|
Crackdown on Clickjacking
A new, or rather a newly revised threat may be coming to a
browser near you. It’s called Clickjacking and it can affect all browsers. It
first appeared a few years ago but little was heard of it after the first
warnings. It looks like it might be back though the threat level is still quite
low at the moment but these things can quickly spiral out of control. Here’s
how it works. If a hacker can get access to a website they can fiddle with
buttons and graphics so that if you click on what appears to be a legitimate
link what actually happens is you are directed to a phoney or fake site where
you unwittingly enter personal details, or in a worse case scenario, clicking
the link downloads malicious software onto your PC. Of course the same kind of
thing can be found on less reputable websites.
Microsoft and Mozilla have released fixes in the past but
there is a way to stop clickjacking in its tracks, on Firefox at least, and
that’s to install an add-on called No-Script.
This creates a white list of trusted sites by blocking any attempt to run an
unapproved or suspicious script within a web page. If the site is blocked by
NoScript all you have to do is click on the ‘S’ logo that appears in the bottom
left hand corner and decide whether to allow the page to load. It’s a bit of a
chore, but if you take security seriously, or you visit the odd dodgy website
then it will give you some extra peace of mind.
20/10/08
One Click Encrypt
We are all concerned
about privacy and security but relatively few PC users actually ever get around
to doing something about it. Now there’s no excuse, a small freeware utility
called EncryptOnClick
can encrypt any file on your PC in just a second or two. Just open the program
and select the file, tap in your password or PIN and its done. The file is
compressed and scrambled using strong 256-bit AES encryption, which will keep
most nosey parkers at bay. The program is small, under 4Mb, and it fits easily
on a USB pen drive, so you can protect your files when you are on the move.
31/07/08
Double-Quick Data
Destruction
If you sell or
otherwise dispose of your computer you must delete all of the data it contains.
This is vitally important, not just from a security standpoint, but it’s also
technically illegal to sell on a PC with Windows and many commercial programs installed unless you also
transfer the licences, though this is almost impossible to do.
Active
KillDisk remains my favourite method for deleting the data on a drive, but
here’s a new one, called Darik’s Boot
and Nuke, and this program really lives up to it’s name! Just boot the PC
using a CD, DVD, pen drive or floppy and it totally destroys all of the data on
every drive it finds. UI suspect this will be of interest to anyone who needs
to lose a lot of data in a hurry, when the authorities come a-knocking but it has
plenty of entirely respectable applications, particularly for anyone selling or
recycling a computer. Just be careful how you use it, there’s no going back
once it has started…
24/07/08
New AVG Annoyance
It’s hard to get too
upset with AVG, after all they have been providing us with top-notch virus
protection for free these last few years, but the release of AVG version 8 has
annoyed a lot of otherwise loyal users. Over the last few weeks popups have
been appearing that appear to suggest that AVG was no longer free and to stay
protected you had to upgrade to a paid-for version. The fact is AVG 8 is still
free for personal use, but of course AVG would rather you purchased the better-specified
commercial version – well, you can’t blame them for trying. For the record the
free version can be downloaded from http://free.avg.com
The latest problem
is a component in AVG 8, called Link Scanner, which has been driving some
website owners potty. The idea is when you do a web search it pre-checks all of
the links, looking for malicious sites. The trouble is websites get bombarded
with fake hits from PCs running AVG 8, clogging up the web with pointless and
wasteful traffic. Some users also suggest that the Link Scanners slows their PC
down, which could well be the case on older machines.
Anyway, you can
disable Link Scanner from AVG’s Control Panel, but this slaps an ugly red
exclamation mark over the AVG icon in the System Tray. The simpler solution is
to go back to AVG website and download the program again. Run the installer,
follow the prompts and this time you will see a Select Startup Type window.
Check Add or Remove components, click Next and a few clicks later Component
Selection appears. Uncheck Link Scanner, click Next and finish the
installation. When you next open the Control Panel Link Scanner will be no
more.
10/07/08
Clever One-Click Clean
Up
As I am sure you
know I have been waffling on for years about how your PC monitors your web
surfing activities and logs every website you’ve ever visited, from the day you
switched it on, in a hidden and protected file called index.dat. Regular
readers may also recall a couple of utilities I’ve been recommending to wipe
these files. Back n the days of Widows 98 my cleaner of choice was Spider,
sadly it was never updated for XP but then along came Crap Cleaner – CCleaner,
as it is now known – which does a brilliant job. Now we have a new utility that
works with CCleaner, called Click&Clean,.
Basically it lets you put a quick-launch icon – appropriately enough a toilet
roll – on your Internet Explorer or Firefox toolbar. You need to have CCleaner installed on your PC first, and the new icon has to be
added manually, so don’t forget to read the instructions. One click and it
launches CCleaner and your tracks are covered.
I see only one small
problem and that is the browser has to be closed in order for CCleaner to work,
so the trick is to remember to click the toilet roll just before you exit your
browser.
03/07/08
Bird Passes The Word
I don’t know about you but I’m always struggling to think up
new passwords for websites and the myriad of other things I need to gain access
to these days. As we all know using simple words, such as names and places for
passwords is just asking for trouble as they can be easily guessed by someone who
knows you, or about you, or cracked using ‘brute force’ dictionary methods, so
here’s something else to try. It’s called Password
Bird and all you have to do is enter a special name, special word and a
special date and from that it creates a good quality random-looking alphanumeric
password, but made up from bits of your special words and numbers, which should
make it a little easier to remember
23/06/08
Keep It Clean!
We all know that when you use a PC you leave a trail, half a mile
long, in ‘log’ and ‘dat’ files and Registry entries detailing everything you’ve
been doing, from the files and programs you’ve opened, to the websites you’ve
visited. It’s no small concern as it can include sensitive and personal
information, like passwords and PINs for example. It’s not too difficult to
keep your own PC’s record keeping in check, with a free utility like
CrapCleaner (see Software section) but what happens when you’ve been using
someone else’s computer?
This little program, called CleanAfterMe is
what you need to tidy up after you. It’s a small freeware application that you
can keep handy on a USB memory stick and when you run it you have the option to
delete all of the data and changes you may have left behind during the session.
If you are a regular user of other people’s computers and value you privacy and
security then don’t leave home without this really handy utility.
19/06/08
Rooting Out Rootkits
We’ve spoken about Rootkits
before, they’re nasty little pieces of malware that can open up your PC to
hackers, but are also really difficult to detect and eliminate because they
hide inside legitimate applications and files. McAfee, the anti-virus people
have come up with a new Rootkit removal tool, called Rootkit Detective. It’s
still in its pre-release beta version but it seems stable enough and compared
with other Rootkit removal tools we’ve tried, it’s blindingly fast. Although it
didn’t find any infections on our office PCs it did flag up a few files,
belonging to uninstalled applications, that shouldn’t be there, so it’s definitely
worth a try, especially if you have any concerns about the security of your PC.
29/05/08
Home is where the Webcam is
There have been a number of well-publicised cases of home-owners with
security camera setups, spotting villains breaking in to their houses on their
laptops while they were on holiday. In most cases this involved the use of some
pretty fancy kit, but here’s a simple, and so far free system that can do
exactly the same job, without the need for any expensive hardware or software.
It’s called Home Camera and all you
have to do is download a small piece of software, hook up your USB webcam, and
you can monitor the image from up to 4 cameras anywhere on the world on any PC
running a standard web browser. If your camera supports motion detection it can
send you an email alert and an image to your mobile phone. Home Camera is still
undergoing Beta testing, which is why it is free, but when the service begins
in August it will still only cost around £8.00 a year, and anyone who signs up
for the beta trial is promised a good discount.
25/05/08
Laptops Aloud
It’s not long until the holiday season begins and with the widespread
availability of Wi-Fi in hotels and airports, and Wireless Hotspots all over
the place I’m guessing that a lot of you will be taking your laptop with you on
your travels this year. The only trouble is they’re so nickable, all it takes
is a momentary distraction, and it’s gone. Well, this little freeware utility
isn’t going to stop you doing something daft, but if might just alert you to
the fact that someone is interfering with it, and if it does get pinched, they
won’t be able get at the data stored on it, at least not easily. It’s called Laptop Alarm and the idea is you launch it
when your laptop is unattended, Windows is automatically locked, and if
anyone messes around with it, unplugs the power cable or moves the cursor, it
starts shrieking. It’s no good if they try to mute the sound either, because it
overrides the volume controls. As I said it’s free, so what have you got to
lose, apart from your laptop…
12/05/08
Key to Security
One of the scariest threats to your PC and personal security
is the keylogger. These are tiny malware programs that can get onto your PC by
a variety of means, in some cases all you have to do is visit an infected
website. Once on your computer it sits silently in the background, recording
every keystroke you make, and sending the data back to the mothership, where it
is scanned for passwords and PINs, which can be used to empty your bank account
or set up phoney accounts. This little freeware program, called AntiKeylogger
can’t help you if you are already infected, so check your PC before you install
it, but it will stop any new ones from working. Unlike most programs of this
type it doesn’t try to detect an infection, instead it interferes with the
mechanisms that all keyloggers use to record data, so there’s no need for it to
be regularly updated with signature files, providing you with near effortless,
long term protection.
21/04/08
Lock Your Windows, With a Cellphone
If your PC or laptop has a Bluetooth adaptor, and your
cellphone is similarly equipped, then here’s something that might interest you.
It’s a free utility called BtProx,
and the idea is you can lock your PC, so no-one else can use it, unless you,
and your cellphone are in the immediate vicinity. As I’m sure Apple Mac fans
will remind me, it’s not exactly a new idea, but no matter, its a simple and
effective way to protect your computer, though, just make sure your phone battery
doesn’t run out, or you will be in trouble…
14/04/08
Phishing Fixer
If you are fed up sifting through fake phishing messages
purporting to come from banks, credit card companies and financial institutions,
ebay and PayPal trying to extract your details, then help is at hand. It’s called
Iconix email ID. It’s an add-on for Outlook
Express, Outlook, Windows Live, Hotmail, AOL and Yahoo webmail and GMail that
automatically identifies and flags up messages that come from legitimate
sources.
Incoming emails are checked against a database of registered senders –
300 so far -- and if it passes the test an icon appears next to it in your
Inbox, so you can see instantly if it is genuine or not. It’s all free, the
software only takes a few moments to install and as far as I can see the only
minus points are that the sender’s list is biased towards US companies – it could
do with some UK banks and building societies on the list -- and they’re still
working on compatibility with other popular email clients.
07/04/08
Virtually Infallible Protection
How would you like to completely protect your PC from
viruses, malware and the myriad of nasties floating around the Internet? Of course you would, but even with the best
security software available there’s always the chance something will get through,
but maybe there is a solution…
What we have here is a freeware program called Returnil
Virtual System that creates a sacrificial ‘mirror’ or clone of your system
on a virtual partition on your hard drive. Your PC boots into the virtual
system, so your original system remains isolated and protected. If something
does make it through your defences no harm is done, you just reboot and any
changes the malicious software has made are automatically erased and you reboot
into a newly created system.
It’s a bit like The Matrix, a PC within a PC, spooky and
quite tricky to get your head around at first but once you get used to it, it
makes a lot of sense and your PC will become virtually bullet-proof.
31/03/08
Free Software Security Program on Test
If you don’t mind being an unpaid guinea pig then head over to the Secunia website and download the Beta
(Release Candidate 1) version of Personal Software Inspector, which checks all
of the programs on your PC and tells you if any of them represent a security
threat, or are past their use by date. If there is a problem it offers to help you find
patches and updates. The program flagged up 8 programs on my well used office
PC, none of the alerts were serious and about half of the programs I knew to be
no threat at all, so it’s not infallible and I suspect there’s still some work
to be done but it’s reassuring to have a second opinion, and it could just find
something nasty that you or your other security software has overlooked.
27/03/08
Free Wireless Security Checkup
How safe is your wireless network? If the answer is you don’t
know, then you really should head over to the Pure Networks website and carry
out their free Network
Security Scan. Of course it’s a prelude to selling you something, in this
case an application called Network Magic, and there’s a link to a free trial,
but there’s no obligation and it really is worth the visit for the free
security scan. It raised a couple of issues on my system, which until now I thought
was pretty tightly secured.
20/03/08
Free Lightweight Virus Scanner
Traditional thinking suggets that you should only have one
anti-virus program on your PC. That’s normally good advice as they can have
problems with each other’s ‘signature libraries’, which usually contain inert
samples of virus code, but here’s one that seems to get along with other AV
programs, on my test bed PCs at least.
|