Unless you live in the European Union, your Windows computer will have Internet Explorer installed.

Maybe you no longer use Internet Explorer for browsing, and have moved on to a more security-conscious browser like Chrome or Firefox? You’ll still need IE, or rather, Windows needs IE for downloading patches. Also, programs like Microsoft Outlook are closely integrated with IE, so they need access to it as well.

The Problem
IE, by default, allows scripts on web pages you visit to execute. Most of the time, these scripts do something useful, but too often, a malicious script can install spyware or do something else nasty on your computer. Microsoft continues to be fairly diligent in fixing these issues as they’re discovered, but the big problem is when malicious scripts execute on unpatched computers.

The Solution
Steve Gibson, on a recent Security Now! podcast, shows us how to lock down IE so it still does what we need it to do, but essentially turn off scripting. This can protect you from the next IE security vulnerability.

Here’s how to lock down IE: (more…)

 

Untangle for Windows: Step-by-step Setup

The skinny: Untangle for Windows is a Unified Threat Manager (UTM), which acts as a gateway to filter all web traffic on your small (up to 10 computers) network. It’s available as a free download from Untangle’s site. Untangle for Windows doesn’t need a dedicated computer (it runs in the background). Based on which options you choose, you can block advertisements, stop viruses, allow or block websites (based on category), and have access to these and other commercial-grade technologies that not too long ago were too expensive for the home office/small office.

The configuration we set up is a for a simple home network (see diagram below). The computer where Untangle for Windows is installed must have a wired connection. In our case, all other computers access the network through the wireless router. This way, anyone using your wireless network (for example, a visitor who wants to access your wireless network with their computer) will also benefit from whatever options (virus blocking, advertisement blocking, etc) that you have set up. (more…)

Tagged with:
 

5 Easy Steps to Stay Safe (and Private!) on Facebook http://bit.ly/gDrPH

 

As a home computer user, your most crucial task is to make sure your data is backed up, and that you’re backing it up regularly.

The 2nd most important thing? Create and use a standard user account. By default, Windows (XP, Vista and now 7) create administrative accounts as part of the initial setup. These accounts are necessary if you need to install software, change security settings, etc, but for everyday use they are a liability.

Why Not Always Be Logged in as an Administrative Account?

In a word, protection. When logged on with a non-administrative account, viruses and spyware can’t infect your computer as easily as when you’re logged in with an administrative account.

How to Create a Standard User Account
Each flavor of Windows has its specific way for creating a standard user account, but the process is similar:
Windows XP
Windows Vista
Windows 7 (Ironically, this nicely-written how-to guide is from UnixWiz.net)

Whether you’re using Windows XP, Vista, or 7, it’s very easy to create and use a standard user account for your everyday tasks. Doing so makes your computer much less vulnerable to virus and spyware infections. It’s much more time-consuming to clean up an infected computer than to prevent an infection in the first place, so make sure you are using a standard user account for your day-to-day tasks.

 

The skinny: Untangle for Windows is a free way to protect your home/small office network (up to 10 computers). It leverages open source software to give you advanced control of your network that until recently was only affordable to larger corporations. Its features are impressive, especially for a free download.

Unified Threat Management (UTM) software is a fancy name for a collection of dedicated software (or a hardware appliance) that work together to protect a network by providing for example, virus protection and web filtering.

Years ago, UTMs were only available as hardware appliances which were installed in a server rack in a data center. More recently, software UTMs were released by companies like Endian and Astaro and Untangle that can run on PCs. These software UTMs require a dedicated computer. (more…)

 

“Adobe Flash Player 0.2″ is not what it seems. It has been posted on various forum sites. Unsuspecting Firefox users who have installed this (assuming that it’s gotten past your anti-virus/anti-spyware software) find themselves infected. (To check, in the Firefox menu, choose Tools > Add-ons and look for “Adobe Flash Player 0.2″).

This bogus add-on injects its own advertisements along with Google’s ads. In addition, it can also monitor the results from a user’s Google queries, which it sends to a special website. This is another reason to consider using Startpage.com for your web searches.

As always, keep your anti-virus/anti-malware software updated, and only obtain add-ons from legitimate sites. Read more at Trendmicro’s blog.

 

Adobe Flash animations are used in many of the most popular web sites. The Adobe Flash plug-in can be used to store information in Local Shared Objects, or “Flash cookies,” which are very different from traditional browser cookies. Traditional cookie behavior can be controlled through settings in your browser, or deleted after the fact using a utility such as CCleaner. Flash cookies are browser-independent, meaning multiple browsers on the same computer can use the same Flash cookies. Flash cookies can also store a great deal more information (100 KB compared to the 4 KB browser cookie limit). (more…)

 

This “Microsoft Patch Tuesday” (incidentally, the latest a “Patch Tuesday” can occur because August, 2009 started on a Saturday) includes 9 updates, including 5 critical updates for Windows operating systems.

Most of the critical updates are related to the ATL (ATL or Active Template Library, which allows developers to write ActiveX controls). Windows users will want to be sure to install these updates to address this serious flaw.

Tagged with:
 

The same mean folks who brought us the rogue anti-spyware product “Winweb Security 2008” have developed another bogus “product” called SystemSecurity.

Their latest attempt trick is to you is by simulating a “blue screen of death” using a browser window. They place a DOS-like red alert box over the blue screen, giving you the option to “fix” your computer’s “security issues.”

Don’t fall for it! Check the screenshot from Sunbelt Software’s blog entry below. Clearly, this fake BSOD is displayed in a browser. It could be a little harder to detect if the browser was in kiosk (full-screen) mode, but pressing Ctrl+Alt+Delete should show you whether you’re truly experiencing an operating system crash, or a cleverly-designed scam attempt.

ht: Sunbelt Blog

Tagged with:
 

From Adobe’s recent security advisory, last updated on 31 July 2009:

A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.

Adobe is considering this a critical update, considering that an unpatched computer could be taken over.

To Patch
Check the “Solution” section of Adobe’s Security Bulletin for specific download links for updated versions Flash Player, AIR, Acrobat and Reader software.

NOTE 1: If you are using Internet Explorer AND another, plug-in based browser (such as Firefox or Opera), run the “About Flash” check for each browser.

NOTE 2: Internet Explorer users, if you upgrade the Flash Player, by default, you will be prompted to install the Google toolbar, bu you may uncheck this option.