Reducing the risk of contracting malware on Macs

A great article to help you Mac users out there, from TechRepublic:

 

As of late one of the most talked about topics regarding Macs on the web today is malware, in particular the Flashback trojan. For nearly 10 years, the Mac has managed to successfully maneuver safely through the turbulent waters of the Internet with a pretty solid track record. But, as more Macs are increasingly being adopted and as the Internet continues to become more complex, the risk for contracting malware will continue to grow for some time to come. Apple is working to reduce the impact of infections in several ways:

• using the Mac App Store to filter out harmful applications
• providing software updates and patches
• increasing security measures in each version of OS X.

It’s unlikely that Apple will ever completely protect Macs from the harsh realities of the web, but the Mac is indeed a very secure platform and with a little effort, you can reduce yours or your users’ risk of being infected.

Best practice tips for Mac users

 

 

First, remind Mac users of the basics of how one can be exploited by malware and viruses. Fully understanding a computer’s vulnerabilities helps to reduce the odds of contracting one in the first place. Users should understand that the most common ways to contract malware is by using applications that share files. Applications such as Mail, browsers such as Safari, Firefox, and Chrome, and iChat/Messages can be easily compromised by malware because they all have the ability to share files in one form or another.

 

In most cases, it is the naive or reckless user, and not the computer, that is easiest to convince into installing malware through social engineering. This is true for all systems, regardless of OS. Malware often times present itself as a harmless file or as a familiar application in which it will attempt to convince users to click and install.

 

More sophisticated malware attempts to take advantage of lesser known services or applications running on a computer. In the case of Flashback, two methods were used. Initially Flashback would present itself as an update to Adobe Flash, convincing the user that it was a necessary update. Eventually, Flashback evolved to take advantage of a flaw in the version of Java installed on the Mac. These are the most common ways in which a Mac or a PC can contract unwanted malware.

 

Since the most vulnerable application on any computer is the browser, I’m going to run through a few tips that should work with most browsers, but I’m using Safari, the default browser on the Mac, as the example.

 

Turn off open safe files

 

Safari, as well as other browsers and mail applications support a feature designed to make life a little easier that allows for known safe files to immediately launch after downloading. Disabling this feature reduces the possibility of initiating the installation of a file that could be passing itself off as something far less harmless. The setting can be found in Safari’s Preferences pane.

 

Disable Java

 

First and foremost I want to be clear, Java is not JavaScript, and where the Internet is concerned most of us experience a web where Java is rarely needed. JavaScript on the other hand is frequently employed on the web and though disabling JavaScript will indeed make your Mac more secure, it’s a technology that we on the web have become heavily dependent on. When Java is needed on the web, you will often be presented with a request to install Java when it is disabled. When you’re in a situation where you require Java, it is a simple as opening up your browser preferences and enabling it for use to accomplish your task. Disabling it once again when you’re finished will again assist in the prevention of contracting malware.

 

Disable plugins

 

Most of us will grapple with this request, however, the web is moving more and more away from the use of plugins such as Flash and more toward HTML 5. If you’re willing to compromise some of your web experiences, you will both be protecting yourself while helping the web to move in a positive direction. Many websites rely on Flash, however, if users are visiting these sites with plugins disabled, webmasters are able to see how many people are visiting the site and what technologies they are using to access it. If a significant number of users do so without plugins, webmasters will be more likely to consider making the jump from Flash, an application that is often unstable and vulnerable to attack, to using HTML 5 — and do it more rapidly. In the end, disabling plugins benefits us all.

 

Each of these steps will help to reduce the odds of infection, though it’s important to remember that there is no such thing as an impenetrable computer connected to the Internet.

The malware numbers game: how many viruses are out there?

From ZDNet:

 

How many strains of malware are in circulation right now, for Windows PCs, Android devices, and Macs?

That seems like a straightforward question, but the answer is far from simple. And the number might be a lot lower than you think.

If you check with the leading security companies, you might be tempted to pick an answer in the millions. After all, that’s how many listings you’ll find in the definition files for common antivirus programs. At day’s end on April 12, for example, Symantec published the summary shown below, noting that its latest Virus Definitions file contained 17,702,868 separate signatures.

Oh my. 17.7 million? That certainly sounds like a very big number. But before you get swept away, it’s worth taking a closer look at what it really represents.

Eight days earlier, on April 4, that same Norton/Symantec definition file contained 17,595,922 separate detections. With 106,946 additional definitions in a mere eight days, you’d probably conclude that malware is out of control.

Because the Norton brand name is primarily associated with Windows PCs, you’d probably also assume that all of that activity was aimed at the Windows platform.

And you’d be wrong in both cases.

Definition files are a great way of assessing the degree of activity at a computer security company. They vaguely measure the current intensity level of the cat-and-mouse game between malware authors and security companies. But counting signatures says nothing about what’s new.

I took a closer look at the Symantec definitions for that week and found a very interesting story.

Symantec, to its credit, publishes detailed information about what’s in each new definition file, including what’s new. On any given day, it displays the total number of new and revised detections, followed by their details, like this:

In the eight days between April 5 and April 12, only 12 new detections were added to Symantec’s certified definition file, with six of them added on a single day, April 10. Here’s a breakdown:

• Three were generic detections for malicious packages (Packed.Generic.360 through .362). These aren’t really new strains of malware, only new forms of packaging. The accompanying writeup calls each one a “heuristic detection for files that may have been obfuscated or encrypted in order to conceal themselves from antivirus software.”
• Four are generic detections for existing fake antivirus packages (Trojan.FakeAV!gen90 and gen91, SmartAVFraud!gen2, and SecShieldFraud!gen5). These are also heuristic detections, designed to identify rogue anti-malware programs by their behavior rather than by their ever-shifting content.
• Two were aimed at Android-powered devices: Android.Tigerbot and Android.Gonfu.D are both backdoors found in malicious Android apps.
• One new entry is simply called Adware.SafeTerra, with no associated description.
• One new entry is for something called Trojan.Darkshell, which has only a vague description (“may perform distributed denial of service attacks”).
• One is the infamous Flashback, for Macs, formally known as OSX.Flashback.K.

The total number of named entries listed in the summary of those definition files during that period was 303—12 new and 291 revised. So where does the 100,000+ number come from? It appears to be a count of individual pieces of identifying data—signatures—associated with those named entries. Counting every signature is an easy way to get to an impressively large number, but it isn’t an accurate way to asses the current threat landscape.

That list includes a lot more than malicious software, too. Categories include Adware, Hack Tool (many of which are legitimate), Joke, Misleading Application, Potentially Unwanted App, and Security Assessment Tool. When I excluded those categories, I ended up with only 213 named entries in the Trojan, Worm, and Virus categories.

I was surprised to find that many of the definitions on this list are for very old pieces of code. During this one-week period in April 2012, Symantec updated its definitions for the following pieces of ancient malware and bumped up the counter in its definition files accordingly:

• The SubSeven Trojan, which was a big deal in the late 1990s but was officially shut down in 2003
• W32.Chir.B@mm, a mass-mailing worm from 2002 that targets Internet Explorer versions 4 through 5.5
• Spybot, a family of worms that spread using the Kazaa file-sharing network and a variety of Windows 2000/XP flaws that were patched in 2003
• Netsky, a 2004-vintage mass-mailing worm
• Mydoom, another mass-mailing worm that spawned one of the first botnets; it was programmed to do most of its damage in February 2004 and fizzled out within a few years

In addition, these April 2012 definition files include multiple revised detections for Waledac and Rustock, the Trojans responsible for two prolific spam botnets that were decisively shut down inFebruary 2010 and March 2011, respectively.

For each named entry, Symantec includes the date when that entry was first added to its definitions list. Out of the total of 213 new named entries on the list, more than 85% were from 2010 or earlier. Only 31 entries were discovered in 2011 or 2012. And one-third of those were from non-Windows platforms.

Two of the recent samples were for OS X—the original OSX.Flashback, from last fall, and the newer OSX.Flashback.K, which wreaked havoc on Mac owners over the past month.

Most interestingly, eight entries on the list—more than 25%—were for Android-related malware. Given the size of the Android installed base and the lack of any central control over Android app markets, that shouldn’t be surprising. On its Latest Threats and Risks list, Symantec includes writeups for more than 80 Android-related programs, most classified as Trojans or Spyware. That’s 11% of the total of 720 items on the list.

To make sure those numbers were representative, I looked at the Symantec definitions database for the entire month of March. In all, 66 new named entries were added to the list, or about two per day. Of that total, 36 represented new, named Trojans, viruses, and worms. Five of them were aimed at Android devices, one targeted OS X (no, it wasn’t a Flashback variant), and there was one new entry each for Symbian OS, Linux, and an Adobe Flash Player exploit.

In its 2011 Security Intelligence report, released earlier this year, Microsoft security researchers noted the problem with trying to measure the threat landscape by counting unique malware samples:

Ever since criminal malware developers began using client and server polymorphism (the ability for malware to dynamically create different forms of itself to thwart antimalware programs), it has become increasingly difficult to answer the question “How many threat variants are there?” Polymorphism means that there can be as many threat variants as infected computers can produce; that is, the number is only limited by malware’s ability to generate new variations of itself.

If you look carefully at the Windows malware landscape over the last 10 years, it’s apparent that a relatively small number of families are responsible for almost all the damage we’ve seen. I’ll look more closely at those families, and the evolution of Windows malware, in a follow-up to this post.

New Mac OS X trojan spotted in the wild

An article for you Mac users out there, from ZDNet….

 

 

Summary: Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.

Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.

According to the company, the new variants of the Flashback trojan use three different infection vectors in an attempt to trick end users into installing the malware.

More details on the infection vectors:

This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.

Once the end user gets tricked into installing the malware, the Flashback trojan will patch web browsers and network applications in order to search for user names and passwords. Targeted web sites include, Google, Yahoo! CNN, numerous banking web sites, PayPal and many others. What’s particularly interesting about the  Flashback trojan is the fact that it has an auto-update feature periodically phoning back to several web sites in order to check for updates.

Intego is advising users running OS X 10.6, to update Java immediately.

Can you tell a real Facebook e-mail from a phishing attempt?

Great article from ZDNet:

 

E-mail notifications are an important part of social networking services like Facebook. If you have to continually visit the site to see what’s new, you lose much of the excitement that comes with comments on your photos or other shared items. If you forget to check for a day or two, you might miss an invitation to an event or an opportunity to connect with a long-lost friend who’s in town for a day or two.

But e-mail notifications are also a security risk. If an attacker can create a realistic-looking imitation of a Facebook notification, you might find yourself clicking on a link that can lead to malware or attempt to steal your login credentials.

Unfortunately, phishers are getting better at what they do, and spotting a fake isn’t as easy as you might think. I’ve assembled four Facebook notifications that arrived in my e-mail inbox recently. Can you tell which are real and which are fake? (Click any image to see it at full size, or visit the accompanying gallery to flip through all four screens at full size.)

Here’s one that arrived last week. As with all the images, I’ve blurred personal information but otherwise these messages are shown in full, as they appear in Microsoft Outlook’s preview pane.

If you guessed that one was a fake, congratulations. It led to a website that was flagged as dangerous by Microsoft’s SmartScreen Filter, by Google’s Safe Browsing feature, and by Safari. If you were using an outdated browser such as Internet Explorer 6 or 7, you would have seen an attempt to install a fake Flash update that was actually a password-stealing Trojan.

OK, let’s try another. Real or fake?

Do you think that odd e-mail address indicates a fake? Confusingly, Facebook notifications come from the facebookmail.com domain and include a suspicious-looking sender’s name. The long, complicated URL might also look suspicious, but this notification is a legit one from Facebook.

OK, here’s a third test. Real or fake?

Hmmm. The previous, real notification included a long complicated URL. This one has a pair of buttons that you’re supposed to click to see the comments a friend supposedly added to your shared link. That’s a favorite trick that phishers and spammers use to disguise misleading links. Surprisingly, this one is legit.

OK, last one. Real or fake?

This is a particularly convincing fake. The graphics, fonts, button design, and links are all indistinguishable from a real Facebook notification. This particular phishing attempt led to a fake online pharmacy, but it could just as easily have led to a malware installer.

One of these fakes was good enough to slip past my spam filters. In that case, the only way to determine that it wasn’t legit was to allow the mouse pointer to hover over a link or button to see what its true destination was. Here’s what it looked like:

That’s certainly not a legitimate link. Here, by contrast, is what a link from a real Facebook notification looks like:

It’s a challenge to get nontechnical users in the habit of checking links before they click, but the results are well worth it.

What a Mac malware attack looks like

From ZDNet:

Well, that didn’t take long.

After I posted my analysis of why
the time is right for bad guys to begin attacking the Mac in earnest, I
heard from two readers who had encountered in-the-wild attacks on Macs in their
respective workplaces. In both cases, the results showed up via Google Image
Search. (This is an increasingly common source of malware, as security
researcher Brian Krebs points out in a well-timed blog post today.)

I was able to duplicate these results and encountered an identical attempt
from this same campaign to convince me to install a rather nasty Trojan on a
Mac. (Sophos has an
analysis of what this particular species does.) I uploaded the sample—a Mac
installer package in a Zip file—to Virustotal.com, which confirmed that it is
indeed the same code.

Remember last month when I showed you a malware attack that was targeting
Google Chrome users? In a follow-up post, I wondered whether Macs would be
far behind. They aren’t.

I just did a search for radioactive tsunami waves on Google and then
clicked the Images button. On the second page of search results, I found one
that looked legit:

When I clicked it on a PC, it redirected me to a fake AV screen that mimicked
a Windows security screen. But when I did the same search on a Mac, clicking the
poisoned image took me to this page:

This campaign is obviously preying on the fears of recent Mac converts and
technical unsophisticates, who might believe that their Mac really is infected.
After that, it tried to convince me to install the program using the same set of
social engineering tricks that this sort of attack employs on a Windows PC.

Interestingly, just as on a PC, Firefox showed me a download prompt and asked
me whether I wanted to save the file or not. Google Chrome downloaded the
dangerous file automatically without any prompts and saved it in my Downloads
folder.

It is easy to dismiss this as a crude attempt, and indeed, I don’t think many
people are likely to fall for this attack. But dismissing this sample because
it’s not particularly well done is like dismissing an entire computing platform
because of a single poorly written app.

It is possible that this particular poisoned page contained image files or
script intended to exploit a known vulnerability in OS X. According to a 2010
Google study of search poisoning, 14% of all the compromised sites they saw
included drive-by download attempts in addition to this sort of social
engineering. If someone visits this page on a system that doesn’t include all
recent updates for OS X and their browser, they could be extremely
vulnerable.

And note that the bad guys get better over time. This attack might be crude,
but that doesn’t mean the next one will be. I have seen some remarkably
effective phishing attempts. In the hands of a skilled gang of thieves, this
approach could cull out the weaker members of the Mac herd and create some
genuine headaches for the friends or co-workers who have to provide emergency
technical support.

The Top 10 Culprits Causing Malware Infections

I think it is safe to assume that the places you visit on the Internet will determine which programs are installed on your PC. Let me put it this way, the software installed on your computer will have some relevance to the sites you often visit. Lets take a few examples, when you are using Gmail, chances are good that you will have Gmail Notifier or GoogleTalk installed on your PC. When you often visit Yahoo.com or take part in their social networks, chances are good that you will have Yahoo! Toolbar or Yahoo! Messenger installed on your PC. Lets take a more practical example, users visiting Microsoft.com most probably have packages like Microsoft Office and Microsoft Windows XP installed on their computers. It is likely for supporters of the Open Source Initiative to hang out on sites like OpenSource.org, OpenOffice.com, Linux.org or SpreadFirefox.com. So your software preferences play a huge role in the type of web sites you visit and vice versa.

But what has this to do with malware infections? To be honest, everything! Let me show you what the top culprits of malware infections are and it will soon be clear to you what the connection is between the web sites you visit and the malware found on your PC.

Top culprit number 1: Pornographic web sites

Download Spyware Blaster by JavaCool Software and have a look at all the porn related web sites blocked by this program. It is also remarkable to see how many computers with traces of pornographic web sites in their browser history, are often infected with spyware and trojan horses. Unfortunately you will have innocent victims of malware infections, also with traces of pornographic web sites in their browser history, but only because the malware redirected them to these sites. However, people with pornographic material on their computers are not that innocent in this case, pornography does not go out looking for people, people go out looking for pornography.

Top culprit number 2: Illegal music (MP3) and movie downloading sites

These sites normally force you to install special downloading software on your computer so that you can download files from them. These download managers are often bundled with spyware and are trojan horses themselves, downloading tons of other spyware programs while you cheerfully download your illegal MP3′s. They sometimes place tracking cookies on your PC to monitor your browsing habits and hijack your browser to make sure you return to their site or a site of a partner.

Top culprit number 3: Software Piracy web sites

If you love using illegal software, cracks, serial numbers or license key generators (keygens) then you most probably had to remove some malware infections in the past after visiting one of these sites. Most of the people using these cracks are normally technical wizards and know how to disinfect their computers. Many of these sites do not only contain harmful scripts but also fake cracks and key generators, which are nothing else but malware. Some crack developers create a working crack but distribute it with spyware or a trojan horse to make your PC their slave.

Top culprit number 4: Peer-to-peer file sharing programs and networks

The file sharing community is loaded with pornography, pirated software, music and movies. Is it not amazing that everywhere these guys make their appearance you also find spyware, viruses, trojan horses and all kinds of malware? The client software is also often bundled with spyware (or adware as they call it).

The culprits discussed so far are those connected with illegal and indecent activities. People visiting these sites and using these services deserve getting infected with malware. These culprits are also some of the biggest sources of malware epidemics. What flows from the mouth, comes from within the heart. The same rule applies to your computer, those nasty little programs crawling inside your computer is, in the case of culprits 1 to 4, the direct result of your own sinful actions and activities.

The next couple of culprits are caused by negligence and a lack of knowledge about how malware are distributed.

Top culprit number 5: Pop-up and pop-under advertisements

Another culprit that wants to caught you off guard. A pop-up window may appear out of the blue or a concealed pop-under window my load in the background without you even knowing it. These windows can start downloading malicious programs and install them on your computer. They can appear on any web site, not just illegal and other bad web sites. You can prevent these windows from opening by using a secure browser like Firefox with a built-in pop-up blocker.

Top culprit number 6: Fake anti-virus and anti-spyware tools

You visit a legitimate looking web site and suddenly a banner appears telling you that your computer is infected with spyware. You can scan your computer with all the anti-spyware software in the world, over and over again until you are blue in the face, but that banner will keep telling you that your computer is infected with spyware. This is because it is a plain image banner. The site never does a scan of your computer, it is a fixed message that will display on any computer, no matter how clean it is. Simply put, it is a blatant lie! They want you to believe that your computer is infected and that only their software can remove this spyware. If you download and install their software you will only find that it is spyware itself. You may end up infecting a completely clean system with a dirty program, trying to remove the so-called spyware.

A system scan is not a three second process, it takes time, so no scanner can tell you instantaneously that your system is infected with spyware. I do not believe in online scanners, rather use software with a good reputation, a local scan is much more faster. Most online scanners are no online scanners at all, you actually download the whole scanning engine and end up doing a local scan anyway. A real scanner will tell you the name of the malware and its location on your hard drive, if it does not give you this information, then it is fake. Even if it gives you this information, it still does not mean that the software is legitimate. Do not trust everything you see online and stick to well known anti-malware brands.

Top culprit number 7: Free games, screen savers, media players, etc.

No, not every free program comes bundled with spyware, but spyware (once again the developers prefer to call it adware, but it is still the same thing) is often the price you have to pay for the free software. It is normally a ploy to monitor your use of the program, to send the creators statistical data or to collect data about your online behaviour in order to send you targeted ads. If you try to remove the spyware you normally render the main application useless. Read the EULA (End User Licence Agreement) very carefully before installing the application. But everyone knows that nobody reads those tedious, long licence agreements, so use EULAlyzer by JavaCool Software to check for specific keywords and phrases that might reveal any spyware programs being installed or privacy breaching practices that may occur if you install the free software.

Top culprit number 8: Malicious web pages with harmful scripts

But you already mentioned this one in culprits 1 to 3. No, culprits 1 to 3 often have harmless web sites and it is the content you download from the sites that is harmful. But you also get web pages containing malicious scripts, totally innocent looking web sites, like a site donating money for cancer. You go to their homepage and suddenly a script virus strikes your computer. This is what an anti-virus shield was made for, that unexpected attack. Firefox is also designed to prevent harmful scripts and browser hijackers from accessing the system and taking advantage of flaws and weak spots in your operating system.

Top culprit number 9: E-mail

Virus worms spread themselves by forwarding a copy of the virus to all the contacts in your address book. Those contacts that are unaware of these worms will most likely open the e-mail and the file attached to it. But when you open a strange infected e-mail from an unknown sender, then you are guilty of double negligence. For the virus to be activated you need to open the e-mail and in most cases you need to deliberately open the file attachment too. By using a little common sense you will know that strange e-mails from unknown senders are dangerous, especially when they have executable attachments with file names ending with the “exe”, “com”, “bat” or “scr” extensions. Even dangerous e-mails from known, trustworthy contacts can easily be identified if the contents of the e-mail seems strange and out of character. By being careful and responsible when opening your e-mails, you will not only prevent your own computer from getting infected, but you will also prevent the worm from spreading any further.

Top culprit number 10: You the Internet user

What? Me? How on earth can I be a culprit? Well, you are an accomplice in the spread of malware if you do not have an active and updated anti-virus package installed on your computer, if you do not scan your computer for viruses and spyware on a regular basis, if you do not use shields like the TeaTimer tool from SpyBot (which is free by the way), the Ad-Watch shield of Ad-Aware or the resident shield of AVG Anti-spyware (all of which you have to pay for, unfortunately), if you spend your time browsing pornographic and illegal web sites and take part in the sharing of pirated software and copyrighted material (culprits 1 to 4), if you fail to be responsible with the software you install on your PC and the e-mails you open (culprits 6, 7 and 9) and if you refuse to use a secure web browser (like Firefox) built to prevent malware infections (culprits 5 and 8). Yes, I will go so far to say, that if you stay away from culprits 1 to 7 and 9, you probably won’t need any virus and spyware protection at all. Culprit 8 is the only reason why you should have anti-virus and anti-spyware protection, for those unexpected attacks, over which you have no control.

Culprits 1 to 8 are the main sources of malware. Infections caused by them led to the creation of culprits 9 and 10, which distribute the malware even further. Do not turn your computer into a malware paradise or a malware distribution centre. Take responsibility, protect your computer against these threats and prevent the spread of malware.

Eight threats your anti-virus won’t stop

This article is from Sophos, a security company:

http://www.sophos.com/security/topic/why-endpoint-security.html

High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the internet for legitimate purposes. This paper outlines eight common threats that traditional anti-virus alone won’t stop, and explains how to protect your organization using endpoint security.

The zero-day threat

Zero-day threats can exploit zero-day vulnerabilities, or previously unknown security deficiencies, that software vendors have not yet patched.

How to protect yourself: Add defenses on top of signature-based anti-virus protection.

Working outside the firewall

Not so long ago, most employees used their computers at the office. Back then, a network or gateway firewall would have been enough to protect your servers and PCs. Now people often work outside the perimeter of the organization’s network—any time they connect their laptops to the internet from airports, hotels, cafés and home.

How to protect yourself: Add location-aware client firewall software on laptops and other endpoint PCs.

The unpatched PC

One small unpatched vulnerability in an application, browser or operating system can lead to huge problems.

How to protect yourself: Patching is the first line of defense. Also use network access control, or NAC, to make sure any computer you allow on your network has all current patches and anti-virus updates in place.

The uncontrolled application

Allowing unmanaged applications access to the web brings unacceptable risk or performance issues.

How to protect yourself: Application control lets you block users from installing non-essential applications so you have fewer applications to manage and secure.

Web insecurity

Criminals abuse the web as their single biggest distribution point for malware.

How to protect yourself: Use combination of URL (reputation) filtering and scanning web pages for malware.

The lost laptop

It’s not difficult to replace a laptop, but recovering the exposed information can be.

How to protect yourself: Develop and implement a data encryption policy.

The misdirected email

One simple slip of the fingertip—and your document goes to the wrong email address. This could expose personal identifiable information.

How to protect yourself: Use data loss prevention software to scan for sensitive content.

The infected USB device

Every time users plug a USB device into a company computer, they bypass other layers of defense such as gateway firewall protection. That makes devices with USB ports an easy means of attack.

How to protect yourself: Use device control to specify which USB devices users are permitted to plug into laptops and PCs.

For all you geeks out there, and non-geeks too!

If you’re a geek, read ths whole article.  If you’re not a geek, then at least read number 2.

Here are the top 10 reasons that you’ll get your geek card revoked, according to a ZDNet article:

TechRepublic has previously talked about some of the things you can do to increase your geek cred. Naturally, there are also some things that can hurt your geek cred. In fact, we’ve put together a list of 10 of the worst transgressions for any geek. Doing any one of these will put your geek credentials at risk. Do two of them and your geek card immediately gets revoked.

You can view our list in two forms. You’ll find the simple list below, or you can check it out in slideshow format with the accompanying visuals.

10. Admitting that you like iTunes

Sure, it’s convenient for buying music and media in one place and syncing it to an iPod or iPhone, but iTunes has a draconian DRM system (still in place for media), makes it difficult to manage your library on multiple systems, and it started out as one of the worst pieces of bloatware ever built. And, it hasn’t gotten much better.

9. Not knowing the difference between binary and hexadecimal

Binary is the basis of all computing and is simply composed of zeros and ones. Hexadecimal is a 16-digit numeric system — based on numbers 0-9 and letters A-F — that represents binary in a more friendly way. Know the difference.

8. Not knowing what MMORPG stands for

Even if you don’t play games (or rarely play) you should know that an MMORPG is a “massively multiplayer online role-playing game,” also known as the alternate reality for geeks. The biggest one is World of Warcraft (WoW), a cultural phenomenon with over 12 million subscribers.

7. Loving your cable or telecom company

Geeks built the Internet. Geeks live on the Internet. Geeks love the Internet. However, the companies that bring us the Internet to our homes and offices — the telecoms and cable companies — are doing everything they can to wall it off, manipulate it for their own financial gain, and stop geeks from using it so much. For as long as they do that, they will remain at war with the geekosphere.

6. Not knowing the name of the book that Blade Runner was based on

Blade Runner is one of the greatest sci-fi movies of all time. If you’re a true geek, you’ve seen it multiple times. But, not only that, you also know that it’s based on Philip K. Dick’s “Do Androids Dream of Electric Sheep?” which is one of the best-titled stories in all of literature and an absolute classic in science fiction.

5. Confusing Star Wars and Star Trek

If someone mentions a Wookie and a Klingon and you’re not sure which one was part of the Star Wars universe and which one belongs to the Star Trek milieu, you are definitely not a geek.

4. Believing the “free” in open source refers to price

Repeat after me, “Open source does not mean it doesn’t cost anything.” Sure, some open source software is freely available to download at no cost. But, that’s not a requirement of open source. There is plenty of open source software that requires a fee. When open source talks about “free” software, they are referring to “free” as in “freedom.” It is freedom from overreaching licensing agreements. You’ll also hear this concept referred to as “Gratis verses Libre.”

3. Defending Facebook for its privacy transgressions

Look, Facebook is lucky the entire geekosphere hasn’t dropped it like a bad habit after all of the crap they’ve pulled in changing and violating their own lackluster privacy policies. Leo Laporte nearly led a geek revolt out of Facebook in May 2010. The only thing that prevented it was lack of a viable alternative.

2. Taking something into Geek Squad to get fixed

Best Buy’s Geek Squad has a few legitimate geeks on staff; however, too many of their technicians are completely clueless and can do more harm than good to your equipment. Besides, if you’re geek, just geek-up, open up the case, and fix it yourself. (Exception: It’s acceptable to go to the Geek Squad counter to exchange a DOA device that is still under warranty. Just don’t let us catch you asking for advice.)

1. Buying a paper computer book at Barnes & Noble

In 1999, if you wanted to quickly learn more about HTML or Exchange 5.5 or Apache or how to earn CCNA certification, you’d typically make a quick trip to your nearest book superstore like Barnes & Noble or Borders and comb through the huge selection of computer books. However, this is 2010. Any computer book you find at a bookstore is at least six months out of date. Almost everything you need to know is available on the web for free or in ebook format that you can quickly download to your laptop or tablet. Buying a dead-tree tome about a new technology is an immediate tip-off that your geek credentials are in question.

This article was originally published on TechRepublic.

Top ten up and coming technologies of 2011

Another interesting article from Larry Dignan on TechRepublic:

1: Cloud computing

This group of technologies has been on the top 10 lists for a few years. Now everything as a service will alter business models and IT procurement. Gartner analyst David Cearley said what has changed is that there are multiple services. Companies will probably need cloud computing brokers. Things to watch:

• Where does the public cloud fit? IT is generally scared of the public cloud, but select workloads are fine.
• Beware cloud washing. IT execs are comfortable with the vendors cloud washing but may not get real capability.
• Limit access to specific clouds based on community and groups. That approach would minimize security risks. Gartner has exclusive clouds and community clouds as services to watch.
• Private clouds are custom and packaged.

My impression: A safe pick for sure, but the cloud is getting more granular as it matures. Think cloud washing magnified.

2: Mobile apps and media tablets

Tablets and touch aren’t new. Claunch said that the selection of applications changes the game for businesses. “Apple has leveraged the ecosystem of the iPhone,” Claunch said. “And Apple has created consistency.” In addition, Apple’s iPad is the poster child for how consumerization is affecting corporate IT. Things to think about for enterprise IT:

• Enterprise apps will need to be designed for the tablet.
• Delivering these apps gets complicated due to the selection of platforms.
• Context-aware computing can connect to customers better.
• Marketing will drive a lot of projects to utilize tablets, but these devices can be used for inspections, surveys, image capture, documentation, and training.

Cearley added, “The PC era is over. Think of mobile design points.”

My impression: It’s stunning how many iPads are in this crowd of 7,000-plus IT execs and managers. Another thread: Almost all of these IT execs are carrying PCs not Macs. Typically, CIOs and the like are the last to get on board an early adoption curve for a new device. There’s a frenzy over tablets.

3: Next-gen analytics

Companies need to develop “operational analytics” to make predictions and use data mashups. “There’s value in very current information. We are now shifting our focus to start doing simulations and modeling to predict the future,” Claunch said. These simulations would ultimately be run on smartphones and other devices. Algorithms will really matter to companies to support the right type of prediction.

Gartner didn’t advocate doing a lot of analytics investment yet, but be ready to invest.

My impression: Analytics is largely untapped ground for many companies. Claunch’s key point: “This is just being enabled now.” Another key item: A show of hands revealed that the entire room had business intelligence software. A show of hands also indicated that no one thought those applications were delivering real value.

4: Social analytics

This concept revolves around taking social networking data and incorporating it into enterprise analysis. Sentiment, context, and influence are key areas for companies. “We’re starting to see the tipping point,” Cearley said. “It’s moving from bleeding edge to mainstream activity.” For now, look at communities you have to support and analyze an entry.

My impression: CIOs should be watching this stuff, but given the crowd response to business intelligence, I’m not seeing much progress on the analytics-social intersection.

5: Social communication and collaboration

Social collaboration is “inevitable,” Cearley said. “Over the next few years, it will be impossible to ignore this,” he added. By now, companies should have policies, high value social uses identified, and have experiments to link social with CRM systems. Meanwhile, unified communications will merge with social. Expertise location will probably be the best use case.

My impression: Gartner makes a good point, but I’d be willing to bet that enterprises are way behind the curve on social communication and what it means for collaboration and productivity.

6: Video

Corporate use of video is going mainstream. Low-cost video recorders are everywhere. Companies will need video content management systems and better design skills, and they’ll need to address privacy issues and policy concerns. Will all conference rooms be recorded by default? E-learning, merchandising, marketing, webinars, and telepresence will all be key video uses. The tipping point will come in 2011 to 2013. In addition, video will be needed to reach younger employees.

My impression: Video has hit mainstream, but networks haven’t. Will Vlogs really be the best use of employee time? One other key point: How will business intelligence systems digest video content?

7: Context-aware computing

The idea here is that social analytics and computing leads to knowledge about preferences. User interfaces would change based on context. Today, it’s all reactive. By 2011 to 2013, there will be more proactive alerts. By 2014 to 2018, you’ll have context integrated with enterprise systems. Ultimately, there will be a context platform. Portals, mashups, mobile, and social will combine. Vendors will offer “user experience platforms.”

My impression: I have a hard time seeing strapped enterprises going all contextual. Look for business units such as marketing to launch these projects to drive sales. Companies will need to deliver context-aware services to businesses. Can’t wait for all of those user experience platform pitches.

8: Ubiquitous computing

This topic has been discussed in previous years on Gartner’s lists. In a nutshell, computers melt into objects. There will be machine-to-machine connections, portable personalities, and connectivity changes across multiple devices. There will be thousands of computers for each person on the planet, and you’ll have multiple devices.

My impression: Ubiquitous computing is more a guiding principle for projects than something you think about in terms of budget. The timeline here is decades. What’s also notable: Everyone has punted on getting one device to consolidate them all. We’re doomed to carry a bunch of devices.

9: Storage class memory

When Flash meets RAM, there are differences in speed and costs. Persistent storage will also alter management. Claunch said that storage class memory goes beyond solid state drives. This new class of storage will lead to software where operating systems determine where data goes. Storage class memory will become more important over the next two to three years.

My impression: It’s a bit experimental, but storage class memory will ride shotgun with analytics. Companies will have to define what data goes into fast memory.

10: Fabric based infrastructure and computers

Every vendor will talk fabric computing, so get ready for fabric-washing. The overall idea here is that you’ll have infrastructure that manages resources in an integrated fashion. Cisco UCS and HP Matrix are examples. New ways of building servers will mean you buy pools of processors and memory instead of physically swapping boxes.

My impression: Forming your own flexible servers sounds appealing. The fabric thing sounds way futuristic for now, but the seeds are being planted

Four ways to get the most from your 802.11n Wi-Fi

I found this article interesting from ZDNet:

http://www.zdnet.com/blog/networking/four-ways-to-get-the-most-from-your-80211n-wi-fi/122?tag=nl.e550

In theory, 802.11n can zip by your 100Mbps Fast Ethernet at a real-world 160Mbps, but the practice it’s usually much slower. No, the Wi-FI vendors aren’t lying; the problem is that you have to set 802.11n up just right to really get fast performance.

First, you need to make sure that you’re using up-to-date 802.11n hardware. Older 802.11n equipment, built before the 802.11n standard was finalized in late 2009, may not work and play well with your newer devices. There were many 802.11n draft access points (APs), network interface cards (NICs) and chipsets and each vendor used its own best guess on what the standard would eventually look like.

Thanks to all this older, not quite standard 802.11n hardware, we have two problems. The first is that some older hardware, unless the firmware can be upgraded, won’t work at full 802.11n speeds with your newer standardized equipment. The other is that you can be almost certain that older APs, switches, or routers from one vendor won’t work well with another vendor’s equipment. Oh, it may look like it’s working, but if you check you’ll often find that your Wi-Fi’s connection is only running at 802.11g’s 54Mbps.

Of course, if your office is like most, you almost certainly still have a lot of 802.11g compatible laptops in work. You might think that since 802.11n is backwards compatible with 802.11g that you’ll do just fine by replacing your 802.11g APs with 802.11n hardware. You’d be wrong.

802.11n AP will support 802.11g client hardware just fine, but letting 802.11n AP support 802.11g comes with a painful performance hit. While 802.11n devices working in the 2.4GHz band are backwards compatible with 802.11g, or even 802.11b, faster 802.11n equipment will lose about half its potential speed. So, instead of seeing say 100Mbps of throughput from 802.11n AP to the 802.11n laptops, you’ll only see 50Mbps.

My fix for this is to keep 802.11g APs running until the last of the 802.11g PCs go to that big junk-pile in the Wi-Fi sky. It’s worked well for me.

You also should use 802.11n’s channel bonding to increase throughput. On your APs, you’ll find this option labeled ‘double-wide’ channels. This in an ancient technique that’s used to increase throughput by using two channels at once to deliver data. Then, as now, it works well.

There’ a ‘gotcha’ though. A Wi-Fi’s channel is required to be 20MHz. Thus, just like the name says, a ‘double wide’ takes up 40MHz of radio room instead of the usual 20MHz. The problem is that there’s only room for three 20MHz channels in 802.11b/g/n’s 2.4GHz radio spectrum. If you run out of Wi-Fi spectrum room, your overall network throughput will decline. Even if you’re doing a good job of managing your network space, your available channels are likely to also be used by your next-door neighbors’ Wi-Fi set-up.

The easiest way to dodge this potential problem, for now, is to use the higher 5GHz range. Far fewer people are currently using the 5GHz range. This will change as more people switch over to 802.11n, but for now it’s the easiest way to use wide channels to increase your effective bandwidth without running into interference. The one downside is that 5GHz has less range than 2.4GHz.

That’s why I prefer to use dual-band APs that support both 2.4GHz and 5GHz. Best of all is equipment that supports using both 2.4GHz and 5GHz at the same time for the maximum in flexibility, such as the Linksys Simultaneous Dual-N Band Wireless Router WRT610N. Older 802.11n hardware, such as the first generation of Apple’s AirPort Extreme, as well as some entry-level APs, can only support 2.4GHz or 5GHz

High-performance 802.11n equipment also comes with a larger number of multiple-input, multiple-output (MIMO) antennas . The 802.11n standard allows for up to four antennas, which can handle up to 4 simultaneous data streams. Typically, the number of antennas is described in the technical specifications as 4×4, 3×3, and so on depending on the number of antennas. But, you can’t tell just by looking, you have to check the documentation. Generally speaking the more antennas, the more simultaneous Wi-Fi connections the AP can handle, and the better the overall network performance.

It’s not just how many antennas you have though. Higher-end APs use techniques like beam-forming to automatically work out the best use for those multiple antennas. In fact, ’smart antennas,’ like D-Link’s Xtreme N ANT24-0230 Antenna, will help compatible 802.11n APs perform better.

Last, but never least, the fastest 802.11n is only as fast as its slowest link . So, for instance, if your office is still using a T1 with its 1.544Mbps no one is likely to see any significant Internet speed increase when switching from 802.11g to 802.11n.

The bottom line: While it may look like simply adding 802.11n to your network may look like a cheap and easy way to expand and speed-up your network, it’s really not. You still need to plan your network in detail, use higher-end network equipment. and possibly upgrade your Internet backbone to make the most out of 802.11n’s potential for higher speeds.

Still, if you do your homework, you really can get a Wi-Fi network that will answer your in-house network expansion needs while still providing close to Fast Ethernet’s 100Mbps speeds. Just as long as you keep in mind that 802.11n, by itself, isn’t a silver bullet for your network speed needs, you’ll do fine.