From a security standpoint, it makes a lot of sense to move to Windows 7 ASAP.  Windows 7 will have a small fraction of the security vulnerabilities and requisite update fixes as did Windows XP.  Why? Windows 7 was built from the ground up with security in mind, which was only an afterthought with Windows XP.  No doubt, there will be vulnerabilities to fix.  But in the long run, it should prove to be a very good move for the average user.  We have been running Windows 7 on a test machine since the Beta was first available, and are quite pleased with its performance and functionality.  Not totally pleased, mind you, but pleased enough to be recommending it to all our customers and readers.  Let us know what you think.

Key loggers can be some of the most dangerous spyware one can have have on a computer.  They can capture every stroke you type, and that includes passwords and user names, account numbers and  credit card numbers.  Many of the creators of this nasty spyware claim that there software is undetectable.  Well, we don’t know if that is true, but true or not, there is a solution that may well save you from ID theft, bank account theft and many other potentially very serious problems caused by key loggers.

Give yourself some piece of mind and install KeyScrambler from http://www.qfxsoftware.com/.   The free version protects Internet Explorer and Firefox.  Paid versions are available that protect much more software, including Microsoft Office and numerous other programs.  We have been testing it for a couple of weeks and have found no problems.  We have not tested its ability to foil key loggers, but it comes with some good recommendations.   And we are going to give it ours also.  Check it out.

A visit to the following web site would be advisable to anyone interested in computer security and Internet security:  http://www.stophcommerce.com

And send a link to anyone you know who may be vulnerable to being scammed or hacked.

The site is sponsored by McAfee, and will be posting a series of short videos about Internet security.

This video may give you a good idea as to why updating is important.

It is incredibly important to keep *all* the software on your computer updated on a very regular basis.  Do not leave this to chance.  Do not rely on programs to update themselves. 

Do use tools like Secunia PSI.  Secunia PSI can help you keep a lot of these programs up to date.  We highly recommend this tool, found at: http://secunia.com/vulnerability_scanning/personal/

 Do insure that you have the latest anti-virus software and  keep it updated with current definitions.

There is a list of software that *must* be updated on a regular basis (if installed):

• Sun Java Runtime
• Adobe Flash
• Adobe Reader
• Your computers operating system, be it XP, Vista, MAC OS, Linux or whatever.
• Your browser, be it IE, Firefox, Opera or whatever
• QuickTime
• Spybot Search and Destroy Immunization definitions
• Spyware Blaster
• Your antivirus software
• Your firewall softwares
• Your Security suite, it that is what you use
• CCleaner or whatever temp file and registry cleaner you may use
• Any other anti-spyware software you may use
• Wordpress, or any server based blogging  or similar tools you may use

Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security.  His blog site is a good resource for security related knowledge, therefore we are adding his blog to our official Blogroll.

To see why it is  so very important to secure your wireless network with WPA security, as well as taking some other simple precautions, such as naming your network in a way that is not personally identifiable, check out this YouTube video:

Link: http://www.youtube.com/watch?v=A88XB7_Jz7s

 Carnegie Mellon University has produced a little phishing game to test you skills at spotting fake Internet addresses (URL’s).

The game can be accessed at the following address:

http://cups.cs.cmu.edu/antiphishing_phil/

TOR, AKA “The Onion Router”, is described on their web site as follows:

Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

But several security issues have been raised recently with the TOR, and a number of security professionals believe TOR should not be relied upon to provide secure communications or anonymous web browsing.

In fact, TOR provides this warning on their download page:

Warning: Want Tor to really work?
…then please don’t just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. There are several major pitfalls to watch out for.

Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn’t magically anonymize all your traffic just because you install it. We recommend you use Firefox with the Torbutton extension.

Browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugin, and others can be manipulated into revealing your IP address. You should probably uninstall your plugins (go to “about:plugins” to see what is installed), or investigate QuickJava, FlashBlock, and NoScript if you really need them. Consider removing extensions that look up more information about the websites you type in (like Google toolbar), as they may bypass Tor and/or broadcast sensitive information. Some people prefer using two browsers (one for Tor, one for unsafe browsing).

Beware of cookies: if you ever browse without Tor and Privoxy and a site gives you a cookie, that cookie could identify you even when you start using Tor again. You should clear your cookies frequently. CookieCuller can help protect any cookies you do not want to lose.

Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can’t encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use SSL or other end-to-end encryption and authentication.

While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or mis-configured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.

Also, the ‘exit servers’ on the TOR network can easily be compromised, and all traffic through an exit router can be misused, as evidenced in the following article:
http://www.securityfocus.com/news/11486?ref=rss

In other words, even if you use TOR, secure communications requires careful configuration and the use of encryption and a secure pipe, such as SSL or VPN. And, as evident in the above article, you may indeed be less secure using the TOR network than when using other means of secure communications because TOR may give users a false sense of anonymity or security.

For secure email, we recommend using an email service that allows full SSL encryption for the entire session, not just the login page. And if you use email through a hosted web site, we recommend that you contact the host and ask if their email is secure or can be made secure. Many cannot.

We recommend any of the following options:

• HushMail, is one of the best.
• Alternatively, Gmail can be made secure if you log in using SSL, as in “https://gmail.google.com”.
• Or set up an Exchange Server account. We recommend Mailstreet, and use it locally or online.
• Or use a secure email installation on your computer. We recommend Ciphire Mail. (for maximum protection, both sender and reciever must be using Ciphire.) Ciphire can secure email using most any email client, such as Outlook.

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.