategories that together add up to form a single, coherent structure. One of these subcategories that we haven’t yet touched on is data backup and the part it plays in keeping valuable data safe. Here, we are making up for this omission by reviewing the different approaches to data backup and how they work.

Backup = Insurance

Data backup enables you to save your information to a safe place and restore it later if something happens to the device on which your data normally resides. It is an indispensable tool if you want to be sure your original work, or files, or whatever data you value stays intact no matter what may threaten that data; it means you can always roll back to a previous state and restore what’s been lost or compromised. When critical information is at risk, data backup is your primary resort to be safe in knowledge that your digital valuables are not jeopardized. Data backup is especially helpful in the following situations:

  • When you’re about to install a new application or a major update and you’re unsure whether it’s going to cause systems disruptions or compatibility or interoperability problems. Ironically, this application could be a security program or Windows Service Pack that introduces significant modifications to your existing OS configuration which may in turn cause other problems. Backing up is also a sensible precaution for users who like to experiment with advanced system settings, like manually tweaking registry entries and testing different system drivers or services.
  • When you experience, foresee, or want to preempt hardware malfunctions. There could be a number of indicators suggesting your hardware may be failing, such as system instability or overheating, or your hard drive is degrading. Hard drive problems really need a whole article to themselves, but for the purposes of this article, there are a few warning signs you should be aware of. When a hard drive is nearing the end of its life, Windows starts to report disk readability or writeabilty issues, or the SMART hard disk diagnostics system warns of an impending crash and recommends you promptly save and transfer your data to a safe place. Backing up is also advisable if you don’t use a UPS (uninterruptible power supply), as an electric surge can make your hard disk or motherboard unusable beyond repair. It’s hard to predict a future malfunction, but not impossible. Experienced users know of potential problem indicators, but for everyone else, here’s some advice: the older your system is, the more chance there is of it failing because of lack of proper servicing or care. If it’s kept in a dusty, humid or hot environment, the likelihood of failure is higher. It’s a good idea to run a free-to-try diagnostics utility such Sisoftware’s Sandra or Everest from time to time, as these tools can be helpful in predicting hardware crashes.
  • Backing up also makes sense if you want to mitigate the impact of viruses and other malware programs that may get past your defenses. Beyond their primary mission of stealing information, malware can be more directly destructive by damaging system configuration settings, corrupting files, and blocking or diverting network connections. As we’ve repeated many times in Security Insight, the use of security software is only one layer in the quest to safeguard your data, and no security solution can keep you safe from every threat. Backups can often be a more effective way to restore your system after a malware infection than antivirus.
  • You intend to use your computer on-the-go and are concerned about data integrity or safety. If you lose your laptop or if it ends up in the water, a backup of your important data will save the day.
  • You may be the unofficial tech support person for your friends and relatives. If anything goes wrong with one of their machines, you can simply roll it back to the last backup data.
  • A backup is handy if you plan to change to a new PC. Just save all your files and restore them on the new PC. It’s important to remember, however, that if the configuration of a new PC significantly differs from your old one, restoring the operating system and all installed programs won’t be possible, because the different hardware will likely require different settings.

What can be backed up

When you select items to back up, consider what is important to you. Essentially, the following can be backed up:

  • Individual files and folders (documents, photos, music, etc). With your backup software, simply designate those items that you want to be backed up and it will save them automatically. Don’t forget to update your backups regularly to take care of new files and updated originals.
  • Local and remote storage, including logical disks (partitions) and physical disks. In addition to files, your backup system can save the entire contents of selected hard drives and later restore their contents to a new or old destination.
  • Removable storage, such as USB flash drives, DVDs and other external devices.
  • Your operating system and its settings, including all installed software. You can save the state of your operating system and then revert back to the last image point when needed.

How it works

Modern backup software is relatively easy and straightforward to use. Generally, after you’ve installed it, you select the locations that you intend to backup, specify the location where these objects will be stored and press ok. Once the backups are created, you can restore them when needed. Your first backup should always be a full copy of the original location, whereas subsequent backups are incremental, backing up only content that is new or changed since the last backup. This saves time and disk space needed for backup.
Later backups can be either on-demand (you ask the program to perform backup at a desired time) or on schedule. On-schedule backups can be set to occur at regular intervals specified in the backup program itself. You might also want to consider on-event backups offered with select programs, which can be set to occur when a certain event, such as prolonged idle time or a power problem, are indicated.

Backup storage

When you back up your data, you save it to a specific destination. Usually, this destination is a large compressed file on a local device – either a removable hard drive or a high-capacity memory card. The backup location can be customized and it’s very important to keep in mind that the place where you store your backup copy should be secure – if your primary data source fails, you need to be sure you can access and use your backup. Keeping your backed-up data in a safe, dry place disconnected from the power circuit will ensure your backup will stay in good shape and enable you to get your data back in case of emergency. It’s not a good idea to keep your backup copy on your primary hard drive or an old ROM disk, because these can be exposed to disaster as much as your main storage. You can back up your data to remote storage or use one of the free or commercial online backup services available. Bear in mind that storing your data at somebody else’s facilities has advantages and drawbacks. The advantages are:

  • Your backup is not affected by local events, such as power surges, lightning, fire, flooding, earthquakes and other natural disasters.
  • Storing your data with a credible organization that has expertise in data storage and continuity operations is generally reliable. Such organizations generally run fault-tolerant systems with multiple backups that should ensure your data will be safe.

Disadvantages are:

  • You have to trust the organization where you store your data, to be sure its confidentiality is maintained.
  • Uploading your saved data and later downloading it to restore from will require a lot of bandwidth and data support, so your ISP account should allow for unlimited data and high throughput.
  • There’s some concern over the security of your data when it is in transit. The risk is small, but it could be accessed by third parties. In that regard, check with your backup provider concerning the precautions they take to make sure this process is safe.
  • Managing your remote backups may not be as simple as local backups, and remote backups don’t always give you the full benefits of local backups. As an extreme case, you would not be able to restore a backup if your computer is so damaged that it cannot boot the OS. You’d have to use another computer to connect to the internet, download the required remote image and initiate the restoration process. In contrast, local backup software usually offers the option to create a CD-ROM boot disk that will initiate restoration to the desired point if your computer cannot be started in the usual way. You simply insert the CD, connect to the device on which you keep your backup, and your hard disk is restored in an hour or so.

Forms of backups:

The following forms of backup exist:

  • Disk cloning, where your entire physical drive is copied onto another hard drive. In case anything happens to your original drive, you can simply connect a new drive to your PC and it will boot from it. The new drive will be an exact copy of your original drive, and will have all the files and documents as existed on the old one at the moment of cloning operations. If the size of the disks differs, your partitions (logical disks such as C, D, etc) will be shrunk or expanded proportionally. If you make a clone of the disk, remember that the computer configuration should stay the same.
  • File storage, where all backup data is compressed and stored in one single file. This file is compressed to save space and can be password-protected to ensure other people can’t view its contents.
  • Restore points selectable within your backup software. Restore points are assigned according to the date a backup was made, and if anything happens to your PC, you can always revert to the last restore point from within the program interface.

Different flavors of backup solutions

Computer backup solutions exist in both software and hardware forms. Hardware systems are usually automated, always-connected devices that copy the contents of the primary hard drive to an embedded magnetic tape or hard drive. Mirrored Raid Arrays (RAID-1) are two internal hard drives running in parallel mode, where the second drives automatically backs up the contents of the first drive on the fly. If the primary drive becomes corrupted, the contents can be recovered from the second drive. Effective against hardware HDD failure, RAID arrays are of no use in case a virus harms your main system, because the same infection will be instantly duplicated to the second drive as well, negating all efforts. RAID systems are relatively easy and inexpensive to deploy, but require a degree of expertise to manage in the first configuration stages.
Back-up functionality is present in many of today’s software applications, from Security Suites such as Norton360 to OS-bundled software such as Apple’s Time Machine and Windows’ Backup or Restore Wizard. These programs usually offer less functionality than dedicated, specialized backup tools such as Acronis True Image, but still perform basic backup tasks and are quite sufficient for many people.

Conclusion

Backing up your system is a very good habit to develop. It will save you a lot of hassle and stress in case a system malfunction or virus infection occurs. There you have it, folks – I hope you found this article informative and useful.

Antivirus

Antivirus software (sometimes spelled Anti-Virus or anti-virus with the hyphen) are computer programs that attempt to identify, neutralize or eliminate malicious software. The term “antivirus” is used because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, Trojans, often described collectively as malware.

Virus scanners
Antivirus scanning software, or a virus scanner, is a program which examines all files in specified locations, the contents of memory, the operating system, the registry, unexpected program behavior, and anywhere else relevant with the intention of identifying and removing any malware.
Typically two different approaches are used to identify malware, often in combination, although with an emphasis on the virus dictionary approach.

  • examining (scanning) files, etc., for known viruses matching signatures in a virus dictionary, and
  • identifying suspicious behavior from any computer program which might indicate infection. This approach is called heuristic analysis, and may include data captures, port monitoring and other methods.

Network firewalls prevent unknown programs and Internet processes from having access to the system protected; they are not antivirus systems as such, and make no attempt to identify or remove anything, but protect against infection, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports.

Dictionary
In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:

  1. attempt to repair the file by removing the virus itself from the file,
  2. quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread), or
  3. delete the infected file.

To achieve consistent success in the medium and long term, the virus dictionary approach requires frequent (generally online) downloads of updated virus dictionary entries. Civically-minded and technically-inclined users, and those who want help find viruses not detected by the software, can send their infected files to the authors of antivirus software, who analyze them and include identifying features and removal information in their dictionaries.
Dictionary-based antivirus software typically examines files when the computer’s operating system creates, opens, closes, or e-mails them. In this way it can detect a known virus immediately upon receipt. System administrators can schedule antivirus software to examine (scan) all files on the computer’s hard disk on a regular basis.
Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing “oligomorphic”, “polymorphic” and more recently “metamorphic” viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
An emerging technique to deal with malware in general is whitelisting. Rather than looking for only known bad software, this technique prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator. By following this “default deny” approach, the limitations inherent in keeping virus signatures up to date are avoided. Additionally, computer applications that are unwanted by the system administrator are prevented from executing since they are not on the whitelist. Since modern enterprise organizations have large quantities of trusted applications, the limitations of adopting this technique rest with the system administrators’ ability to properly inventory and maintain the whitelist of trusted applications. Viable implementations of this technique include tools for automating the inventory and whitelist maintenance processes.

Suspicious behavior – heuristics
The suspicious behavior approach, by contrast, does not attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the antivirus software can flag this suspicious behavior, alert a user, and ask what to do.
Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it can also sound a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks “Accept” on every such warning, then the antivirus software obviously gives no benefit to that user. This problem has worsened since 1997, since many more non-malicious program designs came to modify other .exe files without regard to this false positive issue. Therefore, most modern antivirus software uses this technique less and less.

File Emulation – heuristics
Some antivirus software use other types of heuristic analysis. For example, it could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable. If the program seems to use self-modifying code or otherwise appears as a virus (if it immediately tries to find other executables, for example), one could assume that a virus has infected the executable. However, this method could result in a lot of false positives.

Sandbox
Yet another detection method involves using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans. Also this method may fail as a virus can be nondeterministic and do different things, including doing nothing at all, each time it is executed — so it will be impossible to detect it from one run.
Some virus scanners can warn a user if a file is likely to contain a virus based on the file type.

Virus removal tools

A virus removal tool is software for removing specific viruses from infected computers. Unlike general-purpose virus scanners, it is not intended to detect and remove, ideally, all known viruses; rather it is designed to remove specific viruses more effectively and completely than a general-purpose program. Many single-virus tools will be found searching the Worldwide-Web for “virus removal tool”; others, such as McAfee Stinger and the Microsoft Malicious Software Removal Tool run automatically by Windows update, are designed to remove a limited numbers of viruses. Many of these tools are available for free download.
If a virus is identified by a general-purpose scanner it may not be entirely removed; once the virus has been identified, running a tool designed specifically for it can do a better job of cleaning.

Issues of concern

  • The regular appearance of new malware is certainly in the financial interest of vendors of commercial antivirus software, though there is no evidence of collusion.
  • Some antivirus software can considerably reduce performance. Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection. For maximum protection, the antivirus software needs to be enabled all the time — often at the cost of slower performance (see also software bloat).
  • It is important to note that one should not have more than one memory-resident antivirus software solution installed on a single computer at any given time. Otherwise, the computer may be crippled.
  • It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers. Active antivirus protection may partially or completely prevent the installation of a major update.
  • When purchasing antivirus software, the agreement may include a clause that the subscription will be automatically renewed, and the purchaser’s credit card automatically billed, at the renewal time without explicit approval. For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription. Norton Antivirus also renews subscriptions automatically by default.
  • Some antivirus programs are actually spyware masquerading as antivirus software. It is best to double-check that the antivirus software which is being downloaded is actually a real antivirus program.
  • Some commercial antivirus software programs contain adware.
  • Most widely-accepted antivirus programs often do not detect newly-created viruses.
  • Anti-virus manufacturers have been criticised for fear mongering by exaggerating the risk that virus pose to consumers.
  • If an antivirus program is configured to immediately delete or quarantine infected files (or does this by default), false positives in essential files can render the operating system or some applications unusable.

Mobile devices
Viruses from the desktop and laptop world have either migrated to, or are assisted in their dispersal by mobile devices. Antivirus vendors are beginning to offer solutions for mobile handsets. These devices present significant challenges for antivirus software, such as:

  • processor constraints,
  • memory constraints, and
  • definitions and new signature updates to these mobile handsets.

Mobile handsets are now offered with a variety of interfaces and data connection capabilities. Consumers should carefully evaluate security products before deploying them on devices with a small form factor.
Solutions that are hardware-based, perhaps USB devices or SIM-based antivirus solutions, might work better in meeting the needs of mobile handset consumers. Technical evaluation and review on how deploying an antivirus solution on cellular mobile handsets should be considered as scanning process might impact other legitimate applications on the handheld.
SIM-based solutions with antivirus integrated on the small memory footprint might provide a basic solution to combat malware/viruses in protecting PIM and mobile user data. Solutions based on USB and Flash memory allow the user to swap and use these products with a range of hardware devices.

History
There are competing claims for the innovator of the first antivirus product. Perhaps the first publicly-known neutralization of a wild PC virus was performed by Bernt Fix (also Bernd) in early 1987. Fix neutralized an infection of the Vienna virus. The first edition of Polish antivirus software mks_vir was released in 1987; the program was only available with a Polish interface. Autumn 1988 saw antivirus software Dr. Solomon’s Anti-Virus Toolkit released by Briton Alan Solomon. By December 1990, the market had matured to the point of nineteen separate antivirus products being on sale including Norton AntiVirus and VirusScan from McAfee.
Peter Tippett made a number of contributions to the budding field of virus detection. He was an emergency-room doctor who also ran a computer software company. He had read an article about the Lehigh virus and questioned whether they would have similar characteristics to biological viruses that attack organisms. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Tippett’s company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Tippett went to work for them, incorporating the software he had developed into Symantec’s product, Norton AntiVirus.
Before Internet connectivity was widespread, viruses were typically spread by infected floppy disks; antivirus software started to be used, but was updated relatively infrequently. At that time it was said, correctly, that viruses could not be spread by the readable content of emails, although executable attachments were as risky as programs on floppy disks. Virus checkers essentially had to check executable files, and the boot sectors of floppy and hard disks. As Internet usage became common, initially by making a modem connection when desired, viruses spread through the Internet, facilitated by powerful macros in word processors such as Microsoft Word; hitherto “documents” could not spread infection, although programs could. Later email programs, in particular Microsoft Outlook Express and Outlook, became able to execute program code from within a message’s text by simply reading the message, or even previewing its content. Virus checkers now had to check many more types of file. As broadband always-on connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently; even then, a new virus could spread widely before it was detected, identified, a checker update released, and virus checkers round the world updated.
A very uncommon use of the term “antivirus” is to apply it to benign viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.

Effectiveness
Studies in December 2007 have shown that the effectiveness of Antivirus software is much reduced from what it was a few years ago, particularly against unknown or zero day threats. The German computer magazine c’t found that detection rates for these threats had dropped to a frightening 20% to 30%, as compared to 40% to 50% only one year earlier. At that time only one product managed a detection rate above 50%.
The problem is magnified by the changing intent of virus authors. Some years ago it was obvious when a virus infection was present. The viruses of the day, written by amateurs, exhibited destructive behavior or popped-up screen messages. Modern viruses are often written by professionals, financed by criminal organizations. It is not in their interests to make their viruses or crimeware evident, because their purpose is to create botnets or steal information for as long as possible without the user realizing this; consequently, they are often well-hidden. If an infected user has a less-than-effective antivirus product that says the computer is clean, then the virus may go undetected.
Traditional antivirus software solutions run virus scanners on schedule, on demand and some run scans in real time. If a virus or malware is located the suspect file is usually placed into a quarantine to terminate its chances of disrupting the system. Traditional antivirus solutions scan and compare against a publicised and regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ an heuristic engine which further examines the file to see if it is behaving in a similar manor to previous examples of malware. A new technology utilised by a few antivirus solutions is whitelisting, this technology first checks if the file is trusted and only questioning those that are not. With the addition of wisdom of crowds, antivirus solutions backup other antivirus techniques by harnessing the intelligence and advice of a community of trusted users to protect each other. By providing these multiple layers of malware protection and combining them with other security software it is possible to have more effective protection from the latest zero day attack and the latest crimeware than previously was the case with just one layer of protection.

Compare Antiviruses

Testing Antiviruses to get a real fair result is not easy.

To compare antiviruses we need to think of many factors and our needs to choose what is best for us. Many Different company compare antiviruses publish their results for paid/free.

Even trusting these results is not easy as some tests are threated by big vendors and is not honest!

By the way, some of the companies which test AVs are: