Home Networking And IT Information And Discussion

Articles about home, SOHO and small-business IT and networking issues

avast! blog » Can you Trust Free Anti-Virus?

avast! blog » Can you Trust Free Anti-Virus? – Link to blog on Avast site

My comments on the issue concerning free anti-virus software

I always prefer that every computer has a reputable anti-virus software program running on it and, through this blog, I have always recommended AVG or avast free anti-virus solutions for home users and students. I would also consider the paid-for versions of these programs for users that don’t fit the mould provided for the free versions.

From my experience, these programs and their paid-for equivalents from the same suppliers, can do their job without placing too much stress on the computer. This is compared to the likes of the “big majors” (Trend Micro, Symantec, etc) who supply the computers sold in chain stores with trialware anti-virus solutions that can place a dent on the computer’s performance with their dominant graphics.

As well, the free programs and their paid-for equivalents work tightly with the operating system rather than take over the operating system. This is more so with the latest incarnations of Windows because of the designed-in security functionality that these operating systems have like Windows Firewall. Here, you can do most of your configuring through Windows and your default browser rather than through weird panels that take up a large part of the screen. The programs are as regularly updated as the majors and are even updated to include protection from newer infection vectors like instant messaging.

One thing that AVG, avast and the like could do is “offer” a trade-in deal where if a person who is subscribing to a “major” anti-virus solution like Norton or Trend Micro can switch over to the “professional” versions of these free anti-virus solutions for a cheaper price or for free. If the “professional” solution is sold on a subscription basis, they could offer a longer subscription deal like a “2 years for 1 year” package or a “first year is on us” deal.

This could allow the user to save money on their anti-virus solutions without forfeiting the security level that they are benefiting from..

6 August 2009 Posted by | Network Security | , , | 6 Comments

CAPTCHA in the home-network router

 D-Link First to Add CAPTCHA to Its Home Routers to Help Prevent Against Attacks

D-Link’s CAPTCHA in action | DigitalMediaPhile (Barb Bowman)

My comments on this feature

A lot of blogs, comment pages / forums, social-network sites and Webmail services use a CAPTCHA as part of verifying what kind of user is signing up or adding comments to the blog or forum. This method, which typically requires a user to transcribe letters or numbers from a purposefully-distorted machine-generated graphic, has worked for a long time as a way to keep spambots from these sites.

BTW, a CAPTCHA-based verification system is a feature that I would like to see as part of adding comments to a WordPress.com blog post like this one or others on my blog. It would make life a lot easier for blog authors like myself when it comes to sorting out genuine comments from irrelevant comment spam.

This technique has been added as part of a firmware upgrade to most current-issue D-Link routers in response to recent security attacks against this class of equipment. These threats, typically in the form of Trojan Horses, take advantage of home-network equipment that is ran at “out-of-the-box” settings because most home users may not know how to configure the devices properly.

What will typically happen with these routers is that if the user wishes to change configuration or set up / modify an administrator account, they have to transcribe characters from the machine-generated graphic in a similar way to authenticating themselves with a blog or Webmail service on signup.

But this kind of security will not replace common-sense network security practices like setting the SSID of your wireless network away from the default and using a strong password on the device’s administrator account. It will augment these measures and more home-network equipment should be equipped with these features. Other practices that can be implemented for best security could include devices working on “least privilege” all of the time with the option of password and CAPTCHA verification for serious configuration tasks. This is similar to how Windows Vista and Windows 7 operate; and how a properly-setup building alarm system operates. For example, the network status page on a router could be available “without login” but you have to log in to change status.

At least this is one step being made towards a secure home and small-business network.

13 May 2009 Posted by | Broadband Routers, Network Security | | Leave a comment

Keeping the WiFi public hotspot industry safe

There are an increasing number of WiFi wireless hotspots being set up, mainly as a customer-service extra by cafe and bar operators. But there have been a few security issues that are likely to put users, especially business users off benefiting from these hotspots.

This is becoming more real due to netbooks, mobile Internet devices, WiFi-capable smartphones and other easily-portable computing devices becoming more common. The hotspots will become increasingly important as people take these devices with them everywhere they go and manage their personal or business data on them.

The primary risk to hotspot security

The main risk is the “fake hotspot” or “evil twin:. These are computers or smart routers that are set up in a cafe or bar frequented by travellers, business people or others who expect Internet access. They can be set up in competition to an existing hotspot that offers paid-for or limited-access service or on the fringes of an existing hotspot or hotzone. They offer the promise of free Internet access but exist for catching users’ private information and/or sending users to malware-laden fake Websites hosted on the computers.

Standard customer-education practices

The common rhetoric that is given for wireless-hotspot security is for the customer to put most of their effort into protecting their own data without the business owner realising that their hotspot service could be turning in to a liability. This can then lead to the hotspot service gathering dust due to disuse by the customers it was intended to serve.

The typical advice given to users is to check whether the premises is running a wireless hotspot or if there is a hotzone operating in the neighbourhood before switching on the wireless network ability in your laptop computer. Then make sure that you log on to a network identified by a legitimate ESSID when you switch on the wireless network ability.

Other suggestions include use of VPNs for all Web activity, which can become difficult for most personal Web users such as those with limited computer experience. Some people even advise against using public Internet facilities like Internet cafes and wireless hotspots for any computing activity that is confidential on a personal or business level.

But everyone involved in providing the free or paid-for hotspot service will need to put effort into assuring a secure yet accessible hotspot which provides a high service quality for all users. This encompasses the equipment vendors, wireless Internet service providers and the premises owners.

Signage and operating practices

When Intel promoted the Centrino chipset for laptop computers, they promoted wireless hotspot areas that were trusted by having a sticker with the Centrino butterfly logo at eye level on the door and the premises being scattered with table tent cards with that same logo. Similarly hotspot service providers and wireless Internet service providers used similar signage to promote their hotspots.

But most business operators, especially small independently-run cafes and bars, tend to deploy “hotspot-in-a-box” solutions where they connect a special wireless router that they have bought to their Internet service and do their own promotion of the service. This may simply be in the form of a home-printed sign on the door or window or a home-printed display sign near the cash register advising of WiFi hotspot service.

An improvement on this could be in the form of the ESSID matching the business’s name and listed on the signage, which should have the business’s official logo. Similarly, the network could be set up with WPA-PSK security at least with the passphrase given to the customers by the business’s staff members when they order hotspot service. Most “hotspot in a box” setups that list the customer’s username and password on a paper docket list the ESSID and WPA-PSK passphrase on these dockets. As well, I would modify the login page to have the business’s look with the business’s logo. A complimentary-use hotspot could be secured with a WPA-PSK passphrase and the customer having to ask the staff member about the passphrase. This could allow the facility to know who is using the hotspot and the organisation who runs that hotspot can have better control over it.

It may be worth the industry investigating the feasibility of using WPA-Enterprise security which is associated with different usernames and passwords for access to the wireless network. Most portable computers and handheld devices in current use can support WPA-Enterprise networks. This can be implemented with the typical “paper-docket” model used by most “hotspot-in-a-box” setups if the authentication system used in these units works as a RADIUS server and the built-in wireless access point supports WPA-Enterprise with the unit’s built-in RADIUS server. The same setup could work well with a membership-based hotspot service like a public library with the RADIUS server linked to the membership database. But it may not work easily with hotspot setups that work on a “self-service” model such as paid-service hotspots that require the user to key in their credit-card number through a Webpage or free-service hotspots that use a “click-wrap” arrangement for honouring their usage terms and conditions.

The organisation who runs the hotspot should also be aware of other public-access wireless networks operating in their vicinity, such as an outdoor hotzone or municipal wireless network that covers their neighbourhood; and regularly monitor the quality of service provided by their hotspot. Also, they need to pay attention to any customer issues regarding the hotspot’s operation such as “dead zones” or unexpected disconnections.

People who own private-access wireless networks should also keep these networks secure through setting up WPA-secured wireless networks. They should also check the quality of their network’s service and keep an eye on sudden changes in their network’s behaviour.

When wireless-network operators keep regular tabs on the network’s quality of service, they can be in a better position to identify rogue “evil-twin” hotspots

Improved standards for authenticating wireless networks

There needs to be some technical improvement on various WiFi standards to permit authentication of WiFi networks in a manner similar to how SSL-secured Web sites are authenticated. This could be based around a “digital certificate” which has information about the hotspot, especially:

  • the ESSID of the network ,
  • the BSSID (wireless network MAC) of each of the access points,
  • the LAN IP address and MAC number of the Internet gateway
  • the venue name and address and
  • the business’s official name and address.

The certificate, which would be signed by public-key / private-key method could be part of the “beacon” which announces the network. It would work with the software which manages the wireless network client so it can identify a wireless network as being secure or trusted if the signature is intact and the network client is attached to the network from the listed BSSIDs and is linking to the gateway LAN IP.

The user experience would be very similar to most Internet-based banking or shopping Websites where there is a “padlock” symbol to denote that the user is using an SSL-secured Website with an intact certificate. It will also be like Internet Explorer 7 and 8 where the address bar turns green for a “High-Assurance” certificate which requires higher standards. In this case, the user interface could use colour-coding and / or a distinctive icon for indicating a verified public network.

The provision of cost-effective wireless-network management software

There are some programs that can turn a laptop computer in to a wireless-network survey tool, but most of them don’t show much useful information, are hard to operate for anyone other than a network technician or are too costly. They miss the needs of people who run home or small-business wireless networks or wireless hotspots.

What needs to exist is low-cost wireless-network management software that can work with the common Microsoft or Apple platforms on computers that have common wireless . The software should be able to use commonly-available wireless network adaptors such as the Intel Centrino platform to perform site surveys on the WiFi bands and display the activity on these bands in an easy-to-view but comprehensive manner. The software should be easy to use for most people so they can spot interference to their wireless network easily and can “tune” their wireless network for best performance.

Similarly the popular smartphone and PDA platforms like Applie iPhone, Symbian S60 / UIQ, Blackberry and Microsoft Windows Mobile could have low-cost wireless-network management software written for them so they can make a handheld PDA or mobile phone work as a site-survey tool for assessing quality of service

Once this kind of software is available for small business and home users, it empowers them to assure proper coverage of their network and check for any “evil twin” or other rogue hotspots being set up to catch customers.

Summary

There needs to be more effort put in to setting up secure public-access wireless networks so that people can benefit from portable computing anywhere without forfeiting the confidentiality of their personal or corporate data.

It also will encourage people to gain the maximum value out of their WiFi-enabled portable information devices whether for their business life or their personal life.

12 March 2009 Posted by | Home computer setups, Internet Access And Service, Network Security, SOHO / Small business computer setups | , | Leave a comment

Personal and amateur photos on Web sites – need for improved security

Facebook scam: Ferrari man’s true identity revealed – BizTech – Technology

The recent Facebook scam with the image of a man standing beside a Ferrari had involved images lifted from a holiday album that was published on Picasa although intended to be private.

One of the main thrusts in this scam involved the photographer’s pictures being used without knowledge or permission of the album’s owner and a possible privacy and reputation threat for both the album’s owner and the Ferrari’s owner (if the Ferrari had front number plates).

One thing that needs to be looked at regarding photos published on Web sites like social networking and photo sharing sites is a secure way of publishing these pictures. Some would say that the most secure way is not to use these services at all, but to send pictures using removeable media (optical disk or USB memory key) via at least “snail mail”, preferably certified mail or courier service.  But many people want to still use these services due to the ability to quickly share large numbers of pictures with people over long distances.

Issues that can be looked at could include a watermarking system for personal images so that users can detect improper use of their images; and improved security practices for online services that handle personal and amateur pictures. The watermark system could use a machine-readable watermark and the option of a visible watermark and could be provided by an ISP, enterprise, Web-hosting facility or a photo-sharing / social-network service. The machine-readable watermark should be able to be detected in thumbnails and low-resolution images; synthesised images such as “photoshopped” images and collages; as wel as high-resolution images. This can work in hand with users, ISPs and hosting services using agents that can scour for improper use and let the users know.

Other practices could include a limit on how the picture is seen by untrusted users, such as “low-resolution only” viewing or inability to download, copy (Ctrl-C / Command-C), print or zoom into the actual picture. As well, the systems that host these sites could be checked regularly for hack attempts.

What needs to happen is for action to be taken concerning misuse of amateur and personal images that have been put to the Web, This could be achieved through codes of practice and / or technology implementations.

3 March 2009 Posted by | Network Security, Social issues involving home computing | | 1 Comment

Comments about the Intel vPro Anti-Theft Technology

Intel Demonstration video of vPro Anti-Theft technology in action

Linked through from the IntelChannel YouTube channel

My comments in relation to small businesses and home setups

The Intel vPro anti-theft technology as presented in the above YouTube video is promoted for use by larger companies or schools who have a fleet of notebook computers and people in their regular hire who manage their IT needs. This is typically represented by the segment where the user is working at a software or Web-based “console” to administer the “poison pill”.

This kind of facility may not be available to households or small organisations who manage their own IT needs unless the remote management functionality is available as a cost-effective service. Such a service could be offered by security firms who sell their services to residential and small-business customers and these firms could integrate the “secure notebook” as part of their business-security packages or as a stand-alone service.

10 January 2009 Posted by | Home computer setups, Network Security, SOHO / Small business computer setups | , , | Leave a comment

The end of McColo – OXYGEN 3 (E-bulletin on IT security)

 The end of McColo – OXYGEN 3 (E-bulletin on IT security)

My Comments

Some governments, most notably the UK government, are implementing crack-house or disorderly-premises close-down procedures where they can close down premises which are used for crime or disorder.

This incident where McColo, an ISP frequented by malware distributors and spammers, has been closed down because of the malware and spam that has emanated from that domain means that someone is looking towards using this kind of action in cyberspace. This would be similar to the effect on a neighbourhood whenever a crack house or a bar frequented by criminals is closed down, whether through official mandate or not.

If this kind of thing happens frequently with the Internet, through the watchfulness of the netizens, this could lead towards a safer Internet environment with fewer malware existing and mailboxes free of “fly-by-night” spam.

3 January 2009 Posted by | Network Security | Leave a comment

Merry Christmas from Simon Mackay

I am wishing you all a very merry Christmas and a happy new year.

There are some important issues to think of during this gift-giving season, especially when you open those computer-related gifts on Christmas Day.

1: When you set up that new router, make sure that you set it up in a secure manner. The wireless network segment must be secured to WPA-PSK standards and using an SSID unique to the premises as described in the “Making Sure Your Home Wireless Network Is Secure” article.

2. Make sure that the administration front-end for the router is secured with a good password rather than the default “admin” password that the manufacturer sets it to. This should also be set up for any other network devices like network-attached storage boxes that are able to be managed from the Web browser.

3. When you set up a new computer, make sure it is running the latest version of an anti-malware program and that there is a desktop firewall in place. A good anti-malware program that I would recommend for home use would be the free AVG program (http://free.avg.com) or the Avast Home Edition (http://www.avast.com/). Also make sure that Apple Macintosh computers are running anti-malware programs because of the latest crop of malware that is now targeting this platform.

It is worth knowing that the recent crop of anti-malware programs integrate “sure-surf” functionality that warns you if you are heading to dangerous websites or if an item in a Google search list is a trap Website.

4. Make sure that operating systems are set to obtain update files automatically. This can be achieved by going to the “Live Update” menu in Windows or going to the “Software Update” under the Apple menu in MacOS X.

5. Don’t think that the Webcam is just for weirdos. Think of it now as a tool for communicating with distant relatives and allowing them to be part of your life. Consider them being on Skype or Windows Live Messenger and you could easily save heaps on the phone bills.

6. Enjoy a safe and happy New Year

With regards,

Simon Mackay

16 December 2008 Posted by | Network Management, Network Security, Uncategorized, Video-conferencing | , | Leave a comment

Feature Article: Making Sure Your Home Wireless Network Is Secure

This Christmas, you may have received a new wireless Internet router as a Christmas present and are eager to dabble in the joys of wireless “hot and cold running Internet”. You will need to make sure that this network is operating in a secure manner in order to stop unknown and unaccounted use of your bandwidth allowance and to stop others from raiding your household’s private data. This is as essential as making sure that your home is physically secure through your use of deadlocks and intruder alarm systems.

Most likely, you will have implemented computer security measures like installing and using a desktop firewall and desktop virus-control and spyware-control utilities. You will also have deployed a spam-control utility on your e-mail inbox or signed up to a spam-filter service provided by your ISP.

Getting started on making your wireless network secure

Use the “Getting Started” leaflet for your router to identify how to configure it. You may have to run the CD that was supplied with your router and will need to connect your computer to it using the Ethernet cable that should have been supplied with it.

Windows Vista

Those of you with Windows Vista who have routers marked with a “Certified for Windows Vista” logo may find this job easier because the operating system will discover the router and put up a prompt at the right hand side of your screen upon power-up. You may have to click on “Control Panel”, then “Network and Internet”, then click on “Connect to a network”.

Next click “Set up a wireless router or access point” and click “Next” twice. Windows will interrogate your router and if it can’t be configured through Windows Vista, you will see a window which offers two options – “Configure the device manually” and “Create wireless network settings and save to USB drive”. Click on the first option to open the wireless router’s configuration page. If you just unwrapped it, you will need to use the default password printed in the router’s documentation.

Also, click on the second option to prepare a configuration set for your router. With this wizard, you will need to create an SSID and WPA network security key. Work through the wizard and choose a network name (SSID) that is peculiar to your premises and transcribe this SSID. Then click “Next” and accurately transcribe the passphrase written in the wizard.

Put a USB memory key in the computer then click Next. When the screen darkens, click “Allow”. Choose the situation appropriate to your network. If your network is already established, select the “Custom settings” option and click “Next”. Then click “Close”. You have created a master configuration set for your wireless network and that is now stored on your USB key.

Go back to the wireless router configuration page that you opened before in the second paragraph and go to the Wireless Network option. Copy the SSID into the “SSID” or “Wireless Network Name” box. Then go to the Wireless Security box and set your router to WPA-Personal and copy the WPA network security key into the passphrase box. At this point, go to the administrator password option and change the administrator password to something that you remember but is secure.

Windows XP SP2

If you don’t have the “Getting Started” leaflet on hand, connect to the router as described before and type “cmd.exe” in to the Run prompt. This is accessible by pressing [Windows| and R together on the keyboard. Then type “ipconfig” in to the command prompt. Look for the “gateway address” and note it down. Then use your Web browser to log in to the router.

Opan Control Panel and click on Wireless Network Setup option. Enter an SSID (wireless network name) that is peculiar to your premises and select “Automatically assign a network key”. Tick Use WPA encryption instead of WEP and click “Next”. Select “Use a USB flash drive” and click Next to copy the details to a USB memory key which you have inserted in your computer. Select the drive letter that corresponds to the USB memory key. Click “Next” to copy the details to your USB memory key.

Windows Vista, Windows XP SP2

“Dip” the USB memory key into the USB port on any Windows XP SP2 or Windows Vista computer with a wireless network ability that is part of your network and select the Wireless Network Setup Wizard option on the AutoPlay dialog box.

Apple MacOS X, UNIX (Linux)

Put the USB memory key in to the computer and open the SMRTNTKY folder. Open the WSETTING.TXT file and copy the SSID and WPA network key in to your wireless network configuration utility. In the case of the MacOS X, make sure that it is part of your “keyring”. Then dismount and remove the USB memory key.

All operating systems

Then put the USB memory key in to a computer attached to a printer and click on the “Open Folder to view files” option  Open the SMRTNTKY folder and click on WSETTING text document (WSETTING.TXT) . Print this document out and keep it in your files. This is of importance for when you connect up newer wireless network devices.

28 November 2008 Posted by | Feature Article, Network Management, Network Security | , | Leave a comment