Go to Windows 7 Insider Guide
Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
There's no way to reduce to zero your risk of picking up some piece of malware while browsing. You need layers of security to keep viruses, Trojans, and botnets at bay—the more layers, the safer your browsing. (Of course, the more layers, the slower your browsing, too, so don't get carried away.)
Much emphasis has been placed on the enhanced security features of the latest versions of the popular browsers. Whether one is any safer than another is anybody's guess, but no browser gives you more ways to thwart a Web-based attack than Firefox via its wealth of security add-ons.
Link checkers add warnings to search results
Search results are often difficult to trust, even when the URL looks familiar. Phishers are adept at planting dangerous links that look like harmless ones. Link checkers provide you with an indication of the trustworthiness of sites before you click their links. (Note that several of the products are available for Internet Explorer as well.)
Some of the programs, such as McAfee's SiteAdvisor, give the thumbs-up or thumbs-down based on a single company's research. Web of Trust (WOT) bases its recommendations on the collective intelligence of a network of volunteers. LinkExtend is a link-check aggregator that combines the analyses of eight different services.
McAfee SiteAdvisor adds a safety indicator to Web search results.
(Credit: McAfee)While the recommendations of link checkers are helpful in identifying safe sites, you can't take their yeas and nays as gospel. For example, sites that offer downloads of system utilities may be flagged as dangerous because the programs require access to the operating system and thus could do major damage in the wrong hands.
Track the trackers
You know popular Web sites download software that tracks your activities on their sites, but do you know who's doing the tracking? Find out with the Ghostery add-on that pops up the names of the trackers as the page opens. The program puts a small "ghost" icon in the bottom-right corner of the Firefox window that turns orange when trackers are present. Click the link that appears to the right of the icon to find out more about the trackers and block them individually or entirely.
The Ghostery Firefox add-on lets you know who's tracking your activities on the site.
(Credit: Ghostery)
View encryption specs
When you open an encrypted Web page, a lock icon appears in the bottom-right corner of the Firefox window and the URL in the address bar begins with "https." But there's more than one form of encryption, and knowing which type and strength of encryption in use can be handy.
The CipherFox add-on puts in the bottom-right of the Firefox status bar the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cipher and keysize currently in use. Double-clicking the entry opens the CipherFox dialog box, where you can disable RC4 encryption and display partial SSL/TLS. (Note that the developer accepts donations to support the product.)
Take charge of Web password management
Firefox's built-in password manager lets you create a master password and remember passwords for specific sites, but if you want to get serious about managing your passwords, get LastPass, a password manager that provides much more granular control over your sign-ins.
After you download and install the add-on, an icon is placed in the top-right corner of the Firefox window. Click it to open the LastPass menu, which lets you manage your identities, open the LastPass Vault, jump to favorite sites, and generate secure passwords. You can also import or export sign-in IDs, compose and print secure notes, and assign keyboard shortcuts for specific actions.
In addition to Firefox and IE, LastPass is available for Google Chrome and Apple's Safari browsers. LastPass backs up your passwords by storing an encrypted copy on its own servers. And because you can access your passwords via the Internet, you can use LastPass on any Web-connected device, although use of LastPass on an iPhone or other smart phone requires a Premium membership, which costs $1 a month. (You can also put LastPass on a USB thumbdrive for use with Firefox Portable and other portable apps.)
If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.
Phishing attacks have spiked this year, according to recent reports. The Anti-Phishing Working Group reports that there were more than 55,600 phishing attacks in the first half of 2009 alone. Phishing is particularly dangerous because once criminals get a victim's password for one Web site they can often use it to get into other accounts where people have re-used the password.
And anyone can be at risk. The wife of FBI Director Robert Mueller banned him from doing online banking after he came close to falling for a phishing attempt.
Here is some basic information that can help people avoid being tricked by phishing attacks.
What is phishing?
Phishing is an attempt, usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a bank or some other legitimate entity. The e-mails typically include a link to a Web site that appears to be legitimate and which prompts users to provide information. Sometimes, the phishing e-mail will include a form in an attachment to fill out. One common tactic phishers use is to pretend to be from the fraud department of a financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud. In one case, a phishing e-mail purporting to be from a state lottery commission asked recipients for their banking information so their "winnings" could be deposited into their accounts.
Phishers also are increasingly exploiting interest in news and other popular topics to trick people into clicking on links. One e-mail purportedly about swine flu asked people to provide their name, address, phone number, and other information as part of a survey on the illness. And users of social networks are becoming popular targets. Twitter users have been directed to fake log-in pages.
Attackers are also turning to instant messaging to lure people into their traps. In one recent scam a live chat window was launched via the browser. The scammer communicated to victims via the chat window, pretending to be from a bank and asking for additional information.
This phishing e-mail looks legitimate and even offers to provide tips on how to avoid fraud and spoof e-mails.
(Credit: Screenshot by Elinor Mills/CNETNews.) What are other recent examples of phishing attacks?
A recent e-mail scam asks PayPal customers to provide additional information or risk getting their account deleted because of changes in the service agreement. Recipients are urged to click on a hyperlink that says "Get Verified!"
E-mails that look like they come from the FDIC include a subject line that says "check your Bank Deposit Insurance Coverage" or "FDIC has officially named your bank a failed bank." The e-mails include a link to a fake FDIC site where visitors are prompted to open forms to fill out. Clicking on the form links downloads the Zeus virus, which is designed to steal bank passwords and other information.
E-mails that look like they come from the IRS tell recipients that they are eligible to receive a tax refund and that the money could be claimed by clicking on a link in the e-mail. The link directs visitors to a fake IRS site that prompts for personal and financial information.
A legitimate-looking Facebook e-mail asks people to provide information to help the social network update its log-in system. Clicking the "update" button in the e-mail takes users to a fake Facebook log-in screen where the user name is filled in and visitors are prompted to provide their password. When the password is typed in, people end up on a page that offers an "Update Tool," but which is actually the Zeus bank Trojan.
What are some tell-tale signs of a phishing attempt?
Many phishing attempts originate from outside the U.S. so they often have misspellings and grammatical errors. Some have an urgent tone and they seek sensitive information that legitimate companies don't typically ask for via e-mail.
What should I look for in an e-mail?
Check the sender information to see if it looks legitimate. Criminals will choose addresses that are similar to the one they are faking. For instance, phishers have used "Alerts@Paypal.co.uk." However, legitimate PayPal messages in the U.S. come from Service@paypal.com" and include a key icon. Most phishing e-mails come from outside the U.S. so an address ending in ".uk" or something other than ".com" could indicate it's a phishing attempt.
The e-mail address may also be obscured. Hitting "reply all" may reveal the true e-mail address. You can also set your e-mail preferences to show "full header" to see the full e-mail address and other information. If you are at all unsure whether the e-mail is legitimate, go to the company's Web site to see the address listed.
Legitimate companies tend to use customer names or user names in the e-mail, and banks often will include part of an account number. Phishing emails typically offer generic greetings, like "Dear PayPal customer."
Inspect the hyperlinks inside the body of the e-mail. Phishers typically will use subdomains or letters or numbers before the company name, and sometimes the words in the links are misspelled. For example, www.BankA.security.com would link to the 'BankA' section of the 'security' Web site. Often, it's difficult to tell if the link is legitimate just by looking at it. By mousing over the link you can see the real address on the bottom of most Web browsers.
In addition, PayPal, Amazon, banks, and many other businesses use the SSL (Secure Sockets Layer) protocol which is designed to ensure that customers are visiting the real site. That means https:// will be seen in the URL address bar instead of just http:// and usually there will be some other change in the address bar. For instance, PayPal displays a "P" and its name is highlighted in green at the front of the URL. The major browsers have antiphishing measures designed to detect malicious sites. Some phishers also try to hide the real Web address they are sending victims to by using URL shortening services.
If the e-mail has an attachment, be wary of .exe files. Scammers like to hide viruses and other malware there so it executes when opened.
Do not be fooled by the look of the Web site you may be directed to. The Web site may look just like a real bank or PayPal page, including the use of the real logos and branding. It could be a good fake page or it could be a legitimate page with a phishing pop-up window on top.
How can phishing attacks be avoided?
Try to stay off spam lists. Don't post your e-mail address on public sites. Create an e-mail address that is less likely to get included in spam lists. For instance, instead of bobsmith@xyz.com, use bob.smith.az@xyz.com.
If an e-mail looks reasonable contact the company directly if you receive an e-mail asking you to verify information. Type the address of the company into the address bar directly rather than click on a link. Or call them, but don't use any phone number provided in the e-mail.
Don't give out personal information requested via e-mail. Legitimate companies and agencies will use regular mail for important communications and never ask customers to confirm log-in or passwords by clicking on links in e-mail.
Look carefully at the Web address a link directs to and type in addresses in the browser for businesses if you are uncertain.
Don't open e-mail attachments that you did not expect to receive. Don't open download links in IM. And don't enter personal information in a pop-up window or e-mail.
Make sure you are using a secure Web site when submitting financial and sensitive information.
Change passwords frequently. Don't use the same password on multiple sites.
Regularly log into online accounts to monitor the activity and check statements.
Use antivirus, antispam, and firewall software and keep your operating system and applications up-to-date.
What can I do if I think I've been victimized by phishing?
The Anti-Phishing Working Group has a comprehensive site explaining exactly what steps people should take based on what type of information they have given out.
Where can I report phishing attempts?
You can forward suspected phishing e-mails to reportphishing@antiphishing.org and spam@uce.gov. Companies typically have an address to forward phishing examples to, such as "spoof@company.com." Always include the entire phishing e-mail. Complaints can be lodged with the Internet Crime Complaint Center at the FBI.
Here are additional resources.
http://apwg.org/consumer_recs.html
http://www.irs.gov/newsroom/article/0,,id=154848,00.html
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guidance.mspx
This phishing e-mail includes a sender e-mail address and link that are obviously not associated with Facebook.
(Credit: Screenshot by Elinor Mills/CNETNews.)First introduced in beta in April, Panda Cloud Antivirus graduates to a stable, public release and signifies a major security vendor taking aim at the freeware competition--instead of the other way around. Cloud Antivirus was notable on its beta release for being one of the few security options available to users that contained most of its protections in the cloud. This allowed it to protect users while consuming significantly fewer resources than many competing programs.
Panda Cloud Antivirus 1.0 is notable as a free security solution for two reasons: Panda is a reputable security vendor, and the program achieves its goal of freeing up system resources. In a press release, Panda Security CEO Juan Santana described Cloud Antivirus as a game-changer. It's not clear quite yet that that's the case, but at the very least the program looks to fill a niche created by resource-conscious netbooks.
As light on resources as advertised, Cloud Antivirus offers strong reputation-based protection for those who want their security program out of sight and out of mind. A third-party efficacy evaluation wasn't available at the time of writing, but in empirical testing the program only used 9 MB of RAM while idle, and only 56 MB of RAM when scanning. Many other security programs will run scans at 150 MB of RAM or more.
Despite keeping most of its database in the cloud, Panda Security's Senior Research Advisor, Pedro Bustamante, noted during an interview in October that Cloud Antivirus isn't disabled just because the host computer is disconnected from the Internet. "Panda has an offline mode that uses a small cached copy of Collective Intelligence on your local drive, it's only the most recent threats on a real time wild list." Collective Intelligence is the name that Panda gave its cloud system when it was introduced in 2007.
When you open Cloud Antivirus, the main window lets you know whether you're safe or not with a big red or green icon. Cloud Antivirus works as other antivirus solutions do, offering a Quick Scan and a Custom scan for specific folder, files, and drives, but its ancillary features are exceptionally light. The Quick Scan took 13 minutes on my Windows 7 Lenovo T400 laptop.
Dragging an active Cloud Antivirus window, in Windows 7 at least, will turn it translucent.
(Credit: Screenshot by Seth Rosenblatt/CNET)You can opt out of contributing anonymous data to the cloud, but that also opts you out of automatic threat management. There's a network connection proxy option should you need it, and a reporting feature that will show you what kind of threats have been detected and removed from your computer. You can filter the report by All, Last 24 hours, Last Week, or Last Month, and there's a Recycle Bin pane from which you can recover a false positive, should you need it. Unfortunately, the Recycle Bin is hidden behind an obnoxious "flipping" screen that cheesily rotates when you need to access it.
If you're familiar with the minimalist Microsoft Security Essentials, Cloud Antivirus is even simpler. I did notice some odd interface rendering around the minimize and close buttons in Windows XP, but not in Windows 7. There are other more serious concerns about the program. Most notably, it lacks a scheduler, and it removes user input from update functions. Scans are also limited: you can tell the program what to scan, but not what to look for, so forget about toggling heuristics or rootkits. Then again, the point of this kind of security is that it's all wrapped into one.
Keeping in mind its limited feature set, and that we don't have efficacy numbers at the time of reviewing, Panda Cloud Antivirus makes good security choice for those willing to take the plunge.
Microsoft said on Thursday it will issue six patches next week for 15 vulnerabilities, including three critical bulletins affecting Windows and two important Office-related bulletins.
Affected software includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, the company said in an advisory.
November's Patch Tuesday is a contrast to the record number of fixes issued last month--13 bulletins for 34 vulnerabilities.
Updated 2:52 p.m. PST to correct that there will be six patches fixing 15 vulnerabilities.
A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.
One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.
Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.
"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
... Read moreMalwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.
Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.
Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.
This screen shot shows IObit's product uses the same naming scheme as Malwarebytes.org.
(Credit: Malwarebytes.org)After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware. Within two weeks, IObit was detecting the fake files and using "almost exactly" the fake names, Malwarebytes said.
"We soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database," the blog post says. "They are using both our database and our database format exactly."
Malwarebytes, which said it uncovered evidence that IObit may have stolen proprietary databases of other security vendors as well, said it plans to pursue legal action against IObit
IObit denied the allegations, saying it was a "mistake," and accused Malwarebytes of spreading "malicious rumors."IObit said it would soon release a legal letter an explanation about the technical aspects that proves its case. In the meantime, IObit temporarily deleted all disputed items in its database to avoid "dispute and possible problems" and disabled its malware submission page, the company said in a blog post.
Basically, someone submitted samples with the name used by another vendor, the post says.
"Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal--Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors."
"There are holes and problems with IObit malware submission procedure and database management," the post concluded.
Malwarebyte's found that IObit's product detected the fake malware Malwarebytes put in its database as a test.
(Credit: Malwarebytes.org)Web ads aren't just annoying, they can also be the source of a malware infection that attempts to steal your identity. In her September 15, 2009 InSecurity Complex blog, Elinor Mills describes how ads are being used by criminals to trick people into buying fake antivirus software, among other nefarious purposes.
Technology to block the ads that appear on Web pages has been around for almost as long as the ads themselves. No doubt someone will point out the irony of a blog that relies on ads for its livelihood explaining how to prevent them from appearing. For better or worse, few people will actually take the time to use an ad blocker when they browse. I don't think online advertisers are losing much sleep over the technology—yet.
Skip the ads when viewing pages in Firefox
One of the most popular Firefox add-ons is Adblock Plus, which puts an "ABP" icon on the far right of the main menu. Click it (or press Ctrl-Shift-V) to view the blockable items on the current page. Choose the down arrow next to the icon to open the program's Preferences dialog, disable ads on the page or site, or select other options.
Click the Adblock Plus icon to view blockable items on the current page.
(Credit: Wladimir Palant)Hovering over the Adblock Plus icon shows the add-on's status and the number of blocked and blockable items on the current page. You can also open the program's Preferences dialog by clicking Tools > Adblock Plus Preferences. There you can subscribe to an ad filter, import and export blocklists, view and reset your "hit" list, and change your view. Another option lets you remove the block tabs that appear by default on Flash and Java items.
Block ads in Internet Explorer
Back in January 2008, I called the free IE7Pro "(t)he only Internet Explorer 7 add-on you'll ever need." Well, the name's the same, but the program now works with IE 8 as well. Blocking ads in IE is as easy as downloading and installing IE7Pro, clicking Tools > IE7Pro Preferences, and checking Ad Blocker on the main Modules tab. The program blocks Flash, Java, pop-ups, pop-unders, and other types of Web ads.
Activate ad blocking in Internet Explorer by choosing the Ad Blocker option in IE7Pro's Preferences dialog.
(Credit: IE7Pro Team)To put a finer point on your IE ad blocking, select the AD Blocker option on the left side of the Preferences window. There you can enable the program's Flash blocker, which is off by default. You can also make changes to the IE7Pro filters, but you can't import or export filters as easily as you can using Firefox's Adblock Plus.
Use a proxy to squash ads in Chrome
It isn't surprising that Google decided not to include an ad blocker in its Chrome browser. After all, the company makes quite a bit of money from serving up those ads, so helping people to block them would be self-defeating. I found a couple of ad-blocking extensions for Chrome, but after taking a look at them, I just didn't trust them.
In one case, the home page of the extension's provider was crowded with ads itself. And another Chrome ad blocker I looked at had an unfinished appearance. The best solution I could find for blocking ads in Chrome is the Privoxy Web proxy, which is available on Source Forge. Configuring the add-on is a challenge, but a post on the GeekZone tech community boils it down nicely to seven steps.
Block ads in Opera, no add-ons required
The best way I found to block ads in the Opera browser is to use the program's built-in content blocker. To activate it, right-click anywhere on the page and choose Block Content. Only the blockable content on the page will be highlighted, and a toolbar appears at the top of the page. Choose an item to block it, and then click Done on the toolbar to reload the page minus the elements you selected.
To unblock an item, just reopen the Block Content toolbar and click the "Blocked Image" indicator. You can also view the URLs of all blocked items on a page, edit the entries, and add or delete items. There's no option to import or export a list of blocked URLs, however.
Bonus tip: Block ads and malicious sites via the free OpenDNS proxy service
Perhaps the greatest security resource on the Web is the free OpenDNS proxy service, which sends all your Internet traffic through a well-maintained set of filters to screen out ads as well as sites known to host malicious content. You can use the OpenDNS service to block gambling, adult, and other specific types of sites. For instructions on using OpenDNS, see Becky Waring's article "Use OpenDNS to surf safely with these tricks" on the Windows Secrets site.
IOBit 360 is a relative newcomer on the antimalware scene, although the Chinese publisher is known for making solid utility software such as Smart Defrag. It's a fast and welterweight freeware utility for detecting and removing malware, and plugging your system's security holes before they can been exploited. The new improvements in version 1.10 include integration with the Windows 7 security center, a new feature that creates a USB key-portable version, a toolbar, and scan engine tweaks.
IOBit 360
(Credit: Screenshot by Seth Rosenblatt/CNET)If you're unfamiliar with the program, it's fairly simple to figure out and use. The interface has large left navigation icons with simple labels that won't confuse novices, while the tools menu offers some useful features that more advanced users are sure to appreciate.
The Overview tab is the main window and it contains links for immediate Smart scans, definition file updates, a "security analysis"--which evaluates potential exploits in your system and includes Windows security patches--and a status update window. This tells you whether your real-time protection, automatic scans and updates, and heuristic-based scans are on or off. Automatic scans and updates, and scheduled scans, are restricted to the paid upgrade, which is currently being offered on sale for $19.95. It's usually $29.95.
The Scan tab lets you initiate a Smart scan, a Full scan, or a Custom scan, and the Protection tab lets you toggle your real-time protection status. It seems a bit odd that a user would want the separate controls that the program offers for "known malware" and "unknown threats," but you can toggle them independently.
A running scan that wound up taking about six minutes to finish.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Tools tab is what makes IOBit 360 comparable to others in its class, giving you seven useful system security tools. There's a Hijack scan for power users, a Security Holes scan, a Passive Defense that disables cookies in Firefox and Internet Explorer, and ActiveX in IE, and an Unlock and Delete tool for getting rid of files your system thinks are in use. This feature is slightly less important in Windows 7, which will tell you when you encounter a locked file where it lives, but the unlocking and deletion features are definitely useful.
There's a Privacy Sweeper that will clean not just cookies and cache but saved forms, download history, and other Internet traces in all the major browsers it detected on my system, including Firefox, Internet Explorer, Google Chrome, Opera, and Safari, but the sweeper will also check utilities such as archival tools, multimedia players, and other applications that regularly ping the Internet. These days, that's nearly everything.
Annoyingly, the PC Tuneup option takes you to the download page for another IOBit program, but users on the go will like that you can create a custom portable version, launchable from a USB key. IOBit 360 eats about 50MB of RAM when idle, with a Smart scan taking about 6 minutes and a full scan finishing in 45 minutes, making this one of the fastest in its class. I didn't notice any system lags while running it, and it didn't detect any malware on my system, although it did point out tracking cookies from multiple browsers. Third-party efficacy tests haven't yet been performed against high-performing competitors such as Ad-Aware or Malwarebytes, but IOBit is proving that the antimalware tool without antivirus isn't dead--yet.
Kaspersky unveiled a new tool on Thursday called "Krab Krawler" that analyzes the millions of tweets posted on Twitter every day and blocks any malware associated with them.
The tool looks at every public post as it appears on Twitter, extracts any URLs in them and analyzes the Web page they lead to, expanding any URLS that have been shortened, Costin Raiu, a senior malware analyst at Kaspersky, said in an interview.
The company is scanning nearly 500,000 new unique URLs that appear in Twitter posts daily, he said. Of those, anywhere between 100 and 1,000 are malware attacks. Twitter has also been targeted by the Koobface virus which posts malicious links from infected users' accounts.
About 26 percent of the total posts contain URLs, and many of those lead to spam sites that are marketing products or services and aren't considered malware, according to Raiu. Tens of thousands of different accounts are posting spam links, most likely from accounts created by bots, he said. The most frequent URLs posted lead to online dating sites, he added.
Twitter has its own filtering system, but some malicious links still manage to get through, Raiu said.
While Kaspersky's regular antivirus software may detect and block 95 percent of the malware Twitter users are threatened with, malware code changes frequently to evade filters and it could take between two and 12 hours for new stuff to be classified as malicious and detected, he said.
While antivirus companies have traditionally focused on protecting e-mail-borne viruses, they are increasingly turning their attention to social-media sites as attackers do.
Trend Micro has technology that monitors Twitter posts for malicious URLs, as well as looks for attack patterns in the posts, such as use of popular terms to indirectly lead people to malicious links, said Morton Swimmer, a senior threat researcher at Trend Micro.
Meanwhile, Finjan offers a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as Gmail, Blogger, MSN, MySpace, Google search, Yahoo, and other sites.
Social-media sites are popular for attackers not only because people are flocking to them, but also because users seem to trust messages that appear to come from friends on those sites more than they trust e-mails, Raiu said.
"People are worried about unsolicited e-mail, so they are careful not to run the programs they get by e-mail, but they aren't prepared to deal with these kinds of new attacks," he said.
The most common piece of malware associated with Twitter links is Trojan-Clicker.HTMLIFrame, a malicious JavaScript that can get downloaded to a computer when it visits a compromised Web site.
(Credit: Kaspersky)
