The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. Our information ranges from protecting your system against potential problems to reacting to current problems to predicting future problems. Our work involves handling computer security incidents and vulnerabilities, publishing security alerts, researching long-term changes in networked systems, and developing information and training to help you improve security at your site.
Home Computer Security - Your home computer is a popular target for intruders. Why? Because intruders want what you’ve stored there. They look for credit card numbers, bank account information, and anything else they can find. By stealing that information, intruders can use your money to buy themselves goods and services.
But it’s not just money-related information they’re after. Intruders also want your computer’s resources, meaning your hard disk space, your fast processor, and your Internet connection. They use these resources to attack other computers on the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement to figure out where the attack is really coming from. If intruders can’t be found, they can’t be stopped, and they can’t be prosecuted.
Why are intruders paying attention to home computers? Home computers are typically not very secure and are easy to break into. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.
Home Network Security - This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of “always-on” or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).
Before You Connect a New Computer to the Internet - This Tech Tip provides guidance for users connecting a new (or newly upgraded) computer to the Internet for the first time. It is intended for home users, students, small businesses, or any site with broadband (cable modem, DSL) or dial-up connectivity and limited Information Technology (IT) support. Although the information in this document may be applicable to users with formal IT support as well, organizational IT policies should be followed.* 08/06/2003
Fred Langa has three security articles that everyone should read;
How Much Security Is Enough? http://www.informationweek.com/840/langa.htm;
Good And Bad Online Security Check-Ups http://www.informationweek.com/841/langa.htm;
and Ten Windows Password Myths http://www.securityfocus.com/infocus/1554.
-------------
These are My Personal Instructions about what should be Regular Preventive Practices for everyone who "Surfs the Net" Especially if You Decide to Use Internet Explorer.
-------------
Need help with your security issues? A lot of people don't know how to, or that they even should, change the default password that came with their hardware (such as a router) or software (such as a firewall, anti-virus, operating system, etc.). Because of this it is TOO EASY for someone to break into your system and reek havoc. That's not what you want is it?
What? You didn't know that a router came with a password enabled? It's a simple password that can be hacked in a matters of seconds. If you are using a router then you need to read the manual and follow the directions to the "T", otherwise, if you leave the default settings anyone, including myself, would know that your password is Admin with no user name. See why you need to change that NOW?
It's time to change the Admin password to something much more difficult to figure out. You must use a mixture of letters, Uppercase and Lowercase, as well as mixing in some Numbers, and use At Least Eight Characters to be a decent password. A good example would be Ps9NtE4q. Now, that's not pretty and might be difficult to remember, but it would be more secure then using your daughter's birthday or your wife's name or even your Social Security number. You CAN NOT use a password that is easy to guess because hackers use Dictionary programs that will zip right through simple, generic names quickly and have access to your PC in no time at all.
And please remember that no matter how good your password is, it can still be hacked. BUT, the better it is the less likely it WILL be hacked.
O.K., enough preaching, for now. Let's move on to what else can you do to check to see how secure your PC is right now. I'm going to send you to Steve Gibson's site to have your PC scanned. Write down what you find after the two tests are finished and then we'll have you go back after you make some tweaks to your programs to make them more secure.
Go to Gibson's Research Center and read about their services before you click on "Proceed" to go to their Shields Up Security in order to see how secure or un-secure your PC is. You should also try BroadbandReports.com's Scan and also read their Security FAQ. BroadbandReports.com also has a "list of links to a few sites that have free vulnerability/port scans."
After all that let's get your PC secured and try it again.
You need a good AV (Anti-Virus), a FW (Fire Wall), a Spyware Blocker, a Spyware Scanner (or two), along with some safe surfing practices or this all will just be a waste of your time. These programs work well ONLY if they're configured properly and kept updated regularly.
AVG's AV created by Grisoft Inc. - "Grisoft has been focused on the development of Anti-Virus software for more than 10 years. The first version of AVG Anti-Virus was released in 1991. Our program development center is located in the Czech Republic. We employ the best experts in computer security available in Europe." * I have the free version of this program installed on all four of my personal PCs.
ZoneLabs.com offers several firewalls, both Free and Professional versions, and it is one of the best software firewalls around! All you need to do is search Google for ZoneAlarm for plenty of reviews. I've been using their products for over 3 years now, on Windows 98, 2k and XP Home, and have never had a problem with their products. I also have the current free version installed on all four of my personal PCs.
You can surely find many more AV and FW programs out there (I have more listed below) and lots of opinions about which ones to use. Obviously I'm recommending these since I've used them. Contact Me if you need/want more recommendations.
Now, what about cookies? No, not chocolate chip cookies, I mean the cookies placed on your PC by web sites. Want to learn more about them? Try Cookie Central for some very detailed info about cookies; How to Delete Cookies & How to Block Cookies. Warning: Lots of info, but well worth the time needed to read about and understand how cookies work! Another MUST SEE SITE!
Lastly, you need to think about your habits while surfing and using e-mail. If you install a program without taking less than five minutes to research it, or open an e-mail with attachments while not knowing who sent it to you, then you'll likely end up with a Spyware, Trojan, or Virus program on your PC and you might never even know it. You want a SCARY STORY??!! READ THIS!! Some of these malware/spyware/trojan/virus programs can even disable your Anti-Virus or Firewall programs. Please check my Spyware & Spam page for more info. Personally I use, Ad-aware, Spybot Search & Destroy and Spyware Blaster. These programs must also be kept updated or they'll be useless.
While you're here, also check out the Hoaxes & Urban Legends and the Security Info & How-To headings.
These are just the basics, but if you'll at least do this much you'll be protected better than most people.
Want to know if your anti-virus program is actually working? Try this Anti-virus test;
The Anti-Virus test file (...please read the complete text, it contains important information...)
A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.
Agreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore.
This test file has been provided to 
for distribution as the " Standard Anti-Virus Test File", and it satisfies all the criteria listed above. It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test").
The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").*
Trend Micro also offers the same test; EICAR Standard Antivirus Test File - The EICAR organization or European Institute of Computer Anti-virus Research, along with antivirus vendors, has developed this test file to assist users in testing their installations of antivirus software. It is recommended that vendors detect this file.
This is NOT A VIRUS. The file is a test file which may be used to test antivirus software. The code is harmless and when detected properly the virus scanner will display the following message: EICAR-TEST-FILE*
How antivirus software and System Restore work together - This step-by-step article describes how System Restore in Microsoft Windows XP interacts with your virus scanning software. This article also describes how to remove infected files that you cannot clean from the System Restore data archive. As a result, you can continue to restore your computer to uncompromised restore points. This article also describes how you can revert to a previous infected restore point. This procedure is useful if you must restore an infected file.* 02/17/2005
AVG Anti-Virus - A free AV that I'm currently using on all four of my personal PCs and it works great!
Eset's NOD32 Anti-Virus - Founded in 1992 and headquartered in San Diego, Calif., Eset is a global security software solution company that provides next generation virus protection. Eset's award-winning anti-virus software system, NOD32, assures maximum network performance, advanced heuristic detection, and free worldwide support. NOD32 provides enterprise customers with the highest ROI in the industry as a result of increased user compliance, decreased downtime, and higher productivity. NOD32 holds more Virus Bulletin 100% Awards than any other anti-virus product available, consistently detecting all known viruses "in the wild" without false positives. Eset's work with major corporations like Canon, Dell and Microsoft has propelled the company into Deloitte's Technology Fast 500 two years running. Eset is a privately held company with offices in San Diego, US, London, UK, Prague, CZ, and Bratislava, SK.* Updated 03/17/2005
Kaspersky Lab - Their Online virus checker gives the possibility to check your files quickly and free of charge. You indicate the file to be checked, this file is uploaded from your computer to the "sanitary" server where it is scanned by the top-rated anti-virus program, Kaspersky Anti-Virus. Even the most recent viruses won't be missed as anti-virus databases are updated daily.
Each time you may check only one file whose size does not exceed 1MB (if you attempt to upload a larger file the server will respond with a "technical error" page. To indicate the file to be checked put the name of the file into the field located at the top of the page or choose the file using the browse feature (button) and then click the button "check".
If you need to check several files, create an archive (zip or arj etc.) and check the entire archive or check files one after the other. The size of the archive also must not exceed 1MB.* 06/11/2003
Kerio Personal Firewall - Kerio Technologies Inc. is a major provider of Internet security software for small to medium sized networks. Our solutions protect local networks and personal computers from Internet threats and offer a secure environment for corporate messaging and communication needs.
Kerio Technologies offers a 30-day trial of its products in the hopes that all customers will evaluate the software before making a purchasing decision. For this reason, we maintain a strict no-refund policy.
Kerio Personal Firewall is FREE for home and personal use. For corporate use please see the pricing and licensing policies section.
For home users, Kerio Personal Firewall 4 is available in two flavors - the full edition and the limited free edition.
After installation, KPF works as the full edition for 30 days, after which it becomes the limited free edition.
Limited free edition does not provide the content filtering capabilities such as blocking pop-up windows, ads, VB scripts, cookies, etc. and other extra features. Please see the comparison table for more details.* Sunbelt has acquired Kerio Personal Firewall - "Kerio product acquisition completed" - Today we announced the completion of our acquisition of the Kerio Personal Firewall and the Kerio Server Firewall.* You can still download the free version of Kerio Personal Firewall version 2.1.5 from here. Updated: 01/08/2006
McAfee Anti-Virus - McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.* 08/13/2004
Outpost Firewall PRO, version 2.0 New Outpost Firewall Pro 2.0 outdistances the award-winning Outpost Personal Firewall Pro 1.0 on multiple levels. Explore the power and ease of use of Outpost Firewall; download the free 30-day trial version.* 06/09/2003
Outpost Firewall FREE, version 1.0 The FREE version of Outpost Firewall offers a basic protection solution for casual web surfers and low budget systems.
*
They also have the Outpost Firewall Support Forums available. 06/09/2003
Panda, the experts in virus and intrusion prevention - We protect your computers, keeping your information safe from viruses and intrusions. Virus Encyclopedia - Practical information on how to deal with viruses.* Virus Repair Utilities
SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely††† available as open source code. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.* 01/08/2006
Sygate is the market leader of endpoint security solutions for the large enterprise. Using the award-winning Sygate Secure Enterprise, organizations protect their networks, enforce business policies, and automate security best practices to regain control of network security, ensure compliance across the enterprise and reduce cost. Partnerships with industry leaders, including Aventail, Cisco, iPass, Nortel, Netscreen and RSA, enable seamless protection across multiple platforms and applications.* Another "free for personal use" firewall that is very reliable. 11/01/2003
Symantec's Security Response Center - The latest Security Advisories, Virus Threats, Virus Definition Updates, and more, including a Search Tool and a Security Trace Tool. They also have Anti-Virus and Internet Security programs. Test your computer's exposure to online security threats and learn how to make your computer more secure.* Error: "LU1803: LiveUpdate failed while getting your updates" or "LiveUpdate had an internal error while getting your updates" 06/26/2003
Trend Micro now has an online virus scanner called HouseCall. 11/23/2002
ZoneAlarm - One of the great, Free Firewalls. I use this one myself and have been for over 3 years now. Easy to use and configure. Has some great features. They also have a Professional version for sale that has been rated as tops in many reviews! PCWorld.com has an article about the new version 4 ZoneAlarm Pro and Plus. Check out their User Forums if you're having any problems with ZoneAlarm. Updated: 12/30/2005
ZoneAlarm now has an Online Security Scanner; Scan for a range of Internet tracking devices...and delete them.
Simply surfing the Internet exposes your browsing habits to others. Files can be placed on your computer to track your activity online and report back to questionable parties. These tracking devices are unwanted files that invade your Internet privacy.
These unwanted files, also referred to as "cookies", can facilitate or perform the following types of actions:
The Zone Labs Security Scanner quickly informs you of the presence of these unwanted files. There is no limit to the number of scans you can perform.* 04/15/2004
Bruce Schneier - Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.* 04/01/2006
CastleCops.com (formerly known as computercops.biz) is a globally oriented security and privacy site based in New Jersey. Paul Laudanski (AKA Zhen-Xjell) started the site Feb 22, 2002 with focus in online security and privacy information in a community environment. Since then, the site also focuses on Spyware/Malware. Discussion topics cover security software, support/troubleshooting services, identity protection, browser hijacking cleanup, tutorials, news, downloads, roughly 200 forums, and software reviews.
On November 7, 2005 CastleCops started CastleCops Deutsch, a German language portal to support the ever growing German speaking membership. CastleCops Deutsch is also security oriented but also has Forums of more interest for the German speaking world. So, if you speak German please visit the forums at CastleCops Deutsch.* Check out their Malware Removal and Prevention: Introduction, Malware Removal and Prevention: Overview, Malware Prevention: Prevent Re-infection, Malware Removal, Malware Removal: Securing Your Computer, and Popular Pages. 02/08/2006
Center for Safe and Responsible Internet Use - The Center for Safe and Responsible Internet Use has been established to provide outreach services addressing issues of the safe and responsible use of the Internet. Our goal is to provide guidance to parents, educators, librarians, policy-makers, and others regarding effective, empowerment strategies to assist young people in gaining the knowledge, skills, motivation, and self-control to use the Internet and other information technologies in a safe and responsible manner.* 02/26/2007
Computer Security Division (CSD) - (893) is one of eight divisions within NIST's Information Technology Laboratory.
The mission of NIST's Computer Security Division is to improve information systems security by:
Donna's SecurityFlash Blog - Just blogging PC and internet security items that I find interesting and I hope it will help anyone in any way.* 01/03/2007
DosHelp.com - Intrusion & Attack Reporting Center - Our mission is to provide assistance to users who are encountering internet abuse. Internet abuse has many forms, such as portscanning, Denial of Service, bug exploitation, spam, trojans and viruses. We have expanded our assitance [sic] to deal with spam, viruses, worms, trojans and annoying popups.* They cover various security programs for Linux, Mac, and Windows operating systems. 04/25/2004
F.I.R.E. - is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins.* 02/29/2004
Get Safe Online - Get Safe Online will help you protect yourself against internet threats. The site is sponsored by government and leading businesses working together to provide a free, public service.* 02/28/2006
InfoSysSec.net - A security site created by College Students from Algonquin College. There is way too much info to even try to highlight anything here, It's a Must See Site! They also have a Security News Portal. 04/26/2003
Internet Explorer Security Center (IESC) - The purpose of this web site is to disseminate information regarding the security issues pertaining to Microsoft® Internet Explorer.*
i-SAFE - i-SAFE America Inc. is the worldwide leader in the Internet safety education. Founded in 1998 and endorsed by the U.S. Congress, i-SAFE is a non-profit foundation dedicated to protecting the online experiences of youth everywhere. i-SAFE incorporates classroom curriculum with dynamic community outreach to empower students, teachers, parents, law enforcement, and concerned adults to make the Internet a safer place. Please join us today in the fight to safeguard our children’s online experience.* 02/04/2006
Kidz Privacy - Children's Online Privacy Protection Act (COPPA), Just for Kidz, Adults Only, For Media, For Teachers, Business Buzz, Resources and FTC COPPA-Related News Releases. 01/23/2006
NetSmartz Workshop - The NetSmartz Workshop is an interactive, educational safety resource from the National Center for Missing & Exploited Children® (NCMEC) and Boys & Girls Clubs of America (BGCA) for children aged 5 to 17, parents, guardians, educators, and law enforcement that uses age-appropriate, 3-D activities to teach children how to stay safer on the internet. Read an overview of NetSmartz age-appropriate materials for each age group.* 11/26/2006
The Network Abuse Clearinghouse is intended to help the Internet community to report and control network abuse and abusive users. Since the best place to report abusive activity varies from one system to another, we're trying to keep a master database of reporting addresses for users throughout the net to use.* 04/25/2004
Protecting Your Privacy & Security - Welcome to Eric Howes' Privacy & Security Page at the University of Illinois at Urbana-Champaign - On this web site you'll find links to thousands of web sites and programs. When adding links to web sites and programs I try to be as inclusive and non-judgmental as possible. The programs and web sites you do see listed here may vary widely in quality, but I do not personally endorse or recommend any web site or program over another. Nor do I accept money or any other form of compensation for product placement or listing.
I do occasionally see complaints in newsgroups or on web boards about some of the programs and web sites you'll find here. Unless a program or web site does something absolutely intolerable or is a flat-out scam, however, I will list it and let the users themselves sort it out. I have encountered programs and web sites that I've refused to list for one reason or another, but those are rare cases. There are plenty of web pages out there that list only a few "pet favorite" web sites and programs, but I want to do something different with this site. My policy is simply to say, "Here they are," and let the users investigate.* 04/25/2004
SafeKids.Com and SafeTeens.Com are projects of The Online Safety Project (OSP). OSP is operated by Larry Magid, a syndicated columnist, broadcaster and author of numerous articles about online safety.* 05/26/2003
Saltmeadow.com - Great ideas to guard your online privacy! A well done, clean site. You really should check this one out.
SANS is the trusted leader in information security research, certification and education. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. The SANS Institute enables more than 156,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
Many SANS resources, such as news digests, research summaries, security alerts and award-winning papers are free to all who ask. Income from printed publications funds university-based research programs. Income from SANS educational programs fund special research projects and SANS Training program.* Check out their Resources page. 05/18/2003
Secunia Software Inspector - The Secunia Software Inspector relies on carefully crafted "Secunia File Signatures" to recognise applications on your system. The detected applications are then matched against our "Secunia Advisory Intelligence" to determine whether an application is up-to-date or not. The results are then used to advise you on how to update to more secure releases of the insecure applications.
Feature Overview:
How Does it Work: - The Secunia Software Inspector relies on carefully crafted "Secunia File Signatures" to recognise applications on your system. The detected applications are then matched against our "Secunia Advisory Intelligence" to determine whether an application is up-to-date or not. The results are then used to advise you on how to update to more secure releases of the insecure applications.
Minimum Requirements:
Steve Gibson's Research Corporation - You Want Security Info? Go Here! Lots to read! Also a great place to Test your security settings!
StopBadware.org - StopBadware.org is a "Neighborhood Watch" campaign aimed at fighting badware. We will seek to provide reliable, objective information about downloadable applications in order to help consumers to make better choices about what they download on to their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and to become a focal point for developing collaborative, community-minded approaches to stopping badware.
Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute are leading this initiative with the support of several prominent tech companies, including Google, Lenovo, and Sun Microsystems. Consumer Reports WebWatch is serving as an unpaid special advisor.* 03/20/2006
- A not-for-profit 501(c)(3) organization, the National Cyber Security Alliance (NCSA) is the go-to resource for cyber security awareness and education for home user, small business, and education audiences. A public-private partnership, NCSA sponsors include the Department of Homeland Security, Federal Trade Commission, and many private-sector corporations and organizations. NCSA provides tools and resources to empower home users, small businesses, and schools, colleges, and universities to stay safe online. For more information, and to see the top eight cyber security tips, visit www.staysafeonline.org.*
TeMerc Internet Countermeasures - Adware, malware, spyware and hijacker information - The focus of this new site and forums is still, and always will be to provide user who are new to security a place to come and get straight forward, plainly explained information regarding Internet security. It is aimed towards the home user with 1 or 2 other machines on a small network.
My aim is to provide you with enough information and knowledge of security to prevent you from getting infected with any of the many adware\spyware and the more malicious malwares currently being purveyed on the Net.* 06/26/2007
Vitalsecurity.org - I am Christopher Boyd, Microsoft Security MVP and Director of Malware Research for FaceTime Security Labs. You've probably seen me online, under the guise of Paperghost. If you're a bad guy, you'd best fear me. Or I'll slam you in a ditch, Kung-Fu style and then brag about it on this website.
Webmaster of Vitalsecurity.org, I've been involved in some pretty big Spyware busts over the past year - check out some of the links for more information. I have featured on radio (The David Lawrence Show, syndicated across America, BBC Radio 5) and in print (SC Magazine, ITWeek) and hope to star in a non-Gonzo movie soon.
In addition, I also write at Paperghost.com, FifT2, ReveNews and the SpywareGuide Blog. I have various responsibilities for other sites, including Admin at Spywarewarrior.com and Tankweb.net, a HJT team member and (former) HJT coach at Bleepingcomputer.com, a Community Leader at Bluetack.co.uk, moderator at TeMerc.com and Mod for the Security section of .NET Magazine.* 06/26/2007
What Is Transferring is a easy-to-use packet sniffer for Windows 2000/XP. It is able to capture TCP/IP packets that pass through your network adapter, and view the captured data in Text mode (for HTML page, email, etc.) or in Hex/Ascii mode (for ZIP, JPEG, GIF, etc.). With this software, you can check:
1) If there is any unwanted connections. For example, if you do nothing but this software captured some HTTP or UDP connections - it means that some software automatically tried to connect to other computer. (might be spyware, adware, virus, trojan, etc.)
2) What have those connections sent or received. For example, if you installed adware on your computer, you may want to know if your privacy was sent out.
It works on Windows 2000/XP, no need to install any capture driver. It also allows you to save captured data to text file.* 10/16/2005
WiredSafety - WiredSafety, Is A 501(c)(3) Program and the largest online safety, education and help group in the world. We are a cyber-neighborhood watch and operate worldwide in cyberspace through our more than 9,000 volunteers worldwide. (WiredSafety is run entirely by volunteers.)
Our Web Sites, A - Z:
with questions or comments about this web site.
|