Friday, April 27, 2007

Best Antivirus Software

Anti-Virus Free Edition



AVG Free Edition has spearheaded the company's growth. According to Grisoft, over 40 million users have AVG Anti-Virus protection, including users of the Free Edition.



The AVG Free Edition is similar to the Anti-Virus Professional product, but does not have all the features. It lacks the fine-grained control over how scans are conducted, and it receives lower priority (than the paid-for products) when downloading updates from Grisoft's servers. The language interface cannot be customised, and English is the only available language.



Technical Support is not available for the Free Edition, whereas support is available to users of the Professional, paid for products.



Grisoft announced that AVG Anti-Virus Free Edition version 7.1 ended in February18, 2007. Users were required to upgrade to AVG Anti-Virus Free Edition version 7.5. Users are being encouraged to move to the commercial version of AVG, particularly the AVG Anti-Malware and AVG Internet Security products as they protect against spyware as well as viruses. In the last two years the increase in infections has been spyware rather than viruses. AVG Anti-Virus Free
(including the 7.5 edition) does not include a firewall, anti-spam nor detect spyware.



However, Grisoft does provide a free version of AVG Anti-Spyware - based upon the former Ewido engine.


Version of AVG Antivirus:


Grisoft provides a number of products from the AVG range, suitable for Windows 98 onwards. In addition to this, Grisoft also provides a Linux version of the software.


All commercial versions of AVG are compatible with the 64-bit edition of Windows. AVG Free is not compatible with Windows 64 bit. AVG Anti-Virus Professional and Anti-Malware editions also run on Windows Vista. At time of writing the Firewall component and standalone Anti-Spyware are not Vista compatible. This is expected to be fixed soon.


All standard versions of the AVG software are available on a trial basis. Each trial allows all users (including businesses and institutions) a 30 day trial period. After this time a fee is required, which yields a key that unlocks the program for continued use.



  • AVG Free Edition: a freeware program which allows home users unlimited use and unlimited updates. It is not legal to use these commercially - they are for personal, home use only.

  • AVG Anti-Virus Professional Edition: this is the standalone Anti-Virus product designed primarily for home desktops or for small organizations using peer-to-peer networks. With Version 7.5 the SoHo edition has been discontinued per se, but has been replaced with the option of multiple licences for the Professional Edition. Available are 2, 3, and 5 licences.
  • AVG Plus Firewall Edition: adds a firewall to the Professional version. Is available in 1, 2, 3 and 5 licences.
  • AVG Anti-Spyware Edition: protects against spyware. Based upon the Ewido engine.
  • AVG Anti-Malware Edition: has both anti-virus and anti-spyware facilities
  • AVG Internet Security Edition: contains anti-virus, firewall, anti-spyware and anti-spam facilities.
  • AVG Network Editions : With the release of AVG 7.5, there are now several Network Editions of AVG.
  • AVG Rescue CD : a bootable variant of AVG Anti-Malware that can be run in Windows PE. This allows you to scan and remove viruses and spyware that may be stopping a PC from booting. Other tools include a registry editor, network mapping, ping testing and IP configurator.
  • AVG Anti-Rootkit (Free) : a specific tool allowing you to scan and remove rootkits, but does not include realtime protection.
  • Grisoft have now released an update for the AVG Internet Security Edition
    making it compatible with Windows Vista.


Features:


AVG features most of the common functions available in modern antivirus programs, including periodic scans, scans of sent and received emails (including adding footers to the emails indicating this), the ability to "heal" some virus-infected files, and a "virus vault" in which infected files are held.

Developer: Grisoft, s.r.o.

OS: Microsoft Windows, Linux

Use: Antivirus

License: Free and Commercial


Website: AVG Global Website


Download AVG Anti-Virus Free



Ease of Use:


The AVG Control Center (AVGCC) is the main control component of the AVG system. AVGCC runs each time a user logs in and through it you can edit various settings of the AVG system and monitor the status of individual components. The AVGCC system tray icon is multi-colored when all components are working correctly, and turns gray if there is a problem. By clicking the icon, you can open the main the windows of AVGCC.

AVG Anti-Virus also has an Advanced Interface that gives you a nice view of the tests you can run, scheduled tasks, test results and more. This interface is more for advanced users. It takes a little while to get used to, but once you get the hang of it, you will find it logical and easy to maneuver.


Effectiveness:


The software received a VB100% and the ICSA 2005. AVG Anti-Virus also passed on demand and on access scanning level 1 meaning it detected all wild virus. However, it did not pass the Level 2 by West Coast Labs, which requires the product disinfect all viruses in the wild that can be disinfected.



Updates:

Akamai servers provide free program and virus updates. AVG updates itself automatically whenever updates are available. Alternatively, you can update manually or configure AVG to download updates at a scheduled time that suits you.



Feature Set:

The Virus Vault is what most anti-virus programs call a "Quarantine" area. When the resident scanners find a virus, you can store the file in the Virus Vault until you have time to heal the file and then restore it to its original location.



AVG Anti-Virus also allows you to create an MS-DOS Rescue Disk from the Control Center.



Scheduling options include alternatives to run tasks even if the schedule is missed. The software can perform tasks even when there is no user logged onto the computer.





Ease of Installation:

This product is very easy to install-no problems.



Help/Support:

AVG Anti-Virus has great support with their online support page, Knowledge Base Search, and FAQs page. Our email inquires were answered within 24 hours. You must register to receive the support and they don't offer support via telephone.

Certifications and awards for AVG Antivirus


AVG Anti-Virus has won numerous awards. Certifications that the software holds include the Virus Bulletin VB100% Award - which is awarded to products which manage to detect 100% of the viruses "In the Wild", without false alarming. It is also 100% Detection Rate certified by independent ICSA Labs, West Coast Labs Checkmark Level 1 certification and TÜV Monitored Virus Protection certification.

Free Download

AVG Antivirus:

Download AVG Anti-Virus Free

Saturday, March 10, 2007

Secure Ecommerce, Banking and transaction on internet

Phishing

Phishing is the term given to the criminal practice of sending random emails purporting to come from genuine companies such as banks and ecommerce organisations. The emails try to convince customers of those companies to disclose personal information on fake websites operated by criminals. The emails often contain emotive messages and claim that it is necessary to "validate" or "update" customer account information. The emails contain instructions to click on a link within the email which takes the recipient of the email to the fake website. Here all information entered is collected by the criminals. Information captured through Phishing may be used to perpetrate different criminal acts. Your funds may be stolen and used to finance other criminal activities such as human trafficking, drugs and prostitution and your identity may be cloned and other criminal acts undertaken in your name.

How to avoid becoming a victim of Phishing?

It is important to remain vigilant and be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source such as Your Bank. It is important to remember that Your Bank will never ask you to reconfirm any personal information by clicking on a link in an email and visiting a website.

The structure of a Phishing email

Who is the email from?

The structure of the Internet makes it relatively simple for criminals to create fake entries in the "From:" box of an email. This means that Phishing emails often look like they come from a real bank email address.


It is important to remember that the email address you see in the "From" field may not be from the person or organisation that it claims. The message is also likely to contain odd "spe11ings" or cApitALs in the "Subject:" box - this is designed to bypass spam filter software and increase their chances of delivery to a potential victim.

Who are the intended victims?

Phishing emails are sent out randomly using bulk email lists. The criminals are cunning and whilst they may not know your real name or indeed anything else about you they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms such as "Dear Customer". The email may well include grammatical and spelling errors as it is likely that English is not their first language.



Some emails may also contain a login form directly in the body of the email to add authenticity to the scam.

Fake hyperlinks

As with forging email addresses in the 'From' box, it is also very simple to hide a hyperlink's true destination. This means that the link displayed in an email and anything which shows up in the status bar at the bottom of your email programme can be faked.


The Structure of a Phishing website:

The URL

The criminals are clever and use a number of techniques to hide the true location of a fake website in the address bar. The website address may begin with the genuine site's domain name (eg: online-banking.standardchartered.com.hk if you are looking for standard chartered bank's website), but unfortunately that is no guarantee that it points to the real site. Other techniques may include using addresses made up of numbers (IP addresses), registering a similar domain name, or even inserting an image of the real address into the browser window. To add credibility to their fake sites, many criminals create direct links from their pages to the genuine website.


Pop-up windows

Another technique involves loading a genuine website into your web browser and then creating a fake 'pop-up' window over the top of it. Again this technique is employed by criminals to add credibility to the scam. When used you can see the real website in the background, however any information you type into the pop-up window will be captured by the criminals and used for their criminal purposes.

It is important to remember that you should always access your online banking account, by typing the address into a new window.

What to do in the event you receive a Phishing email:

If you do receive a suspicious email, please contact Your Bank by forwarding the suspect email to your bank's official email address.

You can also report the incident directly to your regional organisation who designed to combat electronic incidents including criminal acts such as Phishing.

Hong Kong:
Website: http://www.hkcert.org/
Incident Reporting url: https://www.hkcert.org/incident/home.html

India:
Website: http://www.cert-in.org.in
Incident Reporting url: http://www.cert-in.org.in/incidentreporting.htm

Jersey:
Website: http://www.niscc.gov.uk
Incident Reporting url: http://www.niscc.gov.uk/niscc/reportIncident-en.html

Singapore:
Website: http://www.singcert.org.sg
Incident Reporting url: http://www.singcert.org.sg/incident.html

UAE:
Website: http://www.cert.etisalat-nis.ae/
Incident Reporting url: http://www.cert.etisalat-nis.ae/Incident_Reporting_Form.txt

Korea:
Website: http://www.apcert.org/
Incident Reporting url: report incidents via email: cert@certcc.or.kr ;

Asia Pacific Region:
Website: http://www.apcert.org/


Important points to remember

Your Bank will never send you an email requesting for you to "verify" or "update" your password or any personal information by clicking on hyperlink and visiting a website.
Be cautious about all unsolicited emails and never click on hyperlinks from these emails and provide personal information.
To connect to Internet banking, open your web browser and type the address in Address Bar by yourself. Never use a link to open the website of your bank.
If you are in any doubt about the validity of an email, or if you believe that you may have disclosed information on a fake website, contact Your Bank by sending an email to official address.

Tips for secure Internet Banking

PC security:
It is important to use up-to-date Anti-virus software and a personal firewall. If your computer uses Microsoft Windows operating system, it is important to keep it updated via the Windows Update feature, equally if you use another PC operating system or have an Apple Mac you should check regularly for updates. You should be vigilant if you use Internet cafes or a computer that is not your own and over which you have no control.
Check for Spyware:
In addition to being protected by using up-to-date antivirus software you should also regularly use software to remove Spyware from you computer, as these programs record information about your Internet use and transmit it without your permission. In some circumstances this can compromise your PC security.
Always access your Bank's Internet banking by typing in the correct URL into your browser.
Never click on a link in an email to take you to a website and enter personal details either in the email or website.

Password and PIN security:

You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept secret at all times. Be cautious about disclosing personal information to individuals you do not know. Please remember that your Bank would never contact you directly to ask you to disclose your PIN or all your password information.

Be cautious of unsolicited emails

Don't be conned by convincing emails offering you the chance to make some easy money. As with most things if it looks too good to be true, it probably is! Be cautious of unsolicited emails from overseas - it is much harder to prove legitimacy of the organisations behind the emails.



Keep your identity private offline:


Your identity can be as easily stolen offline as it can online. It is important that you comply with instructions about destroying new PIN numbers and expired bank cards. You should also consider using a crosscut shredder to destroy unneeded bank and other statements that may contain sensitive personal information. It is advisable to store retained documents in a suitable locked and fireproof container.

Check your statements: back to top

It is important to check your statements regularly; a quick check will help identify any erroneous or criminal transactions that might have been performed on your account without your knowledge.

Check your banking session is secure:

When undertaking any banking on the Internet, check that the session is secure. There are two simple indicators that will tell you if your session is secure. The first is the use of https:// in the URL. Some browsers such as Mozilla Firefox change the colour of the url window when you are in a secure session. The other indicator is the presence of a digital certificate represented by a padlock or key in the bottom right hand corner. If you double click on this icon it should provide you with information about the organisation with which you have entered in to a secure session .

Always completely log off from your Internet banking session:

It is important to completely log off from your Internet banking session; simply closing the window you performed the transaction in may not close the banking session. If your computer is infected with a Trojan, you session may become hijacked by a criminal and financial transactions performed without your knowledge. It is also advisable to disconnect from the Internet if you are not planning to use it.

Monday, March 5, 2007

10 General Computer Security Tips

Use antivirus and Spyware software:

Make sure you have Anti-virus software on your computer! Anti-virus software is designed to protect you and your computer against known viruses but with new viruses emerging daily, Anti-virus programs need regular updates to recognise these new viruses. It is important to update your Anti-virus software regularly - the more often you keep it updated, the better - you should consider updating the software at least once a week. If you use your computer and receive a lot of emails, then updates should be made more frequently. You should also consider using software to detect Spyware. Spyware is malicious software (malware) that is downloaded onto your computer (often without your knowledge). It can be used by third parties and criminals to monitor your Internet activities which could compromise the security of your personal information. As with Anti-virus software you should check your system regularly for Spyware at least once a week.

Don't Open Unknown Emails:

If you receive a suspicious email, especially from a sender you do not recognise, the best thing to do is to delete the entire message, including any attachment. . If you are determined to open a file from an unknown source, save it first and run your virus checker on that file. If the mail appears to be from someone you know, still treat it with caution if it has a suspicious subject line (e.g. "I loveyou" or "Anna Kournikova") or if it otherwise seems suspicious (e.g., it was sent in the middle of the night). Also be wary if you receive multiple copies of the same message from either known or unknown sources. Finally, remember that even friends and family may accidentally send you a virus or the e-mail may have been sent from their machines without their knowledge. This was the case with the "I Love You" virus that spread to millions of people in 2001.

Protect from Internet intruders:

You should equip your computer with a firewall! Firewalls create a protective wall between your computer and the outside world. They come in two forms, software firewalls that run on your personal computer and hardware firewalls that protect a number of computers at the same time. They work by filtering out unauthorized or potentially dangerous types of data from the Internet, while still allowing other data to reach your computer. Firewalls also ensure that unauthorized persons can't gain access to your computer while you're connected to the Internet.
Download security updates from operating systems and other software such as web browsers:
Most major software companies today release updates and patches to close newly discovered vulnerabilities in their software. Sometimes security flaws are discovered in a program that may allow a criminal hacker to attack and or control your computer. Before most of these attacks occur, the software companies or vendors create free patches for you that are posted on websites for download and installation by their customers. It is important to check your software vendors' websites regularly for new security patches or use the automated patching features that some companies offer such as Microsoft and Apple for their respective operating systems.

Password security:
The most secure passwords are those that contain a mix of upper and lower case characters as well as numbers and characters. You should also try and create a password that is around 8 characters long. Ultimately passwords will only keep someone out if they are difficult to guess! As with your PIN number and other private information it is important not to share your password. Try not to use the same password in more than one place. If someone should happen to guess one of your passwords, you don't want them to be able to use it in other places.
Simple Passwords :
1. A password should have a minimum of 8 characters, be as meaningless as possible, and use uppercase letters, lowercase letters, symbols and numbers, e.g., K2v7T5a8.
2. Change passwords regularly, at least every 60 days.
3. Do not give out your password to anyone!

Backup your computer regularly:

It is important to be prepared for the worst case scenarios, losing your information through a virus attack. Try and back up small amounts of data on floppy disks and larger amounts on CDs. If you have access to a network, consider saving copies of your data on another computer within the network. Many people make weekly backups of all their important data. It's also important to retain and store safely your original software start-up disks. Keep them handy and available
in the event your computer system files get damaged.
Limit sharing - don't allow access to strangers :
If you or a member of your family downloads files from the Internet via file-sharing networks, such as Kazaa, your computer operating system may allow other computers to access the hard-drive of your computer in order to "share files". This ability to share files can be used to infect your computer with a virus or allow someone to look at the files on your computer if you don't pay close attention. It is advisable therefore, unless you really need this ability, to make sure you turn off file-sharing. Check your operating system and other program help files to learn how to disable file sharing.

Disconnect from the Internet when not in use :

Disconnecting your computer from the Internet when you're not online lessens the chance that someone will be able to access your computer. And if you haven't kept your Anti-virus software up-to-date, or don't have a firewall in place, someone could infect your computer or use it to harm someone else on the Internet.

Check security settings regularly:

The software and operating system on your computer have many valuable features that make your life easier, but can also leave you vulnerable to hackers and viruses. You should evaluate your computer security regularly. You should look at the settings on applications that you have on your computer. Your browser software, for example, typically has a security setting in its preferences area. Check what settings you have and make sure you have the security level appropriate for you.

How to adjust Security Settings in Internet Explorer:

In the main browser window, select 'Tools' and then 'Internet Options'. When you do this a further pop-up window will open, select the second tab named 'Security', then select 'Custom Level' - from there you can choose an appropriate level to meet your individual needs. Please note that Mozilla Fire Fox is more secure than Internet Explorer.
Educate your family and other users of the computer about basic security
It is important that everyone who uses your computer is aware of proper security practices. All users of the same computer should know how to update the virus protection software, how to download and install security patches from software vendors and how to create a proper password. It only takes one user mistake to infect a computer.

Friday, February 16, 2007

Vishing: exploits the public’s trust of landline telephone services

What is Vishing?

Vishing is the term given to the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick people into providing personal and financial details over the phone for financial reward, by pretending to represent real companies such as banks, which the fraudster then uses to achieve some financial gain. The term is a combination of “voice” and phishing. A “visher” is a person who perpetrates a Vishing attack.

Vishing exploits the public’s trust of landline telephone services. Traditional land line services end in a physical location which is known to the telephone company, and is associated with a bill payer. With the advent of VoIP, telephone services may now terminate in computers, which make illegal acts easier to achieve than with traditional “dumb” telephony endpoints. ( Source: www.Wikipedia.com )

A typical Vishing attack could follow a sequence such as described below:

The fraudster sets up an automatic dialer which uses a modem to call all the phone numbers in a given region.

When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and the customer should call the recorded phone number immediately. The phone number could be a toll free number often with a caller identifier that makes it appear that they are calling from the financial company they are pretending to represent. Net phone technology makes it easy to fake the number someone is calling from.

When the customer calls the number, it is answered by a computer generated voice that tells the customer they have reached ‘account verification’ and instructs the consumer to enter their 16-digit credit card number on the key pad.

Once the customer enters their credit card number, the “visher” has all of the information necessary to place fraudulent charges on the consumer’s card. Those responding are also asked for the security number found on the rear of the card.

The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.

How to avoid becoming a victim of Vishing

Take steps to protect your personal information and bank account. If you are called by a so-called “Bank” or an organization purporting to be a “Bank”, be aware of the following:

Legitimate banks would have knowledge of some of your personal details. Be suspicious of any call that appears to be ignorant of your basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.

Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an email or an SMS especially if it is regarding possible security issues with your credit card or bank account. When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify if the number given is actually an office number of the bank.

Make sure you call your bank or the company that is the subject of the call to check that the call is legitimate before disclosing any personal information.

Who are the intended victims?

Vishing calls are indiscriminate and randomly target people. The fraudsters are cunning and they may not know your real name nor any other real information about you but they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms, like -----Sir------ or …. Madam.

Action: What to do in the event you receive a Vishing call:

If you do receive a suspicious call/email/phone message, please contact your Bank by using the contact number on your statement or on the back of your bank Debit/Credit card.

You can also report the incident directly to your regional organization who are set up to combat electronic incidents including fraudster acts such as Vishing.

Hong Kong:

Website: http://www.hkcert.org/

Incident Reporting url: https://www.hkcert.org/incident/home.html

India:

Website: http://www.cert-in.org.in

Incident Reporting url: http://www.cert-in.org.in/incidentreporting.htm

Jersey:

Website: http://www.niscc.gov.uk

Incident Reporting url: http://www.niscc.gov.uk/niscc/reportIncident-en.html

Singapore:

Website: http://www.singcert.org.sg

Incident Reporting url: http://www.singcert.org.sg/incident.html

UAE:

Website: http://www.cert.etisalat-nis.ae/

Incident Reporting url: http://www.cert.etisalat-nis.ae/Incident_Reporting_Form.txt

Korea:

Website: http://www.krcert.or.kr

Incident Reporting url: http://www.krcert.or.kr

Asia Pacific Region:

Website: http://www.apcert.org/

Important points to remember

Your Bank will never randomly call you requesting that you provide personal details including your PIN over the phone.

If you receive a suspicious call, report it by contacting Your Bank on the number provided on your statement or on the back of your bank card.

If you have disclosed information verbally or via your phone key pad, immediately contact Your Bank as above and report to the police.

Spam Emails: How to Control?

What is Spam Email?

Spam is the slang term for unsolicited email. The practice of sending unsolicited bulk email ("spam") is an increasing problem on the Internet and it provides criminals with a way of reaching Internet anywhere in the world, no matter where they are located themselves. In order to reduce the amount of spam that you receive, you should be careful about disclosing your e-mail address and consider taking some of the measures below to protect yourself from spam.

Individuals behind these mass mailings, 'Spammers' collect addresses from a number of sources including websites or newsgroups/forums where they are displayed in full and buying address lists from websites where people have signed up for free offers or ordered something online. They also employ more malicious means such as using mass mailing viruses and worms, as well as dictionary-based attacks on popular domains.

7 ways to reduce spam:

Disguise your e-mail address on websites, newsgroup posts, chat rooms, or bulletin boards. You can display your address on your website as an image (without using the mailto attributes), on your website insert an image in place of the @ sign, write it as your.name at my-isp.com, insert zeros instead of "o" (y0ur.name@my-isp.c0m), or insert additional words (your.name@my-ispREMOVE-THIS.com). By doing this you will still make it possible for other people to read your address, but prevent the automated programs that spammers use from harvesting your email address.

Use an email programme that includes spam filters, an anti-spam product, or a service that scans your email for spam automatically. I suggest you Thunder Bird

on't list your e-mail address in full on any websites, newsgroups or forums Or use a separate email address for such use.

Only share your main e-mail address with people you know.

Make sure that you opt out of marketing offers allowing your address to be sold to third parties when registering or buying products or services.

NEVER reply to spam emails or attempt to use the "remove me" link as this will confirm that your address is live and you will receive more spam.

Don't open or preview spam messages as this may enable them to validate that the message has been opened. After validating your email address , spammers will send flood of eamils to your inbox.

Thursday, February 15, 2007

General computer security information

General computer security measures to ensure safe browsing on internet.


Standard Chartered Website Authenticator
Is it safe to shop and bank online?

The decision to bank or shop online is an individual choice, however, provided you take a few sensible precautions like using Anti-virus software, and shopping from reputable sites - it is safe. Adjust the security settings on your browser to protect you to the level you require. Don't give out personal information in chat-rooms or if you are not sure who is receiving the information.

How do I know if my PC is safe?


If you have anti-virus software on your PC (and keep it up to date), and are sensible about opening email attachments, and have the file sharing option on your operating system turned off (unless you need it for use in an office or home network) then your PC is reasonably safe. Try not to leave the PC connected to the Internet when it is not in use. You should also consider installing a firewall, this is particularly important if you have a permanent connection e.g. broadband access. As a further measure, make sure you keep back up copies of anything important on floppy disk, CD-ROM or another storage device then if you do fall victim to a virus or your computer breaks down you can still re trieve your data.


Is my computer safe if I am not connected to the Internet?

Yes, although there are still risks from viruses on floppy disks, CD-ROMs or portable hard disks if you are not connected to the Internet and of course your computer may break down or be stolen.

How do I know if a website is genuine?

Just as anyone can insert an advertisement in a newspaper, so anyone can set up a website. Check for contact details on the site (a postal address, not just an email address). Internet addresses have to be properly registered so most organisations have registered their own names as site names. However, this cannot always be guaranteed, particularly for all available suffixes, so if you are in any doubt it is advisable to check for physical address details. A browser lets you access the information on the Internet. Common browsers include Microsoft Internet Explorer, Netscape Navigator and Mozilla Firefox. A secure web browser supports the technical security protocols (standards) used by some sites, such as Internet Banking, to prevent unauthorized people from seeing information sent to or from the sites. You can tell when this is happening by the appearance of a padlock symbol at the bottom of the browser window. Double clicking this symbol will show a 'digital certificate' (also known as a SSL certificate) confirming the authenticity of the site.

Computer Security : Glossary

Glossary of security terms

adware

A program that typically displays advertising through pop-up or pop-under windows as you surf the Web. Adware is often hidden alongside other programs, and you may unknowingly install it when you download a program from the Internet or install software from disks. You usually need a specialized anti-adware or anti-spyware program to remove adware from your computer.

anonymity

Inability to identify a person from known information.

anti-spam

A program that filters spam in an email inbox and moves it to a bulk or spam folder, where it can be deleted.

anti-spyware

A program that finds and removes spyware. Some anti-spyware programs can also find and remove other malware, like keyloggers, Trojan horses, worms, and more.

anti-virus

A program that is designed to identify, prevent, and eliminate viruses and other malicious software.

attacker

A person who intentionally attempts to defeat a system.

bulk folder

A folder in some email programs that is used to hold email identified as spam.

case-sensitive

Distinguishing between uppercase (or capital) letters and lowercase (or small) letters. Yahoo! passwords are case-sensitive, which means that a capital A is different from a lowercase a. So when you enter your password, make sure to type it with the correct capitalization.

cookie

A small amount of data, often including an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard disk. Web sites use cookies to "remember" details about you, such as your user name or site preferences, in order to personalize your experience on that web site. Your browser transmits information back to the site each time you view that site until the cookie expires.

download

The transfer of a copy of program or file from a network to a single computer.

email header

Part of an email message that describes the path that the email took to go from the sender to the recipient. Email headers are generally hidden, but can be displayed if necessary. If you report spam or phishing emails to Yahoo!, you'll be asked to include the email headers to help identify the source of the email.

encryption

The process of converting data or other information into code so that unauthorized people cannot access it.

firewall

Hardware or a program that prevents unauthorized users from accessing a computer network or that monitors the transfer of information to and from a network. A personal firewall is a program that filters traffic to or from a single computer. Many operating systems (such as Microsoft Windows XP and Mac OS X) include firewall protection.

A computer firewall gets its name from the fireproof wall in buildings that acts as a barrier to prevent the spread of fire.

freeware

Software (or programs) available for free, usually over the Internet. These programs can be sources of hidden spyware and adware.

hacker

A person who uses programming skills to gain illegal access to a computer, network, or file.

header

Another name for an email header.

hijacker

A malicious program that takes control of a browser and may redirect it to a fraudulent site for the purpose of committing identity theft or fraud.

hoax

Something meant to deceive or trick. Hoaxes involving threats to computers usually arrive in an email and contain bogus warnings designed to frighten or mislead you. Unsuspecting recipients may forward the email to friends and colleagues, spreading the hoax.

keylogger

Software (or a program) that secretly tracks and records all activities on a computer, including keystrokes, web sites visited, and potentially more. The information captured is transmitted back to a third party, who can then use the information to access online accounts and sensitive personal and financial information.

mail header

Another name for an email header.

malware

Software designed to infiltrate or damage a computer without the owner's knowledge. Malware is a general category of software that includes viruses, worms, Trojan horses, spyware, adware, and other malicious software.

phishing

An attempt to steal passwords and private account information through fake web sites and emails that look like those of trusted companies. A phishing web site or email can look identical to the real thing, so it can be hard to tell that it's fake. Phishing schemes can also use instant messages, typically when an account is compromised. In this case, the fraudster sends phishing messages to the contacts in the account's Messenger or friend list.

pop-under

A form of online advertising designed to attract viewers to a web site or to capture email addresses. This type of ad "pops under" the current web page in a new window and isn't seen until the browser window is closed, making it more difficult to determine which web site opened it.

pop-up

A form of online advertising designed to attract viewers to a web site or to capture email addresses. This type of ad "pops up" in a new window, covering all or part of the current web page.

pop-up blocker

A program designed to prevent pop-ups and pop-unders.

pretexting

Using false pretenses (such as a false identify or name) to get personal information, which may be used to fraudulently obtain credit or assets.

shareware

Copyrighted software (or programs) available for free on a trial basis. Usually you'll be asked to pay a fee if you want to continue using the software after the trial period. These programs are sometimes sources of hidden spyware and adware.

sign-in seal

A feature of Yahoo! that helps to protect you against phishing scams. You create your personalized sign-in seal and then look for it every time you sign in to Yahoo!. If your sign-in seal isn't displayed, or isn't the one you created, you might be on a fraudulent web site, designed to look like a legitimate Yahoo! site.

social engineering

A common ploy used to gain access to accounts by manipulating unsuspecting victims into revealing confidential information. Perpetrators may befriend potential victims and use information provided by them to guess a password or other secret data, which they use to access the victim's online accounts.

spam

Any message, regardless of its content, that is sent to multiple recipients who haven't specifically requested it. Spam can be an email message or an instant message. Posting the same message multiple times to newsgroups or list servers is also considered spamming — especially if it isn't related to the topic. Spam is also called UCE (unsolicited commercial email) and UBE (unsolicited bulk email).

Spam folder

A folder in Yahoo! Mail used to hold email identified as spam.

spearfishing or spearphishing

A kind of phishing scheme that targets a specific organization or individual in an attempt to gain access to confidential data. Like phishing messages, spearphishing messages appear to come from a trusted source, and may even appear to be from an employee within the recipient's company. Typically, a spearphishing email asks for user names and passwords or instructs the recipient to click on a link. That link could result in the downloading of spyware or other malicious programs. If a single employee falls for the spearphishing scam, the attacker can pretend to be that individual and gain access to sensitive data.

spoofing

Imitating a legitimate web site. Phishing scams use spoofing to create site that looks like a legitimate web site to fool potential victims into signing on with their user ID and password. The spoofing site captures this information and uses it to gather personal and financial information.

spyware

A program or technology that aids in gathering information about a person or organization, often without their knowledge. It includes programs like hijackers and keyloggers. Spyware is often hidden alongside other programs, and you may unknowingly install spyware when you download a program from the Internet or install software from disks. You usually need a specialized anti-spyware program to remove spyware from your computer.

SSL

Abbreviation for Secure Sockets Layer. A set of rules that defines the format and sequence of messages sent over the Internet to provide a level of security when transmitting private information. When you sign in to Yahoo!, your password is always transmitted over a SSL encrypted connection.