Technology Security: understanding how malware attacks your computer.

Whenever you connect to the Internet, read your email, or share files with others, you are at risk. Why? Because there are automated attacks against your computer. These attacks can come directly, or indirectly, by malicious software (or malware) designed to harm your computer. Fortunately, you can protect yourself by taking a few simple precautions. But you need to understand the risks and how to avoid them.
How They Attack By Email:
Email Malware.

. May appear to come from someone you know or trick you into opening.
. May not have symptoms of infection but may be silently gathering information .
. Some may reduce performance or cause strange behaviors like a spontaneous reboot .

What To Do

. Only open email attachments that come from a trusted source and that are expected.
. Scan email attachments with AntiVirus prior to opening .
. Delete all unwanted messages without opening.
. Keep security patches up to date.

Email SPAM : How You Know

. Spam is a serious security concern as it can be used to deliver Malware.
. Messages that do not include your email address in the TO: or CC: fields are common forms of Spam .
. Some Spam can contain offensive language or links to Web sites with inappropriate content.

What To Do

If you suspect an email is spam, do not respond, just delete it .
Consider disabling the email's preview pane and reading emails in plain text.

Email Phishing : How You Know

. Requests for confidential information via email are not legitimate .
. Phishing attacks may use scare tactics to entice a response.
. Fraudulent emails are often not personalized .
. Phishing attacks may consist of a group of emails that share similar properties like details in the header and footer.

What To Do

. Be extremely wary of emails asking for confidential information .
. Confirm the authenticity of a suspicious request before responding in email.

How They Attack From The Web, Web Phishing
How You Know

. Fraudulent websites are used to steal personal information.
. Phishing attacks re-direct victims to a bogus Web site where malicious code is downloaded and used to collect sensitive information .

What To Do

. When visiting a website, type the address directly into the browser rather than following a link.
. Only provide personal information on sites that have "https" in the web address or have a lock icon at bottom of the browser.
. Do not provide personal information to any unsolicited requests for information.
. Confirm authenticity of a Web site .

Web Spyware : How You Know

. Many "free" programs downloaded from the web install software that tracks your behavior and displays unwanted advertisements.
. Some web pages will attempt to install spyware when you visit their page.

What To Do

. Allow only authorized programs to connect to the Web.
. Do not accept or open suspicious error dialogs from within the browser .
. Spyware may come as part of a "free deal" offer - Do not accept free deals .

Internet Vulnerabilities : How You Know

A vulnerability in the web browser may create a weakness in the computer security providing an opportunity for some websites to download malicious code

What To Do

. Install product updates and security patches before using the internet .
. Keep web browser up to date with latest patches.
. Make sure your computer is configured securely.
. Automatically shield newly discovered security holes with your Antivirus software .

How They Attack: From Instant Messaging; Instant Messaging Malware : How You Know

. IM attachments, just like email attachments, can carry destructive viruses, Trojan horses, and worms .
. Some new worms use IM software to send themselves to every member of your buddy list .

What To Do

. Don't open attachments or click on Web links sent by someone you don't know .
. Don't send files over IM.
. If a person on your Buddy list is sending strange messages, files, or web site links, terminate your IM session .
. Remove viruses from IM with your AntiVirus software .

Instant Messaging SPAM : How You Know

Some Spam can contain offensive language or links to Web sites with inappropriate content

What To Do

. Reject all Instant Messages from persons who are not on your Buddy list
. Do not click on URL links within IM unless from a known source and expected

Instant Messaging Vulnerabilities : How You Know

Most instant messages still travel unencrypted across the Internet, exposing private conversations to anyone who can find a way to listen in .

What To Do

. Never send personal information through an IM .
. Keep your IM software up to date.
. Keep your operating system and security software up to date'

How They Attack From File Sharing: File Sharing Malware

. Malware may spread through common peer-to-peer file sharing applications by placing themselves in shared directories with enticing filenames.
. Some Malware threats use peer-to-peer networks to communicate out from an infected system .

What To Do

. Scan all files with an Internet Security solution before transferring them to your system.
. Only transfer files from a well known source .
. Use your Windows Firewall to block all unsolicited outbound communication.

Use Virus Protection:
Viruses, worms, and Trojan horses are programs created by hackers that use the Internet to infect vulnerable computers. Viruses and worms can replicate themselves from computer to computer, while Trojan horses enter a computer by hiding inside an apparently legitimate program, such as a screen saver. Destructive viruses, worms, and Trojan horses can erase information from your hard disk or completely disable your computer. Others don't cause direct damage, but worsen your computer's performance and stability.Antivirus programs scan e‑mail and other files on your computer for viruses, worms, and Trojan horses. If one is found, the antivirus program either quarantines (isolates) it or deletes it entirely before it damages your computer and files.Windows does not have a built-in antivirus program, but your computer manufacturer might have installed one. Check Security Center to find out if your computer has antivirus protection. If not, go to the Microsoft Antivirus Partners webpage to find an antivirus program.Because new viruses are identified every day, it's important to select an antivirus program with an automatic update capability. When the antivirus software is updated, it adds new viruses to its list of viruses to check for, helping to protect your computer from new attacks. If the list of viruses is out of date, your computer is vulnerable to new threats. Updates usually require an annual subscription fee. Keep the subscription current to receive regular updates.

If you do not use antivirus software, you expose your computer to damage from malicious software. You also run the risk of spreading viruses to other computers.

Use Spyware Protection:

Spyware is software that can display advertisements, collect information about you, or change settings on your computer, generally without appropriately obtaining your consent. For example, spyware can install unwanted toolbars, links, or favorites in your web browser, change your default home page, or display pop-up ads frequently. Some spyware displays no symptoms that you can detect, but it secretly collects sensitive information, such as which websites you visit or text that you type. Most spyware is installed through free software that you download, but in some cases simply visiting a website results in a spyware infection.

Office 2010: What Microsoft will and won't say. By Mary-Jo Foley

A new build of Office 2010 — more recent than the Community Technology Preview (CTP) Microsoft delivered in July to a select group of testers — allegedly has leaked. (But as of this posting, not yet leaked to the Web.)

The new build, which, according to Wzor, is labeled “Beta 1,” (Build 14.0.4417.1000) includes some updates to Office 2010’s built-in Backstage document-management platform and some of the new volume-licensing-activation tweaks that company officials recently acknowledged were coming. There is also a new “upload center” in the leaked build, which could be related to Office Web Apps, the Web-ified versions of key Office apps that Microsoft is planning to release to testers this fall.

Microsoft officials declined to comment on the leak. I asked whether the allegedly leaked bits would be what Microsoft is planning to release as part of the public Beta 1 of Office 2010 due out later ths fall. A spokeswoman provided this statement in response:
“Microsoft officially released the Office 2010 technical preview in July and we are on track to deliver the public beta later this year. No additional Office 2010 code has been released by Microsoft since the technical preview. We strongly recommend that customers only download or use officially released Microsoft products, through appropriate Microsoft channels, since unofficial copies might contain malicious code.”

Even though Office 2010 seems pretty well baked, there’s still lots the company won’t say about the release, which Microsoft execs indicated to partners will ship in May/June 2010.
However, there are a few things the Office team is willing to talk about, especially regarding the product’s user-interface changes.

As Microsoft officials have said before, with Office 2010, all of the Office apps are getting the Ribbon interface. In Office 2010, OneNote, Publisher and Visio all will become “Ribbonized,” as will the rest of Outlook, said Aaron Butcher, Senior Program Manager on the Office User Experience Team. The Ribbon works a bit differently with each app, so adding it isn’t as straightforward a task for the User Experience team as it might seem. (The User Experience Team, a group of about 70 testers, designers, programmers and usability engineers, are the ones behind the UI changes in Office.)

“People said they would be better at their jobs if the could master Office,” Butcher told me during a recent phone interview. “We wanted to help them save time and to make everyone a power user.”
In spite of all Microsoft’s telemetry data that company officials cite when claiming the Ribbon is a success, there are plenty of customers and potential customers out there who aren’t Ribbon fans. Butcher noted that the Ribbon can be collapsed so that it takes up less room. (”Menu mode” is the closest you an get to doing away with the Ribbon all together, Butcher said.) Additionally, with Office 2010, users will be able to create their own custom set of commands. Users will be able to hide all labels or surface even more commands using the Ribbon.
If you’re holding out hope that Microsoft might completely do away with the Ribbon or offer a classic/Luddite option with Office 2010 or a future version of Office, you might want to come up for air. There are no such plans, Butcher said.

“We are really committed to the changes the Ribbon provides. Microsoft doesn’t want to have to support two distinct models (a Ribbonized view and a classic mode.” Plus, if we provided a classic mode, we’d be hurting developers who are building around Office,” Butcher said.
The Ribbon isn’t the only new UI element upon which the User Experience team is working. The aforementioned Backstage feature is part of that team’s domain. The Ribbon will be applied to the Backstage view in ways that it makes sense, Butcher said. Related to the Backstage overhaul, Office’s print function from scratch for the 2010 release. “There won’t be three different areas you need to go to to print,” Butcher said.

The User Experience team also has been instrumental in Office 2010’s enhanced tool tips — via which hovering over a specific tab will give a user a paragraph description on how to use a particular feature. And galleries — which Butcher describes as “mini-scripts, basically dialogues and commands under a single script,” is another.

What don’t you know about Office 2010 that you’d like to, at this point — other than when the heck those promised Office Web Apps are going to show up?

http://www.blogger.com/post-create.g?blogID=1153060451636228908