Free computer security:
Vulnerability is a software error which can be exploited with a security impact and gain. Many vulnerabilities allow criminals to gain control over systems and perform actions ranging from stealing sensitive information (such as credit card numbers, passwords, and personal documents) to automatic installation of viruses, Trojans, key loggers, and other types of malware. Vulnerabilities can affect all applications installed on a computer, including the operating system.
The only real solution to avoid becoming a victim of a hacker exploiting vulnerabilities is to install the latest security updates that the vendor of the program has released. As new vulnerabilities are found regularly, it is important to scan for vulnerabilities on a regular basis.
Not only home users, IT professionals everywhere are inclined to focus on patching Microsoft programs, operating systems and just a few other programs.
Over a five year period, the share of third-party vulnerabilities has increased from 57% in 2007 to 86% in 2012. The significance of this number is that it has become more difficult for end users and administrators to keep their systems secure: If end users and organizations focus on patching their Microsoft programs and operating systems they only protect their computer and IT infrastructure from 14% of the threats posed by vulnerabilities.
- The Secunia Personal Software Inspector (PSI): PSI is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cyber criminals It then supplies your computer with the necessary software security updates to keep it safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. PSI makes regular checks to see if a PC contains any programs that do not have the latest patches installed, and makes it easy for users to patch them. This is important since not all vendors provide scheduled updates, and they may not notify users when patched versions are released.
Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.
The Secunia PSI is not a replacement for other security measures such as antivirus or personal firewalls — the Secunia PSI is designed as an essential complement to other security measures such as antivirus and personal firewalls as it helps prevent the exploitation of often overlooked exposures. Whilst anti-virus software can protect against viruses, and installation of firewalls can provide protection against some attacks by cyber criminals, individuals and businesses also need to protect themselves against the proliferation of malware and attacks by cyber criminals, which is now recognized worldwide as a major security problem. Secunia PSI provide extensive details on the software installed on a computer, it also gives you direct links to update programs that are older and potentially not secure. The Secunia PSI allows users to view any out of date programs installed. It also allows the user to quickly and easily upgrade to new and secure versions of applications.
The Secunia PSI 3.0 can be downloaded from Secunia’s website now at
http://secunia.com/vulnerability_scanning/personal/
2. FileHippo Update Checker: FileHippo Update Checker is extremely small in size and very easy to use. After the installation, FileHippo Update Checker will scan for installed software and send the information to FileHippo servers to compare the versions of software installed on the PC and available on FileHippo.com.
It will then display a list of updates available and the download links to new updated software. One has to manually download the software and install it on the computer. FileHippo Update Checker is very good for those who want to keep an eye on everything that is being updated or installed.
One drawback of FileHippo Update Checker is that it does not support all the new software being released daily but it supports majority of the popular software. FileHippo Update Checker works on all versions of Windows but it requires .NET Framework 2.0 or later to be installed.
Download FileHippo Update Checker
3. CNet TechTracker: CNet TechTracker is from the owners of download.com which is considered to be a one stop destination for software downloads. Usually the updates to the software are available on CNet software catalogue sooner than other sites. Another advantage of installing CNet TechTracker is that most of the software are tested for spyware and malware before being updated.
CNet TechTracker is the best tool for those who want to have a “set it and forget it” functionality. One thing to note while installing this software updater, it will also install a search toolbar which can be annoying for many users.
4. SUMo (Software Updates Monitor):
SUMo (Software Updates Monitor) is another great software updater which is easy to use and can automate the software updates process. The biggest disadvantage of SUMo is with its installation procedure. You have to be very careful while installing SUMo because it will ask you to install some useless tool-bars and software which you should always decline.
5. Patch My PC:
Patch My PC is a small, portable and freeware application that will scan for outdated third party software and update them automatically.
Other software updaters:
- UpdateStar is another popular software updates client. The interface of UpdateStar is not as user friendly as other software updater discussed above. There are two editions of UpdateStar – free and premium. The premium edition is paid and is fully automated. You don’t have to touch anything in order to update the software installed in the system. UpdateStar premium will automatically update the software and let you know in the system tray. This feature is not available in the freeware edition of UpdateStar.
- R-Updater is a light weight software updates monitor program which does not take a lot of resources when running. It is available as an installer as well in portable edition. R-Updater starts with Windows and keeps on checking for new versions of installed software every now and then. You can also change the checking schedule in the settings.
- Carambis Software Updater – includes multilingual support and a very quick scanning engine with one click scanning option.
- Glarysoft Software Update – informs whenever a new update of a software is available. You can share information and comment on the new software updates.
- RadarSync – automatically download and installs new updates to installed software.
- Appupdater – very similar to Linux apt-get and yum and provides the automated installation and maintenance of installed software.
- Update Notifier – a portable software updater with a watch list feature where you can add programs to your watch list.
- Ketarin – Ketarin keeps the setup packages up to date instead of the installed programs. So if you have a software repository in your computer, Ketarin will keep it up to date.
- Software Informer – lets you find new software according to your needs while keeping the installed software up to date.
- FileREX Update Checker – automatically detects installed apps and then gives download links to the latest versions available.
- Seven Update - very much like Windows Update but it keeps third party software updated. It is free and open source.
- Software-UpToDate - a very simple program which notifies about the recently updated software and gives download links to those software.
The good thing about these software updaters is that usually they do not conflict with each other. If you want to install multiple software updater monitoring programs, you can do it without any problems.
Source: maketecheasier, secunia, PRWeb, lifehacker, zednet
International Women’s Day 2013 :
- In: Technology
- 2 Comments
Scheduling automated backup using SQL server 2008:
It is very important to take backups for the database files on regular basis. Microsoft SQL server 2008 has made this task very easy.
- Users can schedule the backup to be taken at a particular interval
- Users can schedule the backup copies to be deleted at a particular interval.
Do the following tasks to take a backup of a database:
1. Go to Start –> All Programs –> Microsoft Server 2008 R2 –> SQL Server Management Studio, Click SQL Server Management Studio. Microsoft Server Management Studio window with Connect to Server dialog box appears (see Image-1).
Image- 1
2. Enter the password of the server in Password field.
3. Click Connect. It connects to the database server and the Microsoft Server Management Studio window refreshes (see Image-2).
Image-2
4. From the object explorer, make sure SQL server agent is running, if not start SQL Server Agent (Right click and press start).
5. Expand Management subfolder à Maintenance Plans. Right click on Maintenance Plans and select New maintenance plan
(see Image-3).
Image-3
6. Enter a relevant maintenance plan name that suits your plan in the popup box. This will identify your backup (see Image-4). Click OK
Image-4
7. Maintenance plan configuration page opens (see Image-5). Note the marked areas with arrows, these are the two areas that need to be used for setting up the maintenance plan. The marked area in the right top will be used to configure the time at which the plan needs to be executed. The bottom left pane shows the tasks that can be utilized to create a SQL Maintenance plan.
Image-5
NOTE: In the Maintenance plan configuration page (see Image-5), if Tool Box window (bottom left pane) does not appear go to View –> click on Tool Box.
8. Click on the calendar item shown in the right side top. Job schedule properties window pops up (see Image-6). Configure the execution time/frequency of the tasks in this pop up as per your requirement. Usually database backups are taken on daily/weekly/Monthly basis. Make sure you are selecting proper time so that your databases is least used. Click OK once you finish.
Image-6
9. From the maintenance plan tasks pane ( Image-5), on the left side, select and double click on the Back Up Database Task, this will be used to select the databases to be backed up and the location where to save the Backup files (see Image-7).
Image-7
10. Double click on the Back Up Database Task, it will open a new window that allows you to configure the database configuration for the backup. Here you configure the databases that you need to backup, then specify a location for the backup, the extension for the backup files etc. (see Image-8).
From the pop up modal window, by clicking on “Databases” drop down, you will be able to select the required databases and also configure the file location, extension for the backup file etc.
Image-8
11. Click OK once finished. Now Backup plan configuration is over. The backup files will be created on the scheduled time in the specified folder. The name of the file will be created by appending the date so that you can identify the back up for a particular date.
Since the backup files are created frequently, it is a good practice that you delete backup files after a certain period of time. For this you need to execute clean up task along with the maintenance plan. You can configure the clean-up task as follows.
From the left side pane, drag and drop maintenance clean-up task (see Image-9).
Image-9
Image-10
12. Once you click OK, then save the maintenance plan. You can either wait till the next execution time or execute it manually in order to check whether everything is working fine.
source: Microsoft, sreejukg
Adobe Advises Users to Enable Protect View Until Reader Zero-Day Is Fixed
Posted on: February 16, 2013
IT’S PDF TIME:
We heard and read IE, Java, and Flash zero-days in a row in the past several months, and now it’s PDF’s turn. Security experts identified that a PDF zero-day is being exploited in the wild, and observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.
Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the call back component, which talks to a remote domain.
Adobe said there are two vulnerabilities (CVE-2013-0640 and CVE-2013-0641) affecting Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. Active exploits are using malicious PDFs attached to phishing messages purporting to be a travel visa application called Visa form Turkey.pdf.
Adobe said it is working on an emergency patch for the popular document reader. In the meantime, it urges users to enable the product’s Protected View feature, which is off by default.
Protected View was introduced into Acrobat in version 10.1 and Reader in 11.0 for Windows; it is a read-only mode that blocks executable files until the user decides the document is trustworthy.
Protected View (Windows only)
Protected View provides an additional level of security. When Protected View in enabled, PDFs are displayed in a restricted environment called a sandbox. This isolation of the PDFs reduces the risk of security breaches in areas outside the sandbox. Adobe strongly recommends that you use Acrobat in Protected View if you are concerned about security, or if you frequently interact with PDFs on the Internet.
When Protected View is enabled, only basic navigation is allowed. For example,
you can open PDFs, scroll through pages, and click links.
You can enable Protected View in a PDF that you view in either stand-alone Acrobat or in a web browser.
If you trust the PDF and where it came from, click Enable All Features. The PDF is added to your list of privileged locations and is trusted from then on.
Enable Protected View
Unlike Protected Mode in Reader, Protected View in Acrobat is off by default.
- Choose Edit > Preferences.
- From the categories on the left, select Security (Enhanced).
- Select the Enable Enhanced Security option.
You can find out whether a PDF opened in a browser is in Protected View.
Right-click the document in the browser and choose Document Properties.
Click the Advanced tab. When Protected View is enabled, the status says Protected Mode: On.
Besides this option, users could install alternative readers, such as Foxit, PDF-Xchange Viewer, Sumatra and Nitro among others.
Daily threats to online gamers
Posted on: February 10, 2013
- In: Technology
- 1 Comment
Hackers target gamers with 7,000 daily attacks recorded
According to data from KSN (Kaspersky Security Network ), Kaspersky Lab experts recorded 7,000 attempts to infect gamers around the world every day in 2012. These attacks are launched in an attempt to gain access to personal user data, such as passwords to online games and online banking systems. Where games are concerned, malicious users attempt to steal avatars and in-game items to subsequently sell these virtual goods for real money. In the case of online banking, cyber criminals aim to steal money directly from real bank accounts.
As Kaspersky Lab experts discovered, in order to do this, malicious users send an average of 10 emails with malicious links and attachments to gamers every day, in addition to making roughly 500 attempts to infect gamers via browser-based attacks.
One of malicious users’ most favored tactics in the world of online games is, of course, social engineering — phishing in particular. For example, cyber criminals invoke the names of well-known gaming worlds and desperately try to lure gamers to their fake websites in order to harvest passwords from registered gaming accounts. In 2012, Kaspersky Lab experts recorded 15 million attempted visits to phishing websites designed to look like the pages of one of the largest developers of online games. As it turns out, there were up to 50,000 attempted redirects to phishing sites each day.
Threats targeting gamers are found all over the world but are, of course, not found in equal concentrations everywhere as their numbers are in direct correlation to the number of active players found in different countries. In 2012, the top 3 unlucky targeted countries turned out to be Russia, China, and India. These are the countries were gamers face the highest risk of infection and subsequent theft of avatars and in-game valuables.
Nevertheless, it is entirely possible to protect oneself and one’s in-game alter-ego against attacks from cybercriminals. At first glance, expert recommendations appear to be obvious, although in practice they have proven to be effective time and again. Kaspersky Lab’s malware expert Sergey Golovanov suggests that gamers adhere to the following simple code of Internet conduct:
“First and foremost, one needs to be alert when receiving emails featuring, for example, a request from an online game’s admin server for personal information about your account or an authorization offer under some pretext. Don’t just click on the link right away – it could be a phishing site.
“Next, don’t download unofficial patches from dubious sources — you could easily end up downloading a ‘bonus’ in the form of a Trojan that would then infiltrate your system and start stealing all of your passwords. And I don’t mean just for online games, but also for bank cards, if your bank offers online services. With this in mind, gamers might consider keeping an up-to-date virtual debit card that lets them limit their spending to an amount they choose – with no risk of someone else cleaning out their account.”
All the same, malicious users are just that, and some of them can outsmart even the most cautious user. That is why experts strongly recommend using professional security solutions.
source: kaspersky
Secret Partition on a Pen Drive
Posted on: December 7, 2012
- In: Technology
- 1 Comment
Secret Partition on a Pen Drive:
There is no simple way to partition USB pen drives, as they show up as a removable drive on the PC. In order to do so, you need to trick the operating system into recognizing the USB pen drive as a fixed hard drive. To do this, you need to create your own set of drivers. Doing so, you can create multiple partitions and store your private data on it. Only the first partition will be visible and the other partitions will not show up on any PC other than your own. In this way, you can secretly store your personal data away from your friends and family, and also you can avoid viruses affecting this data when plugged in on another computer. To do this, all you need is a simple universal USB pen drive driver, which can be downloaded from
http://www.mediafire.com/?oqlgdvcymzz
Download the archive, uncompress it to a folder on your Desktop and get started. Don’t forget to backup the contents of your pen drive as it will be formatted.
Step 1: Plug your pen drive into your PC’s USB port. Next, right-click on ‘My Computer’ and click on ‘Manage’ in the context menu. Click on ‘Device Manager’ on the left pane. This will show all your hardware devices connected to your PC. Now on the right pane, scroll down to ‘Disk Drives’ and you should see your pen drive connected here. Right-click on the pen drive and select ‘Properties’.
Step 2: In the properties window that just opened up, click on the ‘Details’ tab. From the scroll down menu under ‘Property’, choose ‘Device Instance Path’. You should see a string of characters highlighted in the ‘Value’ window below, which should read something like ‘USBSTOR\DISK&VEN_&PROD……Right‑click on this value and select ‘Copy’. Now close all the windows without saving changes.
Step 3: Now open the folder that you uncompressed after downloading the universal USB flash drive driver. In this folder, find and open the file named ‘cfadisk.inf’ in ‘Notepad’ or any test editor you prefer (Notepad++ is ideal. Download from notepad-plus-plus.org).
Step 4: Now locate the words ‘device_instance_id_goes_here’, which is available at line 26. You need to replace these words with the string you just copied to the clipboard from the Device Manager. Save the file and close the editor.
Step 5: Now go back to the ‘Device Manager’ page (repeat step 1). This time, click on the ‘Driver’ tab and click the button ‘Update driver’.
Step 6: On the next window, choose ‘Browse my computer for driver software’ when the system asks how you want to search for the driver software. Then on the next window, choose ‘Let me pick from a list of drivers…. ‘.
Step 7: On the next window, un check the box ‘Show compatible hardware’ and click on the ‘Have disk button’. Now click on ‘Browse’ and from the universal USB driver folder on your Desktop, select the ‘cfadisk.inf’ file and click on the ‘Open button’, followed by the ‘OK’ and then ‘Next’ buttons on the previous windows.
Step 8: An update driver warning message should show up stating that you are trying to install a driver which is not compatible with your hardware. Ignore the message and click on ‘Yes’. Don’t worry; it is safe to do so. The system will start installing the driver and show up another warning that the driver is not a verified or authentic driver. Ignore this one too and click on ‘Install this driver software anyway’. Let the system update the driver and you will receive a message of a successful driver update.
Note: you can use this modified driver for this pen drive only. To use another pen drive, you will need to perform the whole process again.
Step 9: That’s all you needed to do. Once you are back to the ‘Computer Management’ window, click on ‘Disk Management’ from the left pane and start partitioning your pen drive as you would with a regular hard drive. You can create multiple partitions.
Note: You can access all the partitions on the pen drive only from your PC (see Figure-9) Other PCs will only be able to see the first partition (see Figure-10). Make a copy of the driver on the first partition of the pen drive and you can install it on other PCs in case you need to access the other partitions. In this way, you can plug in the pen drive on a shared PC without allowing access to your data. Others won’t know that the other partition even exists another. To reset everything back to normal, simply delete the partitions and uninstall / delete the driver for the pen drive from the Device Manager.
Image-9
Image-10
