protonic.blog

Computer users should be aware of software pretending to be legitimate anti-malware programs that trick people into thinking their computer is infected.

Spyware or “Advertising Supported software (Adware)” is a method for developers of free sofware to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don’t have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Read more about it here.

In the last few years, cloud computing has grown into one of the fastest growing segments of the IT industry. Companies are realizing that simply tapping into the cloud allows them fast access to important business applications or drastically boost their infrastructure resources….. all at reasonable cost. However, as more and more information on individuals and companies is placed in the cloud, there are concerns about just how safe an environment it is. You need to trust the cloud provider that your information will not be exposed.

Companies need stringent steps to assign, protect, and change passwords. Cloud service providers typically work with numbers of third parties, and customers are advised to gain information about those companies which could potentially access their data.

An important measure of security often overlooked by companies is the downtime that a cloud service provider experiences. Companies should be able to examine service providers’ reliability reports to determine whether these meet the requirements of their business.

An important consideration for cloud service customers, especially those responsible for highly sensitive data is to find out about the hosting company used by the provider and if possible seek an independent audit of their security status.

Google, has invested a lot of money into the cloud space, because it recognizes that having a reputation for security is a key determinant of success. “Security is built into the DNA of our products,” said a company spokesperson. “Google practices a defense-in-depth security strategy, by architecting security into our people, process and technologies”.

IBM, Cisco, SAP, EMC and several other leading technology companies announced in late March that they had created an ‘Open Cloud Manifesto’ calling for more consistent security and monitoring of cloud services.

Possibly even more pressing an issue than standards in cloud computing is the question of jurisdiction. Data that might be secure in one country may not be secure in another. In many cases though, users of cloud services do not know where their information is held. Laws such as the Patriot Act in the United States allow government and other agencies virtually limitless powers to access information including that belonging to companies.

To help safeguard valuable information stored in the Cloud, follow these suggestions:

1. Inquire about exception monitoring systems
2. Be vigilant around updates and making sure that staff don’t suddenly gain access privileges they’re not supposed to have.
3. Inquire about where data is kept as to the details of data protection laws in the relevant jurisdictions.
4. Seek an independent security audit of the host.
5. Find out which third parties the company deals with and whether they are able to access your data.
6. Develop strong passwords and make sure they are protected changed periodically.
7. Research availability guarantees and penalties.
8. Find out whether the cloud provider will accommodate your personal security policies.

As cloud providers compete for new customers, many will begin to extend more elaborate guarantees and better data transit awareness. The guarantees will provide better legal protection on the control of data. Providers will also include more detailed service-level agreements (SLAs) and financial remedies, covering all aspects of the cloud service, that could affect the customer’s business. Cloud providers should also provide improved visibility into the movement of data to maintain legal requirements.

Here is Trend Lab’s list of the top malware attacks in 2010

1. STUXNET. It was remarkable because of its sophistication and use for espionage. It was thought to have been programmed to halt Iran’s nuclear program.
2. Aurora. It hit Google and other big software companies last Christmas and it was remarkable because it managed to steal sensitive information from these giants.
3. ZeuS. It’s a Do-It-Yourself (DIY) botnet toolkit that has become very popular in the underground.
4. SpyEye. Touted as ZeuS’s successor, recent accounts tell how it will carry ZeuS’s source code into a more sophisticated code base.
5. KOOBFACE. It was remarkable because it spread through social networks from Facebook to Twitter.
6. BREDOLAB. A botnet that was used to spread other malware, acting as some sort of malware-deploying platform.
7. TDSS/Allurion. It has one of the most complex rootkit components ever seen
8. Mebroot. A spamming botnet that used a rootkit that could survive Windows re-installation.
9. FAKEAV. It’s the scam of choice of most of modern malware so all infections have a fake antivirus scam as a visible payload
10. Boonana. The Mac version of KOOBFACE