Defending The Kingdom

Phishing, according to the Wikipedia entry on the topic, is a term that combines the words “password” and “harvesting”. Typically, phishing takes the form of a phone call or email where the perpetrator poses as a trustworthy source (your bank, for example) and uses this trust to request private and profitable information.

This post will provide advice on how to avoid getting phished over the telephone, but first I’m going to describe how it almost happened to me. If you get a call like the one I got, I hope it sets alarm bells ringing before any damage is done.

I almost got phished

In February 2006 I got a phone call from someone named “Mark,” who ostensibly works for Rogers Wireless, my cell phone provider. The conversation went something like this:

Him: “Hello, sir, this is a courtesy call from the accounts receivable department to confirm your personal information in our files. The credit card we have for you is no longer active.”

The first thing I think is: “that makes sense, because I lost my credit card about two weeks ago and cancelled the account. I just got a new credit card.”

Him: “I’d just like to confirm your name and address as well as some other information. Can you confirm your current address?”

Me: “Sure, it’s 5959 Glen Stree… Wait! Why are you asking for this information over the telephone? No reputable company would do that. I’m going to call Rogers with a phone number I trust to make sure that I’m not getting scammed.” (continue reading…)

Google, by partnering with the StopBadware Organization, has begun to issue warnings when users click on search results that lead to dangerous websites.

StopBadware keeps a list (so far it appears to be quite limited) of user-submitted websites that are known to host spyware, adware, and other malware. After receiving submissions, the organization analyzes the purported malware using a list of seven categories of bad behaviour that help to identify malicious software.

This list includes:

…deceptive installations, unclearly [sic] identification, causing harm to other computers, modifying other software, transmitting user data, interfering with computer use, and being difficult to uninstall completely.

You can see one of the warnings in action by doing a search for “seriall” and clicking on the first result (SeriAll.com is a website that publishes serial numbers for pirated software). After clicking on the link, you should see a screen similar to the one shown at the top of this post. (continue reading…)

This blog post from ZDNet Australia surprised me:

Antivirus applications from Symantec, McAfee or Trend Micro — the three leading AV vendors in 2005 — are far less likely to detect new viruses and Trojans than the least popular brands.

This has nothing to do with the quality of the software or how long it takes the respective firms to update their clients with signatures and other malware countermeasures.

[...]

However, the actual reason why the top selling antivirus applications don’t work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.

“The most popular brands of antivirus on the market… have an 80 percent miss rate… So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in…”

I mentioned Avast! Antivirus in the previous post because it is free, lightweight, and effective. It is even more attractive if being one of the little guys is a security advantage.

If you have been following this blog, you have so far installed a firewall, spyware and adware detectors, and a secure browser to keep you feeling safe and warm at night. And the best part is that it hasn’t cost you a single gold nugget to do so. Now it’s time for the final piece of software that is absolutely vital if you wish to protect your computer. As always, it’s free.

It takes a pirate to know a pirate

Avast! is a simple and clean, but ever swashbuckling, antivirus program that will have viruses walking the plank and begging for mercy. But there will be no mercy. Download it, update it often, scan often, and live a long, fully-toothed life on the high seas of security.

In an upcoming post I will map out how to use your new virus scanner most effectively. Here’s the gist of it: it’s easier to prevent viruses from boarding your ship in the first place than it is to fight them off once they’ve ransacked your rum rations and gorged a hole in the hull of your once mighty vessel.

According to CNET News:

Microsoft plans to automatically push Internet Explorer 7 to Windows XP users when the browser update is ready later this year.

IE 7 will be delivered in the fourth quarter as a “high priority” update via Automatic Updates in Windows XP…

The jury is still out on this one, but this bit of news is probably a good thing. IE7 should have fewer security flaws than IE6 (currently the most widely used browser), although it is unlikely that it will be as secure as competing browsers like Firefox, Opera, Netscape, or Safari.

This improves everyone’s security

While I don’t recommend Internet Explorer, the fact is that the majority of internet users are still browsing the web with it, and an improvement in this browser’s security will be good for everyone.

We’re all connected to each other on the internet, which means that your neighbour’s level of security affects your level of security. (continue reading…)