Tag Archives: Online Security

The Safest Search Engine on the Web

I would like to nominate WOT-SurfCanyon as the safest search site on the web. This might be debatable, because there are a few dedicated search engines for children. However, kid-safe searches will not show you search results that any curious adult will want to see.

I define safe searching for adults, as being able to see everything, and yet be protected against sites that deliver malware, trojans and spyware. If you follow my definition, the WOT-SurfCanyon site is a search service that you may want to use.

Here’s a look at some search results for the most dangerous item you can search for, screensavers.

surfcanyon-wot-search

Please notice that there is a little green circle next to each search result. This is due to the WOT (Web of Trust) service that SurfCanyon is partnered with. If those circles are yellow or red, the search result is either risky or dangerous for different reasons.

There are two options at the top of the search results page which exclude certain results by default. Un-checking the check-boxes will allow you to see those results.

surfcanyon-exclusions

SurfCanyon also includes an icon next to each search result. The SurfCanyon icon looks like a little target with a blue arrow in the bulls-eye.

surfcanyon-bullseye

Clicking on the SurfCanyon bulls-eye will show you recommended search results based on the result you’ve chosen. This is a very nice feature, but I have not found it as useful as the WOT icon. Clicking on the WOT icon will give you more details about the website behind that search result.

I recently wrote about the WOT addon for Firefox, IE and Chrome browsers. It provides this safe search feature, but it does require that you use the addon. If you don’t want to install an addon to your web browser, the WOT-SurfCanyon search is exactly what you need to stay safe.

Sometime soon, I’ll tell you how to set SurfCanyon-WOT as your default search engine in Firefox, IE, Chrome and Opera. Until then, search safely!

Emergency IE6 and IE7 Security Patch Will Be Released Tomorrow

Microsoft has released a security advisory which states that a emergency patch for a critical security hole in Internet Explorer 6 and Internet Explorer 7 will be released on Tuesday, 30th March.

The vulnerability that exists in IE6 and IE7 is being active exploited by hackers and users computers are being infected. However, the vulnerability does not affected users of Internet Explorer 8 and .

The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

Earlier this month, Microsoft had also released a workaround to fix this vulnerability, however, this is a proper patch. If you are using IE6 or IE7, it is highly advisable to download and install the patch.

You will find more information on the patch at the Official Microsoft Security Bulletin page.

Safe Surfing and Email with Web of Trust

wot-icon[Windows, Mac, Linux] Web of Trust (WOT) is an addon or extension that identifies risky or dangerous links and websites while you are using your web browser. This addon is available for Internet Explorer, Firefox and Google Chrome web browsers. There is also a bookmarklet for Browsers such as Opera and Safari.

Here’s what the WOT website says about their product:

Protect yourself from online scams, sites with adult content, spam and other Internet threats. The WOT community has rated millions of websites so you can search, shop online and surf for fun without worrying.

When the WOT addon is installed in a web browser, it displays safety information about web sites in two different ways.

First, there will be a WOT icon at the top of the browser next to the address bar. It will be colored green, yellow or red to show you the general rating of the web page you are currently viewing.

wot-ratings

If you click on this icon, you’ll be able to see more details about the ratings.

wot-ratings-for-techiebuzz

The detailed ratings are broken down into four categories: Trustworthiness, Vendor Reliability, Privacy and Child Safety. As you can see, Techie Buzz is a winner in all four areas.

The second way that WOT displays it’s ratings is while you are searching at one of the popular web search engines. Ratings are shown for Google, Yahoo, Ask, Bing and Froogle.

wot-in-google

As you can see, there is a colored icon next to each search result. Clicking on the icons there also gives you more detailed information about each site. You won’t have to worry if it’s safe to click on search results once you have WOT installed.

Some online email services are also covered by the link identification from WOT. Here’s what my Gmail looks like in Firefox. This also seems to work in Yahoo Mail, Live Mail and AOL Mail.

wot-in-gmail

The WOT addon will make your online email far safer to use.

Downloads:

Download the WOT addons for Firefox, IE and Chrome

The WOT Bookmarklet for Opera and Safari

For those who don’t wish to install anything at all in their browser, I’ve found an online search engine which uses WOT to rate the search results.

Safe Search:

Try SurfCanyon’s WOT Search

Techie Buzz Verdict:

There are several other services that offer similar addons or toolbars to make surfing more safe. WOT is my favorite and it supports the widest range of web browsers.

Techie Buzz Rating: 4/5

Google Chrome – The Last Browser Standing

The Hackathon is over and the only browser left standing is Google Chrome. This is the second consecutive year that Google has managed to leave the competition unscathed. In fact, according to TheNextWeb, this time around no one even attempted to hack Chrome.

Google obviously went into the competition well prepared. It fixed as many as 11 flaws just ahead of the competition. However, so did Apple, which recently pushed through 16 patches for Safari. Safari’s fall also proves that there is more to Google’s success than its lowly market share.

In fact, given that Google Chrome had managed to survive last year’s Pwn2Own, most people expected hackers to be gunning for it this time around. Google credits its sandboxingtechnique , which forces processes to run in a restricted environment, for Chrome’s success. While, sandboxing might be the key behind Chrome’s outstanding security track record, it definitely isn’t the sole contributor. Even Internet Explorer 8 utilizes sandboxing (Protected Mode), yet it fell quite easily.

Google-Chrome-Sandboxing

Google built Chrome from the ground up with focus on security and speed and their efforts are certainly paying off. It is the only major browser, which is yet to be surmounted in the Pwn2Own contest. That alone is a laudable feat.

New Free Virus Removal Tool from McAfee – Fake Alert Stinger

flying_wasp [Windows Only] McAfee is well known for it’s antivirus software, and you usually have to pay for their protection. They offer the free Stinger tool to help people clean out PCs that have been crippled by virus and trojan attacks.

fake-alert-scanner

There is no installation required. Just download it and run it. It works on all Windows PCs as far as I know.

I normally download a fresh copy of Stinger onto a USB flash drive or CD before I go off to help my friends with bug problems.

In addition to the standard Stinger, there’s a new version of Stinger out now called FakeAlert Stinger. It’s designed to specifically target multiple varieties of the FakeAlert trojans, such as, Kryptik, AVP Security, Fakespypro, Winwebsec, Antivirus Soft and XPSpy.

FakeAlert applications are a form of ScareWare that pop up fake warnings which attempt to trick you into running their scans and buying their premium products. It’s a huge money-making scam that’s been very effective against new PC users.

Download McAfee Stinger and FakeAlert Stinger

Notes: There are many other antivirus and anti-malware tools that can help you clean up an infected PC. Last year, Keith wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run AntiVirus on a PC That Will Not Boot.

Techie Buzz Verdict:

techiebuzzrecommendedsoftware1 There are two versions of McAfee Stinger. Both are very good, and there’s no reason not to use both of them when you need to clean up an infected PC. I have used Stinger for years and I’ve never had an issue with it. I only wish it was Open Source, so that more people could contribute to it’s effectiveness.

Techie Buzz Rating: 4/5 (Excellent)

100,000 People Are Now Using Immunet Protect AntiVirus

Is 100,000 a big number by the standards of the Internet? No, it’s not. However, the people at Immunet might disagree. To them, this is very likely a much anticipated milestone.

My fellow author Tehseen first wrote about the Immunet Protect service in August of last year. At the time, only a few thousand people were using it. Immunet is a cloud (internet based) service that is constantly connected and stays up to date against the most recent bugs. Here’s what Immunet says about it:

Imagine for a moment that you could leverage the computers of your friends, family and a worldwide global community to harness their collective security. Every time someone in this collective community encounters a threat everyone else in the community gains protection from that same threat in real time.

I recently wrote about trying Immunet as an addition to your regular antivirus. Since then, I’ve started using it as my only active antivirus. I do occasionally run ESET’s online scanner.

This afternoon when I booted up my netbook, this is what I saw above my task tray.

immunet-protect-100k

Congratulations to the Immunet Protect team on crossing 100,000 users. You can tweet them at @immunet to offer your toasts to them as well.

Note: I only recommend this free AntiVirus service as an addition to your existing protection. That said, I don’t always take my own advice.

More information:  https://immunet.com/protect

Microsoft Releases Workaround For Internet Explorer 0-Day Vulnerability

Internet-Explorer-0-day-VulnerabilityMicrosoft has released a couple of workarounds for the extremely critical Internet Explorer vulnerability we had discussed earlier. The workarounds are available as Fix It solutions, which can be applied directly from the browser.

The vulnerability in question is caused by an error in the Peer Factory class (iepeers.dll) and affects Internet Explorer 6 and 7. The impact of the vulnerability has been magnified by the public availability of the exploit code as well as presence of in-the-wild malwares exploiting this vulnerability.

The first workaround simply disable Peer Factory in the concerned systems while the second one enables DEP (Data Execution Prevention) protection for older versions of Internet Explorer.

The Fix-It solutions make it aptly clear that Microsoft is taking this issue extremely seriously. An update is currently being tested internally and would be pushed out to all affected users as soon as possible. However, in the meantime users stuck with older versions of Internet Explorer should immediately apply the workarounds.

[ Download and Apply Fix-It Solutions ]

Things Just Got Worse For Internet Explorer Users: Unpatched Exploit Code Released

Earlier this week, Microsoft had issued a security advisory warning users of Internet Explorer 6 and 7 about the presence of an unpatched vulnerability. Since, then the situation has rapidly deteriorated for Microsoft. Multiple security product vendors including Symantec and McAfee have already confirmed that the vulnerability is being exploited by hackers to attack unsuspecting users. Now, PCWorld is reporting that the exploit code has been published on the web.

The vulnerability, which has been rated by Secunia as “Extremely critical”, permits the execution of arbitrary code that can result in a compromised system. The exploit code was published by Israeli researcher Moshe Ben Abu, who used a clue present in a blog post by McAfee to obtain an in-the-wild exploit.

The critical nature of the vulnerability combined with the publication of exploit code makes the situation precarious for Internet Explorer 6 and 7 users. Most experts believe that Microsoft will try to patch the vulnerability as soon as possible. However, until a patch is released, users are advised to use an alternate browser or apply the workarounds suggested by Microsoft.

Free F-Secure Internet Security 2010 6 Months License

F-Secure is one of the most well known and trusted Antivirus and Internet security solution provider. However, they are not free like many others, but good security does come at a price right? However, you can get 6 months license of F-Secure Internet Security 2010 for free by just posting a comment.

F-Secure Safe and Savvy

F-Secure has launched a new blog called, Safe and Savvy, which is run by the woman employees of F-Secure across the world. To promote the opening of the new blog, F-Secure is giving away free licenses to users who comment on this blog post.

That’s is no competition, no inane forms to fill, just comment on the post and you will be eligible for the free license. However, try to be among the first few people who comment, as there are only limited number of licenses which will be given away for free.

So go ahead and comment on the post and get yourself a free license of F-Secure Internet Security 2010.

Opera Comes Clean On the Malformed Content-Length Header Security Issue

Opera-10.5-Security-IssueLast week we reported that a highly critical security vulnerability had been uncovered in Opera for Windows. Since then, there have been several conflicting statements from Opera and Secunia regarding the seriousness of the vulnerability.

On one hand, Secunia claimed that the vulnerability is serious enough to permit the execution of arbitrary code and can even be used to gain control of the user’s system. On the other hand, several Opera employees indicated that the vulnerability is non-exploitable.

A short while ago, both Opera Software and Secunia officially issued clarifications regarding this issue. It appears that the confusion arose because the initial proof of concept code shared with Opera was in fact non-exploitable and achieved little more than crashing Opera. Accordingly, Opera Software had issued public statements based on their initial investigations.

On the next day, Secunia contacted Opera and presented a slightly modified scenario. On 64-bit systems, the modified code would still trigger a crash. However, on 32 bit systems it could cause memory corruption and (at least in theory) be exploited to execute arbitrary code. In other words, the original test case was not a security issue but the modified scenario presented by Secunia was.

Opera Software has already prepared a patch and is testing the updated build internally. The patched build should be publically released soon.