| How safe Is India’s IT network? | |||||||||||||
| Kushan Mitra | |||||||||||||
| November 13, 2007 | |||||||||||||
| | |||||||||||||
| Prabir Vohra, Senior Vice President, Technology, ICICI Bank, was going through log reports for the bank’s website a few months ago when he noticed something peculiar. It seemed that there had been a deliberate attempt by ‘web terrorists’ to launch a Distributed Denial of Service (DDoS) attack on the bank’s website.
ICICI Bank is hardly the only one vulnerable to cyber-attacks. As the internet economy in India takes off, just about every company is a potential target. Those will include not just the so-called old economy companies, which are moving more and more of their business (including supply chain management) online, but also internet companies. That’s pushing up the quantum of online transactions. There are no reliable figures available yet, but industry executives estimate that online transactions in India have topped the Rs 100-crore-a-day mark.
World Wide Trap Those who are inclined to believe that the damage a network attack can cause is limited, need only consider what happened in Estonia. Perhaps the most wired nation in northern Europe, Estonia ground to a halt in late April and early May this year when sustained attacks on the websites and networks in the small Baltic nation paralysed its websites. Even though Estonia blamed Russia, the massive DDoS attack (see The DDoS Attack: How it Works) came from computers all over, including some from India. It’s not just DDoS attacks that companies should be scared of. Cyber-rogues don’t just like bringing a network down, but they also like stealing stuff—credit card details, for instance. Unlike countries in Europe and the US, where guidelines force companies to reveal the scale of such attacks, India has no such rules. That’s why the only attacks that media and general public get to hear about are ‘defacement’ attacks, where (not the best) hackers break into a webpage and change its content to prove a (usually political) point. But Indian dotcoms have been attacked. Three years ago, a dota halt in late April and early May this year when sustained attacks on the websites and networks in the small Baltic nation paralysed its websites. Even though Estonia blamed Russia, the massive DDoS attack (see The DDoS Attack: How it Works) came from computers all over, including some from India. It’s not just DDoS attacks that companies should be scared of. Cyber-rogues don’t just like bringing a network down, but they also like stealing stuff—credit card details, for instance. Unlike countries in Europe and the US, where guidelines force companies to reveal the scale of such attacks, India has no such rules. That’s why the only attacks that media and general public get to hear about are ‘defacement’ attacks, where (not the best) hackers break into a webpage and change its content to prove a (usually political) point. But Indian dotcoms have been attacked. Three years ago, a dotcom CEO was horrified to learn that a server had been broken into, and even though it stored no user data and was instead being used to send spam. The security policy was subsequently dramatically altered. “We have a full-time security team that now monitors logs and access on a real-time basis,” says the CEO, who requested that he not be named. Rajat Mohanty of Paladion, a managed security solutions company, talks about ‘a large’ e-commerce portal in India that was hacked into “a couple of years ago.” But in this case, the hackers did something completely different. “They loaded the home-page with ‘trojans’, which stealthily loaded themselves onto the computer of the visitors,” says Mohanty. What is scary, according to Mohanty, is when e-commerce sites are set up, they get so involved in setting up the site navigation and product offering that security often takes a back seat.
The risk, according to Vishal Dhupar, MD, Symantec India, an IT security solutions provider, is greatest not for large enterprises, but for smaller companies. “Large companies have the technical knowhow and resources to spend on security solutions, with smaller companies the risk is that their security measures are often reactive rather than proactive.” He also cites a Confederation of Indian Industry (CII) report from 2005 which points out that 38 per cent of companies (in the sample) did not have a security policy. But there is no doubt that Indian companies are spending more on security. “In 2001, IT security took up maybe 4 per cent of a company’s IT budget, today, I would estimate that number at 15-20 per cent,” says Mohanty. However, more money spent, does not always mean better security. Conflicting security systems could possibly leave holes in the boundary walls of a company’s IT system (See How to Protect Your Network). Yet, at the government level, Indian network managers sound fairly confident. “I would believe given the amount of information that resides in India today, our networks are fairly secure. That is not to say that we should get complacent, and as the amount of information we put online increases, we will need to increase network security,” says Gulshan Rai, Director, Computer Emergency Response Team-India (CERT-In). Estonia learnt that the hard way. India needn’t. (source: http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=2483&issueid=20) | |||||||||||||
Sunday, February 10, 2008
How safe Is India’s IT network?
Banking on Your Handset
Banking on your handset
Anand Adhikari
January 7, 2008
Imagine a scene at a jam-packed restaurant in New Delhi’s Connaught Place. A waiter leaves behind a bill copy on a corner table where a couple has just finished its desserts. One of the guests whips out a pen and writes a 10-digit mobile number on the bill and hands it over to waiter. In a few seconds, his mobile beeps, indicating the receipt of an SMS. A payment request from the merchant (restaurant) flashes on his mobile screen. He immediately confirms the payment by entering the secured encrypted PIN on his mobile. The bill is settled within seconds and the couple leaves the restaurant.
In Mumbai’s outer limit, a long line of vehicles is waiting to pass through a toll gate. A driver punches the number of his car on his mobile and flashes the handset before a mobile reader at the checkpoint. He instantly gets a payment receipt on his mobile for the toll tax. The toll gate opens and he drives away without any physical payment or receipt.
Surprised? Don’t be; this is already a reality in countries like South Korea and Japan where people regularly use mobile phones for even complex transactions like share trading, withdrawing money from ATMs and making payments at local stores. But mobile banking is still in its infancy in India, and technology companies are working overtime to bring your bank closer to your fingertips on a secure anytime-anywhere basis.
A Large Field
In India, dozens of homegrown technology companies (many are start-ups operating from Bangalore; Sam Pitroda’s C-Sam is one such) are undergoing rigorous test piloting with the who’s-who of the Indian banking industry. “The mobile has the potential to rewrite the rules of banking,” says Dewang Neralla, Director (Technology), Financial Technologies India (FTIL), which owns the Multi Commodity Exchange (MCX) of India. The mission clearly is to make your pocket a bit lighter—and here, we’re talking weight—by mounting all your credit and debit cards and cash onto your hand-held device.
The Indian banking sector is taking baby steps into this emerging arena by offering non-transactional banking on the mobile phone through SMSes—like salary receipts, details of last five transactions, stop payment requests, etc. Many banks are also test piloting mobile banking on the SMS platform for very lowticket transactions and closed funds transfers (between registered parties) to familiarise themselves with the new technology.
The two biggest banks, the public sector State Bank of India (SBI) and the private sector ICICI Bank, are working closely with mCheck, a Bangalore-based company set up by Silicon Valley veteran Sanjay Swamy. mCheck already has a product through which Airtel customers holding a Visa Card or MasterCard can make payments on select e-combtmerce portals (like yatra.com) through SMSes.
The south-based Corporation Bank is test piloting a similar scheme with PayMate, another technology company working in this space. Today, Corporation Bank’s credit and debit card holders can transact business on more than 2,500 online portals through their mobile phones. The company is currently in talks with other banks to expand the scope of this product. And Axis Bank has roped in FTIL, which has developed ATOM technology, to make mobile commerce possible.
The banks are guarded about their plans in this space, but technology companies are more forthcoming on the subject. mCheck, for example, recently announced a pilot project that allows clients of a leading brokerage house to respond to margin calls and even enhance their credit limits by just clicking on their mobiles.
Says Jagdish Mitra, CEO, CanvasM, a joint venture between Motorola and Tech Mahindra: “CanvasM is working on Near Field Communication (NFC) technology for the future and is also developing banking solutions based on SMSes or Unstructured Supplementary Service Data platform (USSD) for the medium term.” The USSD platform is fast emerging as a potentially “hot” technology for powering mobile banking.
Security remains an issue
Mobile banking can go mass market, but what’s worrying bankers are the cost and the security issues. “It’s a trade-off between cost and security,” says a banker on condition of anonymity. Instances of online fraud are well documented. “The SMS is a convenient tool, but it is not secure,” says Sai Narain, Head, Transaction Banking & Strategic Initiatives, Standard Chartered Bank. Ajay Adiseshann, Founder and Managing Director, PayMate, however, argues that the SMS model is best suited for a country like India. As proof, he points out that the credit card industry in the country has a penetration of only 300,000 points of sale (POS). “But they will need fresh infrastructure, like phone readers or scanners, at merchant establishment,” he adds.
But the biggest drawback of the SMS model remains security as messages are not encrypted. “Banks are naturally more comfortable with an application-based model where the message is encrypted end-to-end,” says Vijay Ramchandran, Marketing Director, Citibank India. Market experts feel the SMS-based model may work well for small value transactions of less than Rs 500.
Uniform standards needed
Another problem area is regulation. The Reserve Bank of India doesn’t allow any money transactions outside the banking channel, which is why all the credit card issuers are banks. Mint Street’s biggest worry is the safety of transactions, though it is quite receptive to using mobile phones as a payment device.
Says Narain of StanChart: “There are no common hardware and software standards across handset models. And there is a need to build a secondary security system around these.”
Today, a wide range of mobile handsets are available in India under the GSM and CDMA technology platforms. In order to address this complexity, banks are vigorously test piloting all the available technologies to address issues like the massive volumes of cheap, entry-level handsets (that will not support many of the technologies required for mobile banking), multiple languages and also the security aspect for high net worth clients (See: How M-Banking Works).
Globally, the big mobile operators and handset manufacturers are working on newer technologies like NFC, which allows transactions to be carried out by simply touching the mobile handset to a point of sale terminal or a card reader without the hassles of sending SMSes or running an application or loading a chip. Other technology companies are working on a pure voice recognition model to enable money transactions through the mobile network.
Sankalp Saxena, Founder & CEO, Moveo Systems, a Bangalore-headquartered start-up working on next generation mobile solutions, says: “The lack of standards in the mobile e-commerce space will make financial transactions through mobile devices vulnerable to hacking.” Then, liability in case of fraud is a grey area legally. For example, there is no law to define the liabilities of the subscriber, operator, technology provider and bank.
Massive market
Though many issues are still undecided, cut-throat competition and the fear of losing customers are forcing banks to formulate mobile banking strategies even before the door is fully open.
The reason is simple: today, more than 200 million Indians use mobile phones compared to 20 million who have access to computer, and the population of mobile users is now expected to grow at 25-30 per cent.
In addition, India’s demographic profile—more than half the population is under 35 years old—is ideally suited for a mobile-based payments system, rather than a PC-based one. “Younger people are more receptive to new age technologies and applications,” says Mitra of CanvasM.
Then, mobiles banking can help banks reach out to unbanked areas and meet RBI’s financial inclusiveness objectives. “Mobiles have reached places where banks are still to touch base,” says a banker.
But can India, with a population of 1.1 billion, replicate the successes of small countries like South Korea and Japan? “The biggest difference between India and those markets is in the hardware used and the acceptability of GPRS technology,” says Narain of StanChart. In India, low-end phones still make up an overwhelmingly large chunk of market share and penetration of GPRS is still very low. “If you offer a high security mobile banking platform, the system may not attract the masses; and if you build a low-cost SMS model, the security issue will keep customers away,” a banker points out.
Besides, unlike Japan and South Korea, any mobile banking system in India has to support a diverse set of local languages and scripts. “This increases the complexity of the solution for India,” says Saxena of Moveo Systems. But Swamy of mCheck argues that the payment mechanism in a mobile is not rocket science. “It’s as simple as operating a mobile,” he argues.
The debate will carry on and the jury is still out, but it is fairly certain that given the market size and the potential, mobile banking will soon become as ubiquitous as the mobile phone itself.
(source:http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=3168&issueid=20)
Anand Adhikari
January 7, 2008
Imagine a scene at a jam-packed restaurant in New Delhi’s Connaught Place. A waiter leaves behind a bill copy on a corner table where a couple has just finished its desserts. One of the guests whips out a pen and writes a 10-digit mobile number on the bill and hands it over to waiter. In a few seconds, his mobile beeps, indicating the receipt of an SMS. A payment request from the merchant (restaurant) flashes on his mobile screen. He immediately confirms the payment by entering the secured encrypted PIN on his mobile. The bill is settled within seconds and the couple leaves the restaurant.
In Mumbai’s outer limit, a long line of vehicles is waiting to pass through a toll gate. A driver punches the number of his car on his mobile and flashes the handset before a mobile reader at the checkpoint. He instantly gets a payment receipt on his mobile for the toll tax. The toll gate opens and he drives away without any physical payment or receipt.
Surprised? Don’t be; this is already a reality in countries like South Korea and Japan where people regularly use mobile phones for even complex transactions like share trading, withdrawing money from ATMs and making payments at local stores. But mobile banking is still in its infancy in India, and technology companies are working overtime to bring your bank closer to your fingertips on a secure anytime-anywhere basis.
A Large Field
In India, dozens of homegrown technology companies (many are start-ups operating from Bangalore; Sam Pitroda’s C-Sam is one such) are undergoing rigorous test piloting with the who’s-who of the Indian banking industry. “The mobile has the potential to rewrite the rules of banking,” says Dewang Neralla, Director (Technology), Financial Technologies India (FTIL), which owns the Multi Commodity Exchange (MCX) of India. The mission clearly is to make your pocket a bit lighter—and here, we’re talking weight—by mounting all your credit and debit cards and cash onto your hand-held device.
The Indian banking sector is taking baby steps into this emerging arena by offering non-transactional banking on the mobile phone through SMSes—like salary receipts, details of last five transactions, stop payment requests, etc. Many banks are also test piloting mobile banking on the SMS platform for very lowticket transactions and closed funds transfers (between registered parties) to familiarise themselves with the new technology.
The two biggest banks, the public sector State Bank of India (SBI) and the private sector ICICI Bank, are working closely with mCheck, a Bangalore-based company set up by Silicon Valley veteran Sanjay Swamy. mCheck already has a product through which Airtel customers holding a Visa Card or MasterCard can make payments on select e-combtmerce portals (like yatra.com) through SMSes.
The south-based Corporation Bank is test piloting a similar scheme with PayMate, another technology company working in this space. Today, Corporation Bank’s credit and debit card holders can transact business on more than 2,500 online portals through their mobile phones. The company is currently in talks with other banks to expand the scope of this product. And Axis Bank has roped in FTIL, which has developed ATOM technology, to make mobile commerce possible.
The banks are guarded about their plans in this space, but technology companies are more forthcoming on the subject. mCheck, for example, recently announced a pilot project that allows clients of a leading brokerage house to respond to margin calls and even enhance their credit limits by just clicking on their mobiles.
Says Jagdish Mitra, CEO, CanvasM, a joint venture between Motorola and Tech Mahindra: “CanvasM is working on Near Field Communication (NFC) technology for the future and is also developing banking solutions based on SMSes or Unstructured Supplementary Service Data platform (USSD) for the medium term.” The USSD platform is fast emerging as a potentially “hot” technology for powering mobile banking.
Security remains an issue
Mobile banking can go mass market, but what’s worrying bankers are the cost and the security issues. “It’s a trade-off between cost and security,” says a banker on condition of anonymity. Instances of online fraud are well documented. “The SMS is a convenient tool, but it is not secure,” says Sai Narain, Head, Transaction Banking & Strategic Initiatives, Standard Chartered Bank. Ajay Adiseshann, Founder and Managing Director, PayMate, however, argues that the SMS model is best suited for a country like India. As proof, he points out that the credit card industry in the country has a penetration of only 300,000 points of sale (POS). “But they will need fresh infrastructure, like phone readers or scanners, at merchant establishment,” he adds.
But the biggest drawback of the SMS model remains security as messages are not encrypted. “Banks are naturally more comfortable with an application-based model where the message is encrypted end-to-end,” says Vijay Ramchandran, Marketing Director, Citibank India. Market experts feel the SMS-based model may work well for small value transactions of less than Rs 500.
Uniform standards needed
Another problem area is regulation. The Reserve Bank of India doesn’t allow any money transactions outside the banking channel, which is why all the credit card issuers are banks. Mint Street’s biggest worry is the safety of transactions, though it is quite receptive to using mobile phones as a payment device.
Says Narain of StanChart: “There are no common hardware and software standards across handset models. And there is a need to build a secondary security system around these.”
Today, a wide range of mobile handsets are available in India under the GSM and CDMA technology platforms. In order to address this complexity, banks are vigorously test piloting all the available technologies to address issues like the massive volumes of cheap, entry-level handsets (that will not support many of the technologies required for mobile banking), multiple languages and also the security aspect for high net worth clients (See: How M-Banking Works).
Globally, the big mobile operators and handset manufacturers are working on newer technologies like NFC, which allows transactions to be carried out by simply touching the mobile handset to a point of sale terminal or a card reader without the hassles of sending SMSes or running an application or loading a chip. Other technology companies are working on a pure voice recognition model to enable money transactions through the mobile network.
Sankalp Saxena, Founder & CEO, Moveo Systems, a Bangalore-headquartered start-up working on next generation mobile solutions, says: “The lack of standards in the mobile e-commerce space will make financial transactions through mobile devices vulnerable to hacking.” Then, liability in case of fraud is a grey area legally. For example, there is no law to define the liabilities of the subscriber, operator, technology provider and bank.
Massive market
Though many issues are still undecided, cut-throat competition and the fear of losing customers are forcing banks to formulate mobile banking strategies even before the door is fully open.
The reason is simple: today, more than 200 million Indians use mobile phones compared to 20 million who have access to computer, and the population of mobile users is now expected to grow at 25-30 per cent.
In addition, India’s demographic profile—more than half the population is under 35 years old—is ideally suited for a mobile-based payments system, rather than a PC-based one. “Younger people are more receptive to new age technologies and applications,” says Mitra of CanvasM.
Then, mobiles banking can help banks reach out to unbanked areas and meet RBI’s financial inclusiveness objectives. “Mobiles have reached places where banks are still to touch base,” says a banker.
But can India, with a population of 1.1 billion, replicate the successes of small countries like South Korea and Japan? “The biggest difference between India and those markets is in the hardware used and the acceptability of GPRS technology,” says Narain of StanChart. In India, low-end phones still make up an overwhelmingly large chunk of market share and penetration of GPRS is still very low. “If you offer a high security mobile banking platform, the system may not attract the masses; and if you build a low-cost SMS model, the security issue will keep customers away,” a banker points out.
Besides, unlike Japan and South Korea, any mobile banking system in India has to support a diverse set of local languages and scripts. “This increases the complexity of the solution for India,” says Saxena of Moveo Systems. But Swamy of mCheck argues that the payment mechanism in a mobile is not rocket science. “It’s as simple as operating a mobile,” he argues.
The debate will carry on and the jury is still out, but it is fairly certain that given the market size and the potential, mobile banking will soon become as ubiquitous as the mobile phone itself.
(source:http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=3168&issueid=20)
Sunday, September 2, 2007
anyone interested in knowing more abt mobilizing work force..............
sir had been talking abt this in class, so if interested u can check out http://searchmobilecomputing.bitpipe.com/webcasts?asrc=
for webcasts, i like these better than reading anything cause i can listen to these while doing something else, the webcasts here r pretty specific n i assuemed technical but if u search u can find non- technical ones also, i listened to a part of one by Daniel Taylor- "Mobile Management Strategies", i though it was nice but ofcourse due to paucity of time with our work pressure u never really get the time to listen to all of it...................
u need to register but the registration is free.....................
thanks!
for webcasts, i like these better than reading anything cause i can listen to these while doing something else, the webcasts here r pretty specific n i assuemed technical but if u search u can find non- technical ones also, i listened to a part of one by Daniel Taylor- "Mobile Management Strategies", i though it was nice but ofcourse due to paucity of time with our work pressure u never really get the time to listen to all of it...................
u need to register but the registration is free.....................
thanks!
Saturday, September 1, 2007
hi everyone..............
welcome to everyone!
this blog is meant for discussing any IT related stuff, anything interesting u read on IT, any interesting sites u found, about ur IT lectures n any interesting idead u have n would like to share. It is meant to be an IT blog, however, since we are in a management school, u r invited to discuss anything related to imporatant management concepts n find it interesting enough to share it with ur batchmates. Hope that we can continue blogging here for the next two years n maybe beyond that!
I start by posting some information that I think would be helpful for atleast some of u, since I got a new laptop recently, the first think I found myself looking for on the net was a free security suite or a set of tools I could use to protect my laptop. Here is one of the good articles I found and I hope u can also use a combination of antivirus, antispyware, firewall etc. mentioned in this articles to protetct ur PCs. Hope this article would be helpful. Also, I hope people take the initiative to regulalry post on this blog.
15 free security programs that work
Preston Gralla
July 03, 2007 (PC World) From the moment you switch on your PC, your system faces countless Internet-borne dangers, including spyware attacks, viruses, Trojan horses, home-page hijackers, and hackers trying to weasel their way into your system. And the Internet isn't the only source of trouble. Anyone with access to your PC can invade your privacy by prying into which Web sites you visit -- and learning a great deal more as well.
But fighting back is easy. We've found 15 great pieces of software -- firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools -- designed to protect you against any dangers that come your way. They're free, they're powerful and they're easy to use. So what are you waiting for? Start downloading.
Preventing and Eliminating Malware
From firewalls to antivirus software to tools for combatting rootkits and spyware, here are some great downloads to protect your system against malicious attacks.
ZoneAlarmCheck Point Software's ZoneAlarm may well be the most popular free firewall on the planet, and the most recent release (finally) protects Vista machines. Arguably, ZoneAlarm is the product that made everyone conscious of the need for firewall protection. It's extremely easy to use, and its method of configuring outbound protection is particularly useful. Whenever a program tries to make an outbound Internet connection, ZoneAlarm announces it with a pop-up alert. You can then permit or disallow the connection, on a one-time basis or permanently. Configuring your level of protection is a simple matter of moving a few sliders. Though the free version of the software is exclusively a firewall, Check Point also offers for-pay security suites. But if all you're looking for is a firewall, stick with the free version.
Comodo Firewall ProZoneAlarm is extremely popular, but that doesn't automatically make it the best free firewall you can find. One formidable contender is Comodo Firewall Pro, which independent testing site Matousec rated as the top firewall. Matousec found that Comodo offered the highest level of antileak protection, one measure of a firewall's effectiveness. Comodo offers true two-way firewall protection, is highly configurable, and (unlike most other firewalls) provides a great view of your system and your Internet connection.
AvastTired of dealing with bloated, overpriced security suites that bog down your system and cost an arm and a leg, when all you want is antivirus software? Then get Avast, a superb antivirus program that's free for home and personal use. Because it's a lean piece of software, it imposes a relatively light burden on system resources and RAM. Despite this, it kills viruses in their tracks and has plenty of extras, including live scanning to prevent viruses from infecting your PC in the first place. Avast can scan regular and Web-based e-mail for viruses, too, and it protects against instant messaging viruses, peer-to-peer dangers and more.
AVG Anti-RootkitOne of the most feared types of malware is the rootkit -- malicious software that many types of antimalware can't detect. Not uncommonly, bad guys use rootkits to hide Trojan horses, which can then be used to take over your PC without your knowledge. AVG Anti-Rootkit's sole purpose is to find and kill rootkits. Run it and it scans your PC, sniffing rootkits out and removing any it finds. (Note that this utility doesn't work with Windows Vista.)
Spyware BlasterSome of the nastiest kinds of spyware -- autodialers, home page hijackers, and others--install themselves as ActiveX controls. Spyware Blaster protects you against them, blocking the installation of ActiveX-based malware and other types of spyware, and eradicating tracking cookies that might otherwise invade your privacy. The program works with Firefox, Opera or Internet Explorer, and it prevents your browser from being diverted to dangerous sites. One particularly nice touch is the utility's System Snapshot, which (as you'd expect) takes a snapshot of your PC; if your computer gets infected later on, you can revert to the clean version.
Assessing risks to your system
Is it safe or isn't it? Whether you're asking this question about your own system, a site you'd like to visit, or a link you're tempted to click, you need the right tools to help you understand the level of risk involved. These utilities appraise the situation and deliver an informed assessment of where you stand.
AOL Active Security MonitorNot being a big fan of AOL in general, I was initially leary about downloading and using this free tool. But this simple, straightforward application looks at the security of your PC, reports on what it finds, and makes recommendations. It checks to see if you have antivirus software installed and, if so, whether the definitions are up to date. Then it does the same for antispyware, tests whether you have a firewall enabled, and checks for peer-to-peer software that could pose a danger. The monitor doesn't have any protective capabilities itself, but it warns you if you need some. Be aware, however, that the software doesn't work with Windows Vista. And take its recommendations with a grain of salt: It touts for-pay AOL software such as the AOL Privacy Wall over free software that may be better. Still, if you're looking for some quick security recommendations, it's worth the download.
McAfee SiteAdvisorOn the Web, unlike in the real world, it can be hard to recognize a bad neighborhood when you're wandering around in it. There are no boarded-up windows, no empty storefronts, no hard-looking men lounging on corners or in doorways. In fact, the prettiest and most inviting Web site may harbor all kinds of malware. That's where the McAfee SiteAdvisor comes in. It warns you when a Web site that you're about to visit -- or are already visiting -- may be dangerous. You install it as an Internet Explorer toolbar or as a Firefox plug-in. Then when you search with Google or some other search engine, it displays color-coded icons next to each search result, indicating whether the site in question is safe (green), questionable (yellow), or clearly unsafe (red). It checks sites for downloads that may be dangerous, and for evidence that they will send you spam if you give them your e-mail address. The toolbar offers similar reports about the sites you're currently visiting.
LinkScanner LiteThis is another good tool for determining whether a Web site harbors dangerous content. Open LinkScanner Lite and type in a site URL, and the utility checks the site for dangerous scripts, bad downloads, and other hazardous content. It also warns you about phishing sites and other potentially fraudulent online operations, and it integrates with search sites in much the same way that McAfee Site Advisor does, putting icons next to search results to indicate whether they are dangerous or not. Unlike Site Advisor, though, it doesn't check whether sites harbor adware or spyware.
Internet Threat MeterEvery day, it seems, new threats hit the Internet. Symantec's Internet Threat Meter keeps you informed about the latest arrivals and includes a link to a Symantec site where you can get more information and find fixes. The program runs as a nifty little widget in Windows XP, or as a Sidebar Gadget in Windows Vista, gathering data about the latest threats and reporting the results to you.
Trend Micro HijackThisLike it or not, no single antispyware program can detect and eradicate all spyware. Consequently your favorite antimalware utility doesn't fully protect you. If you suspect that you've been victimized by spyware, but you haven't been able to track down the source of the trouble using your usual diagnostic software, give HijackThis a try. It thoroughly analyzes your Registry and file settings, and creates a log file reporting its results. If your system is infected with spyware, that file will contain clues about the particular type you're dealing with. Though an expert can analyze the log to try to track down the problem, you shouldn't try to do any advanced analysis yourself unless you possess relevant expertise. Instead, simply upload the log file to a HijackThis Web site, and ask the community there to analyze it for you.
Covering your tracks and cleaning up
Encrypting private information, disabling potentially harmful scripts, and cleaning up accumulated detritus are all ways to strengthen your security. These downloads help you keep things safe and orderly.
Kruptos 2Worried that someone may gain access to your most private files? Kruptos 2 uses powerful, 128-bit encryption to scramble files and folders so that only you can read them. It's particularly useful for USB flash drives and portable storage devices, which you can encrypt in the entirety. Kruptos 2 also lets you create self-extracting, encrypted archives; shred deleted files so that all traces of them vanish from your hard disk; and even disguise the filename when you encrypt a file.
Transaction GuardThis freebie from commercial security vendor Trend Micro is actually two pieces of security software in one. First, it's a spyware detector and eradicator that monitors your system in real-time for spyware and kills any it finds. Second, it introduces a "secret keyboard" to ensure that passwords and other sensitive information aren't stolen over the Internet. When you visit a site that asks for a password, instead of typing in the password, you enter it on the secret keyboard, which copies the password to the clipboard, from which it gets pasted directly into a Web form. The software runs as an ActiveX control in the System
CCleanerWhen you surf the Web, you pick up many traces of your Internet activity. Your PC swells up with temporary Internet files, a history list, cookies, autocomplete entries, and lots more. In addition, programs create temporary files, file lists, and other bits of effluvia. Windows itself constantly monitors what you do, and records information about it in logs. In fact, a snoop could easily gather a great deal of information about you from stuff that's junking up your PC. CCleaner rids your system of all such traces. Not only does it enhance your privacy, but you'll regain hard disk space as well. When I used this utility for the first time, it deleted a whopping 835MB of files.
NoScriptAmong the biggest dangers you face when surfing the Web are boobytrapped Java and JavaScript scripts and applets. Evil doers can disguise these harmful pieces of code as useful tools, or can hide them completely while they perform their nasty routines. Unfortunately, there's no practical way for you to separate the good ones from the bad ones. But NoScript, a free Firefox extension, prevents all JavaScript and Java applets from running, except on sites that you designate as safe. The extension presents you with a list of safe sites, which you can add to. NoScript tells you when it has blocked Java or JavaScript on a site. For added protection, this remarkably powerful and flexible tool also blocks Java, Flash, and other plug-ins on sites you don't trust.
File Shredder 2Delete a file and it's gone from your PC, right? Wrong. Even after you delete a file and flush it from your Recycle Bin, special software can re-create it. Of course, in general, you'd like files to stay deleted when you throw them away. File Shredder 2 overwrites any file or folder with a random string of binary data--multiple times. You have a choice of five different shredding algorithms, and using the program is a breeze: Just choose your files, tell the program to shred them, and they'll be gone forever.
Thanks! That's it for now i guess....................
this blog is meant for discussing any IT related stuff, anything interesting u read on IT, any interesting sites u found, about ur IT lectures n any interesting idead u have n would like to share. It is meant to be an IT blog, however, since we are in a management school, u r invited to discuss anything related to imporatant management concepts n find it interesting enough to share it with ur batchmates. Hope that we can continue blogging here for the next two years n maybe beyond that!
I start by posting some information that I think would be helpful for atleast some of u, since I got a new laptop recently, the first think I found myself looking for on the net was a free security suite or a set of tools I could use to protect my laptop. Here is one of the good articles I found and I hope u can also use a combination of antivirus, antispyware, firewall etc. mentioned in this articles to protetct ur PCs. Hope this article would be helpful. Also, I hope people take the initiative to regulalry post on this blog.
15 free security programs that work
Preston Gralla
July 03, 2007 (PC World) From the moment you switch on your PC, your system faces countless Internet-borne dangers, including spyware attacks, viruses, Trojan horses, home-page hijackers, and hackers trying to weasel their way into your system. And the Internet isn't the only source of trouble. Anyone with access to your PC can invade your privacy by prying into which Web sites you visit -- and learning a great deal more as well.
But fighting back is easy. We've found 15 great pieces of software -- firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools -- designed to protect you against any dangers that come your way. They're free, they're powerful and they're easy to use. So what are you waiting for? Start downloading.
Preventing and Eliminating Malware
From firewalls to antivirus software to tools for combatting rootkits and spyware, here are some great downloads to protect your system against malicious attacks.
ZoneAlarmCheck Point Software's ZoneAlarm may well be the most popular free firewall on the planet, and the most recent release (finally) protects Vista machines. Arguably, ZoneAlarm is the product that made everyone conscious of the need for firewall protection. It's extremely easy to use, and its method of configuring outbound protection is particularly useful. Whenever a program tries to make an outbound Internet connection, ZoneAlarm announces it with a pop-up alert. You can then permit or disallow the connection, on a one-time basis or permanently. Configuring your level of protection is a simple matter of moving a few sliders. Though the free version of the software is exclusively a firewall, Check Point also offers for-pay security suites. But if all you're looking for is a firewall, stick with the free version.
Comodo Firewall ProZoneAlarm is extremely popular, but that doesn't automatically make it the best free firewall you can find. One formidable contender is Comodo Firewall Pro, which independent testing site Matousec rated as the top firewall. Matousec found that Comodo offered the highest level of antileak protection, one measure of a firewall's effectiveness. Comodo offers true two-way firewall protection, is highly configurable, and (unlike most other firewalls) provides a great view of your system and your Internet connection.
AvastTired of dealing with bloated, overpriced security suites that bog down your system and cost an arm and a leg, when all you want is antivirus software? Then get Avast, a superb antivirus program that's free for home and personal use. Because it's a lean piece of software, it imposes a relatively light burden on system resources and RAM. Despite this, it kills viruses in their tracks and has plenty of extras, including live scanning to prevent viruses from infecting your PC in the first place. Avast can scan regular and Web-based e-mail for viruses, too, and it protects against instant messaging viruses, peer-to-peer dangers and more.
AVG Anti-RootkitOne of the most feared types of malware is the rootkit -- malicious software that many types of antimalware can't detect. Not uncommonly, bad guys use rootkits to hide Trojan horses, which can then be used to take over your PC without your knowledge. AVG Anti-Rootkit's sole purpose is to find and kill rootkits. Run it and it scans your PC, sniffing rootkits out and removing any it finds. (Note that this utility doesn't work with Windows Vista.)
Spyware BlasterSome of the nastiest kinds of spyware -- autodialers, home page hijackers, and others--install themselves as ActiveX controls. Spyware Blaster protects you against them, blocking the installation of ActiveX-based malware and other types of spyware, and eradicating tracking cookies that might otherwise invade your privacy. The program works with Firefox, Opera or Internet Explorer, and it prevents your browser from being diverted to dangerous sites. One particularly nice touch is the utility's System Snapshot, which (as you'd expect) takes a snapshot of your PC; if your computer gets infected later on, you can revert to the clean version.
Assessing risks to your system
Is it safe or isn't it? Whether you're asking this question about your own system, a site you'd like to visit, or a link you're tempted to click, you need the right tools to help you understand the level of risk involved. These utilities appraise the situation and deliver an informed assessment of where you stand.
AOL Active Security MonitorNot being a big fan of AOL in general, I was initially leary about downloading and using this free tool. But this simple, straightforward application looks at the security of your PC, reports on what it finds, and makes recommendations. It checks to see if you have antivirus software installed and, if so, whether the definitions are up to date. Then it does the same for antispyware, tests whether you have a firewall enabled, and checks for peer-to-peer software that could pose a danger. The monitor doesn't have any protective capabilities itself, but it warns you if you need some. Be aware, however, that the software doesn't work with Windows Vista. And take its recommendations with a grain of salt: It touts for-pay AOL software such as the AOL Privacy Wall over free software that may be better. Still, if you're looking for some quick security recommendations, it's worth the download.
McAfee SiteAdvisorOn the Web, unlike in the real world, it can be hard to recognize a bad neighborhood when you're wandering around in it. There are no boarded-up windows, no empty storefronts, no hard-looking men lounging on corners or in doorways. In fact, the prettiest and most inviting Web site may harbor all kinds of malware. That's where the McAfee SiteAdvisor comes in. It warns you when a Web site that you're about to visit -- or are already visiting -- may be dangerous. You install it as an Internet Explorer toolbar or as a Firefox plug-in. Then when you search with Google or some other search engine, it displays color-coded icons next to each search result, indicating whether the site in question is safe (green), questionable (yellow), or clearly unsafe (red). It checks sites for downloads that may be dangerous, and for evidence that they will send you spam if you give them your e-mail address. The toolbar offers similar reports about the sites you're currently visiting.
LinkScanner LiteThis is another good tool for determining whether a Web site harbors dangerous content. Open LinkScanner Lite and type in a site URL, and the utility checks the site for dangerous scripts, bad downloads, and other hazardous content. It also warns you about phishing sites and other potentially fraudulent online operations, and it integrates with search sites in much the same way that McAfee Site Advisor does, putting icons next to search results to indicate whether they are dangerous or not. Unlike Site Advisor, though, it doesn't check whether sites harbor adware or spyware.
Internet Threat MeterEvery day, it seems, new threats hit the Internet. Symantec's Internet Threat Meter keeps you informed about the latest arrivals and includes a link to a Symantec site where you can get more information and find fixes. The program runs as a nifty little widget in Windows XP, or as a Sidebar Gadget in Windows Vista, gathering data about the latest threats and reporting the results to you.
Trend Micro HijackThisLike it or not, no single antispyware program can detect and eradicate all spyware. Consequently your favorite antimalware utility doesn't fully protect you. If you suspect that you've been victimized by spyware, but you haven't been able to track down the source of the trouble using your usual diagnostic software, give HijackThis a try. It thoroughly analyzes your Registry and file settings, and creates a log file reporting its results. If your system is infected with spyware, that file will contain clues about the particular type you're dealing with. Though an expert can analyze the log to try to track down the problem, you shouldn't try to do any advanced analysis yourself unless you possess relevant expertise. Instead, simply upload the log file to a HijackThis Web site, and ask the community there to analyze it for you.
Covering your tracks and cleaning up
Encrypting private information, disabling potentially harmful scripts, and cleaning up accumulated detritus are all ways to strengthen your security. These downloads help you keep things safe and orderly.
Kruptos 2Worried that someone may gain access to your most private files? Kruptos 2 uses powerful, 128-bit encryption to scramble files and folders so that only you can read them. It's particularly useful for USB flash drives and portable storage devices, which you can encrypt in the entirety. Kruptos 2 also lets you create self-extracting, encrypted archives; shred deleted files so that all traces of them vanish from your hard disk; and even disguise the filename when you encrypt a file.
Transaction GuardThis freebie from commercial security vendor Trend Micro is actually two pieces of security software in one. First, it's a spyware detector and eradicator that monitors your system in real-time for spyware and kills any it finds. Second, it introduces a "secret keyboard" to ensure that passwords and other sensitive information aren't stolen over the Internet. When you visit a site that asks for a password, instead of typing in the password, you enter it on the secret keyboard, which copies the password to the clipboard, from which it gets pasted directly into a Web form. The software runs as an ActiveX control in the System
CCleanerWhen you surf the Web, you pick up many traces of your Internet activity. Your PC swells up with temporary Internet files, a history list, cookies, autocomplete entries, and lots more. In addition, programs create temporary files, file lists, and other bits of effluvia. Windows itself constantly monitors what you do, and records information about it in logs. In fact, a snoop could easily gather a great deal of information about you from stuff that's junking up your PC. CCleaner rids your system of all such traces. Not only does it enhance your privacy, but you'll regain hard disk space as well. When I used this utility for the first time, it deleted a whopping 835MB of files.
NoScriptAmong the biggest dangers you face when surfing the Web are boobytrapped Java and JavaScript scripts and applets. Evil doers can disguise these harmful pieces of code as useful tools, or can hide them completely while they perform their nasty routines. Unfortunately, there's no practical way for you to separate the good ones from the bad ones. But NoScript, a free Firefox extension, prevents all JavaScript and Java applets from running, except on sites that you designate as safe. The extension presents you with a list of safe sites, which you can add to. NoScript tells you when it has blocked Java or JavaScript on a site. For added protection, this remarkably powerful and flexible tool also blocks Java, Flash, and other plug-ins on sites you don't trust.
File Shredder 2Delete a file and it's gone from your PC, right? Wrong. Even after you delete a file and flush it from your Recycle Bin, special software can re-create it. Of course, in general, you'd like files to stay deleted when you throw them away. File Shredder 2 overwrites any file or folder with a random string of binary data--multiple times. You have a choice of five different shredding algorithms, and using the program is a breeze: Just choose your files, tell the program to shred them, and they'll be gone forever.
Thanks! That's it for now i guess....................
Subscribe to:
Comments (Atom)