Five steps to make your computer more secure

March 8, 2008 – 5:58 PM

These days, a firewall, anti-virus software and anti-spyware programs are essential, but they might not be enough to protect you. Here are five things you can do for a little added security:

Leave your computer on.

This is a change from an earlier recommendation that you turn it off to save energy.

Security software and your computer’s operating system are regularly updated to counter new viruses, worms, spyware and hackers probing for weaknesses. If your computer is off at night, you’ll have to update during the day, when you’re working. Or worse, the new threat hits your system before you have a chance to download and install the updates. (Related item: Ask Kim)

So leave your computer on. Turn off the printer, monitor and other extras, and find other ways to save energy.

Use a limited user account.

You can prevent others from taking control of your computer by giving up some privileges.

Too many people use Windows Administrator accounts when they run their computers. Users with administrator accounts can install software and change system settings. Limited accounts don’t have these privileges. So, if you use the Internet with a limited account, and you click on the wrong thing, malicious programs cannot install themselves on your computer.

To create a limited account, click Start, Settings, Control Panel, then User Accounts. Click “Create a new account.” Enter a name and click Next. Select Limited and then click Create Account.

Watch out for crush sites.

Spammers are always looking for more e-mail addresses. Now they’re enlisting the help of unsuspecting teens and adults.

Spammers send out messages with subject lines like “Someone has a crush on you.” A link directs you to a site that resembles a dating service. To find out who has the crush, you must guess by entering the correct e-mail address.

These days, most adults are fairly cautious about disclosing e-mail addresses. Teens may be more naive, particularly when an e-mail message preys on their insecurities.

Watch the status bar.

The status bar is a frequently overlooked tool at the bottom of your browser. You can use it to check links on a Web page. Hold your mouse over a link, and the address of the link appears in the status bar. It may not help if the address is spoofed, but it is still handy.

To do this, you may need to activate the status bar.

For Internet Explorer, close all windows. Open Windows Explorer and click View, Status Bar. Then click Tools, Folder Options. On the View tab, click Apply to All Folders. Click OK.

In Firefox, click View, Status Bar.

Protect your Windows Clipboard.

Malicious Web sites may attempt to copy information from your Windows Clipboard. That is the utility that temporarily stores information from cut and copy operations.

You can prevent sites from downloading information from the Clipboard. In Internet Explorer, click Tools, Internet Options. Click Custom Level on the Security tab. Scroll to the Scripting section. Select prompt for “Active scripting,” “Allow paste operations via script” and “Scripting of Java applets.” Click OK, then OK.

http://www.usatoday.com/tech/columnist/kimkomando/2005-09-25-secure-computer_x.htm

Posted in Security | No Comments

Building a Future-Proof PC

March 8, 2008 – 5:57 PM

It happens to us all: You put together your latest home-built PC masterpiece and before you’ve even downloaded your first Windows XP patch, some new technology comes along, or the price of an existing one drops, and you find yourself wishing you’d waited just another few days, weeks, or months. Bummer.

But let’s face it, if you always waited for the next big thing, you’d never get around to building that new system. There’s always something newer, faster, and better on the way. That doesn’t mean you have to resign yourself to a PC that’s old before its time, however. With a little planning, you can build a great system today that still has legs tomorrow. The key: Pick the right motherboard.

Every component you buy for a new PC is important, but when it comes to future upgradeability the motherboard is the most important of all. That’s because the motherboard has to play nice with all of those other components–everything from your CPU to your memory to your graphics card and so on. Motherboards may not be the sexiest component in the box, but if you buy a cheap one today, it could end up costing you more tomorrow.

Processor Prognostication

Both Advanced Micro Devices and Intel offer performance enhancing dual-core processors, but (as regular readers of this column probably know) right now they’re still a little too pricey for my taste. I’ve got my reasons, as you can see in “Dual-Core CPUs Arrive”:
http://www.pcworld.com/news/article/0,aid,121266,tk,urx,00.asp

The smart thing to do today is to build a single-core system with an eye toward upgrading later.

If you’re an AMD fan, the equation is fairly simple: Avoid the less expensive motherboards with the single-channel 754-pin Athlon 64 and Sempron processor socket, and stick with 939-pin socket boards that support Athlon 64 and Athlon FX chips. Not only do these boards offer dual-channel memory support, but the vast majority of them support AMD’s dual-core Athlon 64 X2 right out of the box–and the boards that don’t should work after a bios update.

For our take on the Athlon 64 X2, read “First Tests: AMD’s Dual-Core Chip Delivers Real Power Boost”:
http://www.pcworld.com/news/article/0,aid,120750,tk,urx,00.asp

Intel fans face a slightly more complicated choice. That’s because right now only motherboards based on Intel’s 945 and 955 chip sets support the chip giant’s dual-core Pentium EE or Pentium D processors. Boards using earlier Intel chip sets (including fairly recent vintage Pentium 4-compatible products) won’t support the dual-core chips, nor will current versions from companies such as NVidia. The simple answer would seem to be “buy an Intel motherboard,” but that can lead to another limitation (more on that in a minute).

Read “Intel’s Dual-Core Chip Aces First Test” for a review of the Pentium EE:
http://www.pcworld.com/news/article/0,aid,120656,tk,urx,00.asp

Pick PCI Express

Today you can still find plenty of late-model motherboards that use Accelerated Graphics Port for graphics. You might be tempted to save a few bucks by buying one of these boards: In addition to being well priced, they let you squeeze some more life out of your existing graphics card. But don’t do it; buy a motherboard that supports PCI Express graphics.

There are numerous reasons to make the move to PCI Express. First, it offers dramatically faster throughput than AGP. It’s true that many of today’s graphics cards don’t utilize all that bandwidth, but future cards could (and likely will). Second, graphics chip and board vendors now concentrate their product releases on PCI Express first and AGP second. That means you’ll not only have to wait for new graphics technologies to trickle down to mainstream, moderately priced graphics boards, but you’ll also have to wait for the PCI Express people to get theirs first.

The third reason to move to PCI Express: NVidia’s Scalable Link Interface. Currently available only on high-end NVidia-based motherboards with two graphics card slots, SLI lets you run two identical SLI-enabled NVidia video cards at once–and the results can be impressive. Read “Superfast Graphics” for details on our tests:
http://www.pcworld.com/news/article/0,aid,118782,tk,urx,00.asp

Super-duper power users with tons of disposable cash like to build systems with two high-end cards, two 7800 GTXs, say. But for the rest of us, it makes sense to buy a nice midrange card now, and then–six months down the line when card prices drop–add the second card for a nice graphics boost.

This, however, brings up the limitation I mentioned earlier about choosing an Intel motherboard: Intel’s chip sets don’t support SLI. Unfortunately, it seems Intel fans must make a choice between dual-core compatibility and SLI support.

Memory Mojo

The old adage about computer memory still stands: Buy as much as you can afford. But just be sure that you can afford at least 1GB. Also, if your motherboard supports a dual-channel processor, make sure that you’re using two sticks, placed in the appropriate slots. You can spend extra money on high-speed, low-latency RAM, but chances are you won’t see much of a performance increase:
http://www.pcworld.com/news/article/0,aid,118372,tk,urx,00.asp

If you can afford it, you might consider stocking your new system with 2GB of memory right out of the gate. After all, you can never have too much, and you might need it when that shiny new space-hogging Windows Vista operating system arrives in 2006. Plus, if you can reach 2GB using two DIMMs, then you won’t have to worry about the memory downclocking or system stability issues that some people encounter when they try to populate a motherboard’s third and fourth memory slots.

Follow all these tips, and your next PC should be in pretty good shape for the future. Note that hedge word, should.

The fact is, even as I type this, the onward march of technology continues. For example, rumor has it that sometime in early 2006 AMD will move its processors to a brand-new socket–one that will support DDR2 memory, but won’t support your current processor. Intel will also move to a new socket down the road, but that’s likely a bit further out. And any day now ATI will get around to launching Crossfire, its response to NVidia’s dual-card technology, which could lead you to either love or hate a prior commitment to SLI. To keep up with these developments, you’ll want to check our Upgrade Center from time to time:
http://www.pcworld.com/resource/infocenter/0,ctrid,9,ic,UpgradeCenter,tk,urx,00.asp

Of course, you can always wait for these new technologies to arrive. But at some point, you just have to dive in. And besides, two or three years from now you’ll need an excuse to build a brand-new system, right?

http://www.pcworld.com/howto/article/0,aid,122508,00.asp

Posted in Hardware | No Comments

Web sites let Caller ID say anything

March 8, 2008 – 5:47 PM

Caller ID shows the number from which a person is calling. When it is spoofed, the wrong number is sent in a effort to fool the person receiving the call. For instance, a crook might call you and send your bank’s number, in an effort to convince you to reveal sensitive information.

And, now, here’s the kicker: Hackers aren’t the only ones doing this. Web sites also are offering to spoof caller IDs. Some are inexpensive and available to just about anyone.

One of the sites I found was almost totally anonymous. The service sign-up consisted of only a user name and password. Tricksters just enter their number, your number and the fake caller ID.

I found another site that encourages its customers to compete for best prank call. The site did remind customers to stay legal.

I will not promote these sites by naming them. But I can tell you that there are several.

Caller ID spoofing services have been around for a while. But they were little known and difficult to access.

Now almost anyone can spoof caller ID legally. Spoofing services are considered Internet services, which are loosely regulated. The line between phone and Internet services is difficult for lawmakers.

There’s not much that you can do to stop caller ID spoofing. But you can use the same precautions you use with e-mail. Don’t reveal confidential information unless you’re sure about the other party. If in doubt, insist on dialing the caller’s number yourself to verify it.

http://www.komando.com/tips_show.asp?showID=8815

Posted in Internet | No Comments

One-In-Six Spyware Apps Tries To Steal Identities

March 8, 2008 – 5:47 PM

A significant portion of spyware is designed specifically to steal identities, underscoring the trend toward more malicious use of such software by criminals, said a security firm Wednesday.Fifteen percent of the 2,000 known spyware threats analyzed by Aladdin Knowledge Systems over a two-month span send private information gathered from the infected PC by logging keystrokes, capturing usernames and passwords, and hijacking e-mail address and contact lists.

About one-in-six pieces of spyware — a category that also includes adware — is “specifically designed for identity theft,” said Aladdin in a statement.

Another 25 percent of the spyware examined gathers information non-identity information, but was classified by Aladdin as a “moderate threat” because these programs collect such data as the victim PC’s operating system, domain name, process logs, security applications, IP address, and security updates installed.

The remaining 60 percent, said Aladdin, gathered “commercial-value information about the end user’s browsing habits,” the traditional definition of the often noxious but rarely dangerous adware.

http://www.techweb.com/wire/security/170703179;jsessionid=M0FHF5U1IS2CWQSNDBGCKHSCJUMEKJVN

Posted in Internet, Privacy | No Comments

Yahoo hosting thousands of phishing sites

March 8, 2008 – 4:21 PM

Yahoo is playing host to thousands of phishing sites and doesn’t have sufficiently well-trained staff to address the problem of online fraud, according to a leading anti-spam and security organisation on Tuesday.Richard Cox, chief information officer of Spamhaus, told an audience of politicians, security experts and law enforcement officials that Yahoo has just under 5,000 domains hosted and registered with the words ‘bank’, ‘eBay’ and ‘PayPal’ within the domain names.

Most of those are used as phishing sites, Cox told the London “eConfidence — Spam and Scams” conference.

Cox said that ISPs are failing to train their staff to recognise this as a security issue. “ISPs are treating abuse issues as customer service issues,” Cox claimed.

In response, Yahoo said it would follow up Cox’s claims. “We take security very seriously and will be investigating this issue fully,” said Nick Hazell, alliance director for Yahoo Europe.

It is understood that most of these domains were registered in the US; it may be hard for Yahoo to take action until the domains are used in a phishing attack.

Meanwhile Ed Gibson, Microsoft UK’s newly appointed chief security advisor, praised Spamhaus for its work. “Hats off to Spamhaus,” Gibson told the audience. “We don’t do a good job of responding to abuse. Spamhaus is excellent at highlighting areas of deficiency.”

http://www.zdnet.com.au/news/security/soa/Yahoo_hosting_thousands_of_phishing_sites/0,2000061744,39210378,00.htm

Posted in Internet, Privacy, Security | No Comments