you can imagine. I have also always been a big fan of free programs. There are a lot of free programs with varied applications but for now we will focus on only antivirus programs.

I have tried them all over the years and finally settled on two in particular. I can’t give the

names here but I still have a couple on my site. Have they let me down in the past, sure.

I have been through all stages of infection from a one run fix with my antivirus program

to a full wipe, reformat, and reinstall of the operating system. The latter will cost you time,

effort, the loss of your computer function, and probably a few gray hairs too! You see, if your computer becomes infected and you don’t address it right away, or maybe you didn’t

notice, bad things can happen. Without getting into too much technical detail a computer virus left unchecked will wreak havoc on your computer. The situation never gets better, only worse. The symptoms are only annoying at first but if not removed it can cause enough damage to render your computer inoperable, and if it gets into the boot files you can’t even turn it on. So you must weigh the cost factor of buying an antivirus program against the possible consequences you might face in the future.

    You might ask what the difference is between a free version and a full version. A free antivirus program is like a stripped down version of that company’s flagship version. You don’t have all the function and in many cases you don’t get the real time protection that can block a virus from getting on your computer.  I know you are thinking that the programs are getting better all the time but so are the virus programs. From personal experience I can tell you that the percentage of computers that are brought to me to repair for virus removal has increased dramatically. Right now it is especially bad. MY BEST

ADVICE to those of you with AVERAGE computer skills is to protect yourself as best you can. The money you save today could cost you ten times as much down the road.

    Let me give you an example. I built my son a computer when he was five. He just turned

nine and two months ago his computer had a terrible virus. He only GOES to SITES like cartoon network to play the games, or does a search for his favorite baseball player. I know

because we keep his computer in the dining room where we can see everything. Don’t YOU

TOO? Anyway, by the time he told me it was running slow, ( my fault for not checking ), the registry was so damaged that I had use his backup program to restore his computer.

This is OFF TOPIC but you should all have some kind of backup program. The lesson here is that you never know when a virus can strike so you should be as protected as possible.

                                                                       Alan Hohenbrink

My website provides software and guidance to the average computer user to utilize the tools necessary to deal with a computer virus. http://www.maumeevalleycomputer.com http://www.maumeevalleycomputer.com/id82.html

Article Source:http://www.articlesbase.com/security-articles/free-antivirus-vs-full-product-antivirus-programs-are-they-safe-to-use-798518.html

Escorcher told me some files were infected with the Parite virus and suggested removal of these files. Luckily I didn’t remove them. Escorcher will say this about some valid uninfected Windows files, and if you take its suggestion and remove these files your Windows will stop working. I also started getting pop-ups while I surfed the Web.

I did some research online and found out that Escorcher is what they refer to as a rogue program. This means it’s a fake program, not really the antivirus it claims to be. It turns out that it is adware and spyware. The pop-ups were generated by Escorcher and it collected my IP address and web browsing habits and passed it on to advertisers.

When I found this out I knew I had to remove Escorcher. I tried to uninstall it via add/remove programs, but that didn’t work. I searched the Web for an answer and found out that I needed an anti-spyware program. I also found the disturbing fact that most anti-spyware only removes 80-90% of an infection, leaving you still infected. I did some digging and found there are anti-spyware programs out there that give 100% removal guarantees, but you have to look for them.

Carl runs a site devoted to helping you rid your computer from all sorts of spyware and malware at http://www.spyzooka.com/

Article Source:http://www.articlesbase.com/security-articles/escorcher-adware-and-spyware-rolled-into-one-798553.html

Xpassmanager is an aggressive piece of advertising software that monitors your computer for browsing habits. They gather 3rd party advertisers who use this surveillance as a window of opportunity to customize their advertising tactics according to your browsing habits. Not only does it track where you go online, but all of the passwords and private information that you use to access accounts online may be recorded and used by the 3rd party advertisers. If you fall victim to identity theft or credit card fraud, it’s virtually untraceable where the information was leaked.

Xpassmanager is downloaded through questionable sites. We all know to be wary of porn sites and pirated software like warez. Did you know that more often than not adware is loaded from peer to peer file sharing communities (P2P). The other one that gets you is seemingly innocent “free software”. The people that make the free software have to find some way to pay for their expenses, so they allow advertisers to ride their coattails during the download. The free software has no way of telling if the advertisement contains malware.

Once you have unknowingly downloaded Xpassmanager, the signs of infection come on slowly. First, your computer may seem slow. Then, you notice some pop-ups that your security settings don’t get. Next, you notice that your security settings have been disabled. If you keep letting it go, the pop-ups don’t stop, and you get more unwanted gifts. Expect browser hijacking, add-ons, and unwanted toolbars.

So, you may be wondering why your anti-spyware didn’t work. These days it seems everyone has jumped on the anti-spyware program bandwagon, but they may only have 100,000 definitions in their bank. This simply isn’t enough to take care of any problems.

Xpassmanager is updated often, so you will need an anti-spyware program that is on top of things. Try a program that offers a 24 hour, 100% removal guarantee.

Carl runs a site devoted to helping you rid your computer from all sorts of spyware and malware at http://www.spyzooka.com/

Article Source:http://www.articlesbase.com/security-articles/is-xpassmanager-adware-798391.html

After I downloaded and installed My Daily Horoscope I found the Begin2Search toolbar was also installed at the same time. Almost immediately I started getting flooded with advertisements. Most of these came in the form of pop-ups, but some were in the form of floating images over my windows. The advertisements themselves were an annoyance, but then my computer started acting sluggish and my Internet speed slowed to a crawl. I did some research and found out this is because of the pop-ups being generated by enConfidence. The advertisements were hogging my processor and my bandwidth.

In my research I found some other things about enConfidence that alarmed me. Seems the program tracks your web activity and uses a unique identifier for each person, which could allow it to track your personal information. I also learned what exactly adware is. Adware is a program written with the express purpose of sending you advertisements. These advertisements usually take the form of pop-ups, but, as noted, can take other forms as well. Adware is considered an infection and the way adware spreads is by being bundled with other “free” programs. Examples of the kind of programs that come bundled with adware are screen savers, games, weather watchers, alarms, etc. I also found out that many adware programs will track your web browsing activities in order to tailor the advertisements to things that may interest you more and thus stand a better chance at selling you something.

Well, after discovering all that I want enConfidence off my computer. So I go to add/remove programs and uninstall it. I thought it was gone until the next time I started up my computer and the pop-ups were back. So I did some more research looking for how to remove enConfidence. I found that I needed to get an anti-spyware program. I also found that most anti-spyware programs only remove 80-90% of any infection, so you have to really look to find the anti-spyware that removes 100%.

Carl runs a site devoted to helping you rid your computer from all sorts of spyware and malware at http://www.spyzooka.com/

Article Source:http://www.articlesbase.com/security-articles/enconfidence-beware-of-this-adware-790186.html

 Today, the majority of application protocols use the Internet’s reliable Transmission Control Protocol (TCP). The functionality of TCP  is designed to be adequate not only for Internet applications but also for the variety of underlying networks.

           The protocol aims at providing a reliable service with the following features:

       1. Fairness to other flows that potentially share a channel’s bandwidth

       2. Dynamic discovery of current availability of bandwidth

• 1. Mechanisms for congestion avoidance and control and for optimization of  the error recovery process.

   Error control mechanisms are the central component of reliable protocols. They affect a protocol’s performance with respect to goodput, energy expenditure, and overhead. Error control is usually a two-step process: error detection, followed by error recovery . TCP assumes a relatively reliable underlying network where most packet losses are due to congestion . TCP  error control is centered on congestion losses and ignores the possibility of transient random errors or temporary blackouts due to handoffs and extended burst errors that are typical in wireless networks. TCP detects errors by monitoring the sequence of data segments acknowledged (received). When timeouts are correctly configured, a missing segment is taken to indicate an error, namely that the segment is lost due to congestion (i.e. buffer overflow). Reliable protocols usually implement an error recovery strategy based on two techniques: retransmission of lost segments; and downward adjustment of the sender’s window size and readjustment of the timeout period. When using TCP over wireless links results in congestion control measure being invoked at the source.

            The Additive Increase Multiplicative Decrease (AIMD) algorithm is used to implement TCP window adjustments; based on the analysis the algorithm achieves stability and converges to fairness in situations where the demand (of competing flows) exceeds the channel’s bandwidth .

            In a wireless network, however packet looses will occur more often due to unreliable wireless links than due to congestion. It is shown that the performance of TCP is sensitive to the packet size, and that significant performance improvements are obtained if a ‘good’ packet size is used. Packets on the internet may get lost either due to congestion, or due to corruption by the underlying physical medium. Given the low error rates of wired links, almost all losses are related to congestion. TCP’s reaction to looses is based on this very observation. Losses are detected either by timeouts at the source or by multiple duplicate acknowledgements ( dupacks ) from the receiver. TCP assumes that each packet loss is solely due to congestion. However, in a wireless network, TCP will encounter packet looses that may be unrelated to congestion. Nonetheless, these losses trigger congestion control measures at the source and severely degrade performance.   

TCP was designed and carefully calibrated to overcome the problems like as follows:

• 1. Stability.
• 2. Heterogeneous ( receiver buffers, network bandwidth and delay ).
• 3. Fairness in bandwidth consumption of competing flows.
• 4. Efficiency in utilization.
• 5. Congestion control ( that effectively avoids situations of congestive collapse ).

            Transmission Control Protocol (TCP) is a means for building a reliable communications stream on top of the unreliable packet Internet Protocol (IP). TCP is the protocol that supports nearly all Internet applications. The combination of TCP and IP is referred to as TCP/IP and many people imagine, incorrectly, that TCP/IP is a single protocol.

Performance Metrics of TCP  :

Goodput :

 This is the measure of how efficiently a connection utilizes the network. It is determined as the ratio of useful data received at the destination and the total amount of data transmitted by the source. If a connection requires a lot of extra packets to traverse the network due to retransmission, its goodput is low. It is desirable that each connection have as high a goodput as possible. Clearly, this metric is of great significance for efficient operation of a network.

Throughput :

 This is the measure of how soon an end user is able to receive data. It is determined as the ratio of the total data received by the end user and the connection time. A higher throughput will directly impact the user’s perception of the quality of service.

Article Source:http://www.articlesbase.com/networks-articles/transmission-control-protocol-tcp-789291.html

Home

This ISO 27001 International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

NOTE 1: References to ‘business’ in this International Standard should be interpreted broadly to mean those activities that are core to the purposes for the organization’s existence.

NOTE 2: ISO/IEC 17799 provides implementation guidance that can be used when designing controls.

The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature. Excluding any of the requirements specified in Clauses 4, 5, 6, 7, and 8 is not acceptable when an organization claims conformity to this International Standard.

Any exclusion of controls found to be necessary to satisfy the risk acceptance criteria needs to be justified and evidence needs to be provided that the associated risks have been accepted by accountable persons. Where any controls are excluded, claims of conformity to this International Standard are not acceptable unless such exclusions do not affect the organization’s ability, and/or responsibility, to provide information security that meets the security requirements determined by risk assessment and applicable legal or regulatory requirements.

NOTE: If an organization already has an operative business process management system (e.g. in relation with ISO 9001 or ISO 14001), it is preferable in most cases to satisfy the requirements of this International Standard within this existing management system.

Delatprima mempersiapkan bagi Anda segala kebutuhan untuk jasa konsultan iso 27000 27001 27002, iso 27001 consultant, it security management consultant, konsultan isms, isms consultant, information security management consultant, it risk management, konsultan keamanan ti, konsultan manajemen keamanan ti, iso it security consultant, konsultan iso 17799, iso 17799 consultant, training iso 27000 27001, it audit, konsultan it bsc, manajemen risiko ti, tata kelola ti, it governance, it scorecard, iso 27000 27001 certification audit.

Hubungi segera NOVI – TEL. 021.7511984, 08161346764.

Article Source:http://www.articlesbase.com/security-articles/deltaprima-konsultan-manajemen-keamanan-informasi-it-security-iso-27000-iso-27001-consultant-business-continuity-bcp-drp-disaster-recovery-787059.html

Here is a very good article why we should and how we can enforce security policies in a corporate environment:

http://www.cw.com.hk/article.php?type=article&id_article=2588

As we have discussed before in this blog, the point is that you need to let employees know why there are security policies and how the policies are benefiting them. And let them know the consequences of violating the policies.

CISCO has recently released a study that shows many employees do not follow Security Policies in the work environment. The reason is that they think the policy is not fair to them, and that the policy is not aligned with the reality of their daily work activities.

http://www.cw.com.hk/article.php?type=article&id_article=2591

In the article, it states:
“The study found that the majority of employees believe their companies’ IT security policies are unfair. Indeed, surveyed employees said the top reason for non-compliance is the belief that policies do not align with the reality of what they need to do their jobs, according to Cisco”.

This reconfirms that the human factor in Information Security is still the primary issue we need to deal with in our day-to-day security management.

Tags: Information Security Policy, Information Security Policy Management, Employee Attitude to Security Policy, Security Policy, Security Policy Management

This illusion is best illustrated by an interesting game called the Monty Hall Problem, which goes like this:

Suppose you are a lucky game show player who is picked to participate in a game. The game requires you to stand in front of the three doors. Behind one door is a car, and behind each of the other two doors is a goat. You are told to choose one of the doors, and if you choose the door to the car, you win the car.

The game requires you to make your choice, and then the host (who knows what is behind each door) will open one of the other two doors that he knows does not open to the car. According to the game rules, you have the chance to change your mind and choose the other remaining door, or remaining with your original choice.

The problem is: Should you pick the other remaining door, or trust your first choice? Would this decision make any difference in the chance of winning the car?

Most people will say that the chance is the same for whichever choice because you have half the chance to win the car out of the two remaining doors. It sounds logical, doesn’t it?

But let’s examine this carefully. Suppose you label these two strategies as:

Strategy A:  Remaining with the present door choice.

Strategy B:  Changing the choice to pick the other remaining door.

Let’s take a look at Strategy A first, where there are two outcomes:

Strategy A, Outcome 1: Your original door choice was the one if front of the car all along, and you win because you chose to remain with the first door you picked. The chance of you picking the door with the car at the beginning of the game was 1/3 because you had to choose one out of the three doors.

Strategy A, Outcome 2: Your original door choice was one of the two doors in front of a goat, and you lose because you chose to remain with this first door you picked.  There is 2/3 of chance for this scenario to take place, since two of the doors had goats behind them.

So for Strategy A, you had only a 1/3 chance to win the car.
What about Strategy B, where you change your original choice?

Strategy B, Outcome 1:  You change your door choice, and unfortunately your new door choice is hiding the other goat. You lose. Remember you have 1/3 of chance in this outcome as discussed previously.

Strategy B, Outcome 2: You change your door choice, and open the door hiding the car. You win! And you have 2/3 of chance in this outcome. (If you’re interested in a full explanation of how the outcome changes to 2/3, search for the term “Monty Hall Problem” using your favorite search engine and you’ll find plenty of information.)

Looking at the problem this way, it’s quite obvious that Strategy B is a better choice, isn’t it?

Some of you might still feel confused. You might need to re-read the whole discussion above to clarify your thoughts.

Ultimately, this game illustrates one very important weakness of people: We tend to jump to conclusions for many problems too easily without careful analysis. And worst of all, we are usually over confident as to what we have concluded at the beginning.

This problem is closely related to the people issue in Information Security or Corporate Risk Management. People tend to overlook many possible system vulnerabilities when undergoing so-called “risk analysis”. They are not aware that they have been overly naïve when thinking about the possible threats to their system of operations.

It’s quite interesting that this phenomenon is well observed now, as there are so many financial institutions around the world running into their own financial problems because the people who run those organizations were too confident in themselves to manage the risks. And indeed, they seem to be completely blind to the possible exposure of managing and holding all those financial products they have on hand, without even thinking about the possible serious consequence of dragging down their own companies if things go against them. And indeed, it catches up to them in the end.

So in the risk management exercise of information security, the number one beneficial attitude is to be humble. We need to realize that we are not invincible, and be very careful in weighing all possible risks related to the information system we are using. We have to work out the plan in every step of risk management without the tendency to overlook or jump to conclusions too easily. Without the right mind set, we are very likely to fail to manage all possible risks properly.

Tags: Corporate Governance, IT Governance

The Google Browser is an open source project, and many of the components it was built on use open source software. One of them is the open-source rendering software called WebKit. This component was found to have a security flaw in its older version. It allows the attacker to maliciously trick web surfers into downloading a java (or other types of) executable file from a webpage. As the downloaded file appears, a button under the Chrome browser could be pressed by the user and hence run the program.

Since a java executable file will not warn the user before it runs, the user could accidentally trigger a malicious java program.

For details of this news, refer to this article:
http://www.cw.com.hk/article.php?id_article=2236

This security flaw has been identified previously with Safari, the browser from Apple. Apple patched the flaw last June.

To avoid the possible download of a malicious file, you can turn on the option to prompt the user for the file download path under Options → Minor Tweaks → Ask where to save each file before downloading.

In fact, other than this security issue, I always recommend using browsers under open source efforts such as Firefox, or now Chrome, because those browsers are built using program sources that are open to everyone. Then, security experts can always look at the program code details inside the program to uncover potential security flaws. This makes the software safer to use in the long run.

Tags: Google Chrome, Apple Safari, Google Chrome Security Issue, Google New Browser

To illustrate those concepts, I like to use a popular diagram¹ from Common Criteria, shown below:

In the center of this diagram you’ll find the term vulnerabilities. Vulnerabilities are any weaknesses of a system. A system always contains vulnerabilities. You cannot build a 100% perfect system with no vulnerabilities, even if you have unlimited power, money, and time to build such a system. All systems contain imperfect components, and the integration of imperfect components produces an imperfect system that always possesses certain vulnerabilities.

Threats are elements from various sources that can exploit vulnerabilities and that increase risk. Risk is the probability that the system’s asset will be damaged/abused by the threats that exploit the vulnerabilities. Assets can be tangible (such as hardware/software) or intangible (such as good will and customers’ confidence).

Threats can be initiated by threat agents. A common threat agent for IT systems is people. They can accidentally or intentionally exploit vulnerabilities of a system to impact an IT system.

In order to manage risk, we deploy countermeasures (controls) to a system to reduce the vulnerabilities. The decision to deploy certain countermeasures to reduce the vulnerabilities and hence reduce risk lies solely on the information owner, who bears all consequences arising from the risk.

In a formal risk management exercise, an organization should undergo an intense brainstorming session to discover all possible threats that can exploit the vulnerabilities of a system. The difficult part of this step is not determining whether a certain threat will cause risk to a system, but the effort required to locate all possible threats to a system. Anything overlooked could lead to possible serious exposure to risks that have not been identified.

It is of the utmost importance for the owner (the “Owners” in the diagram) of an organization to identify all possible threats to its information system to the very best of his/her effort and knowledge, in order to fulfill fiduciary duties to customers and other stakeholders. Without knowing what the risks are, it’s impossible to implement suitable countermeasures to contain and mitigate those risks.

Reference:

¹Picture from Common Criteria

http://www.commoncriteria.org/docs/PDF/CCPART1V21.PDF p.14

Tags: Vulnerability, Countermeasure, Security Controls, Risk mitigation, Information Security Management, Information Risk Management