April 26, 2012

Updated Apr 26, 2012 at 10:45 PM CDT

The fear of constant surveillance was popularaized with a single line, “Big Brother is watching you.” What if the person watching your every move is not an authority-figure, but a family-figure?

More and more people say they are victims of eavesdropping, a felony crime happening in Central Illinois. That is all accomplished through the use of legal phone applications.

• 
  News Now Digital Daily – subscribe to our daily newsletter
  

“The cell phone has made it so simple for people to be stalked.”

“It’s really very scary for us who are advocating for victims of violence.”

“They’re clearly illegal. I think first and foremost we need to recognize that.”

To begin with, recording someone without their consent is illegal in Illinois. Peoria County States Attorney Jerry Brady calls it a “blatant violation of the law” under an eavesdropping statute. Still, that begs the question, how can a company provide and openly advertise a service that is illegal?

“A kitchen knife could be used illegally in the commission of a crime, but the knife itself is not manufactured with the potential it could be used illegally” said Jon Latorella

Latorella is with a spyware provider called MobiStealth explains their device caters to parents watching over their child’s cell phone activity. Companies that provide the phone app state on their website that the purchaser must own the phone that is being bugged. And there’s the consent.

Latorella added, “The parent can monitor where the child is, make sure they’re at school, make sure they get home.”

“You can determine what is being said, you can determine where the person is located, some of them even indicate that you can record and listen to what’s being said simultaneously” said Peoria County State’s Attorney Jerry Brady.

That means that the spyware can turn your cell phone into a microphone, recording your surroundings even when you’re not using it.

“You’re not just spying on that person. You’re spying with anyone and everyone they’ve come in contact with” said Wendy Brown.

Brown is a Licensed Clinical Social Worker. She has a client who was recently spied on by a significant other.

She also says there can be unintended victims since anyone can be in the room during recordings. The trick is finding out if you’ve been bugged, because most people can’t trace it.

“But, federal investigators, people who specialize in this, they can” added Brown

Often times such apps advertise you can use them to spy on your spouse. FlexiSpy executives did not respond to our requests for an interview, but the site’s online forum shows posts from customers who say they were satisfied with the service after spying on their spouse for months, even years.

“Stalking would be considered patterns of behavior that would cause a reasonable person distress” said Sara Dillifeld.

Dillifeld is with the Center for Prevention of Abuse says the Center has been receiving more information about attackers using such technology to stalk their victims.

Sara Dillifeld added, “When patterns of behavior are consistently controlling and consistently trying to find new ways of gaining that power and control, that’s when you know you’re in a dangerous situation.”

As for those who do use or have considered using spyware, the law is pretty cut and dried. It is the purchaser that is breaking the law by intentionally eavesdropping. The spyware companies just provide the service.

“If we hold the people responsible for purchasing this spyware, then the companies won’t survive anyway” said Wendy Brown.

Latorella added, “We work vigorously with law enforcement to make sure that whatever statute may have been violated is pursued.”

Jerry Brady said, “The best message is, in spite of it being a disclaimer, it’s still an eavesdropping device, and it’s still a violation of the law.”

SAN DIEGO–(BUSINESS WIRE)–

ESET
today announced that for the second straight year, Gartner has ranked
the company as the security software vendor with the largest worldwide
growth in consumer security. According to Gartner’s “Market Share:
Security Software, Worldwide, 2011” report, which was released in late
March 2012, ESET grew by 30.10 percent.

According to the report, “The security software market continues to show
resilience at a time of IT budget restrictions. The market grew 7.5
percent in 2011.”

“We are consolidating our position as a top security software for
consumers, and we believe that Gartner’s analysis is recognizing it. The
team behind our products – talented researches and developers – has been
focused on understanding the threats for end users for a long time and
we are happy to see that effort is being rewarded by our customers
around the globe,” said Ignacio Sbampato, ESET chief sales and marketing
officer.

During 2011, ESET has worked closely with its exclusive distributors
from all around the globe to develop new sales channels, making it
possible for home and small office users to access products in an easier
way. Those channels include Apple Stores in North America, Staples,
Saturn and MediaMarkt in several European countries, plus the tens of
thousands of specialized resellers that deal with ESET software.

ESET has long been recognized for offering solutions that provide
superior protection. By utilizing unique ThreatSense technology, all
ESET products deliver real-time protection from spyware, viruses and
other threats while using very little memory and CPU resources. Since
2011, ESET products include a new version of its cloud-based reputation
system, ESET LiveGrid, which significantly improves the user’s
protection against unknown threats. Additionally, ESET saw extensive
growth in the consumer security market in 2011 with its award-winning
anti-malware solutions ESET NOD32 Antivirus, ESET Smart Security, ESET
Cyber Security for Mac, as well as ESET Mobile Security (for Windows
Mobile, Symbian and Android platforms).

About ESET

ESET
is on the forefront of security innovation, delivering trusted
protection to make the Internet safer for businesses
and consumers.
IDC has recognized ESET as a top five corporate anti-malware vendor and
one of the fastest growing companies in its category. Trusted by
millions of users worldwide, ESET is one of the most recommended
security solutions in the world. ESET
NOD32 Antivirus consistently achieves the highest accolades in all
types of comparative
testing, and powers the virus and spyware detection in ESET
Smart Security and ESET
Cybersecurity for Mac. Sold in more than 180 countries, ESET’s
global headquarters is in Bratislava, Slovakia, with distribution
headquarters for North America located in San Diego, California. ESET
also has offices in Buenos Aires, Prague, Krakow and Singapore and is
represented by an extensive global partner network. For more
information, visit http://www.eset.com/us
or call +1 (619) 876-5400.

Other links you may like:

, LocatePC, Fake your caller ID go to SPOOFEM.COM, LIGATT Security, Hacker Gear OnlineStolen Computer Alert

Sites we like

Hacker For Hire
Am I Hacker Proof
How to become the world’s No. 1 hacker

The myriad threats to public, private and U.S. government networks is getting a ton of attention in Washington, D.C., this week as the House gets ready to debate yet another cybersecurity bill.

At a hearing — “America is Under Cyber Attack: Why Urgent Action is Needed” — a number of security experts spoke about the impact of attacks on the critical IT systems that make companies and the country run.

MORE: From Anonymous to Hackerazzi: The year in security mischief-making

“It is difficult to overstate the potential harm these threats pose to our economy, our national security, and the critical infrastructure upon which our country relies. The number and sophistication of cyber-attacks has increased dramatically over the past five years and is expected to continue to grow,” said Shawn Henry, former executive assistant director for the FBI’s Criminal, Cyber, Response, and Services. Henry is now president of CrowdStrike Services. “The threat has reached the point that, given enough time, motivation, and funding, a determined adversary will likely penetrate any system that is accessible directly from the Internet.”

As part of the hearing, the watchdogs at the Government Accountability Office laid out some of the basics of the security problems facing the industry.

“Cyber-based threats are evolving and growing and arise from a wide array of sources. These threats can be unintentional or intentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems. Intentional threats include both targeted and untargeted attacks from a variety of sources, including criminal groups, hackers, disgruntled employees, foreign nations engaged in espionage and information warfare, and terrorists. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others,” said Gregory Wilshusen, director, Information Security Issues, with the GAO.

According to the GAO, the most common sources of cyberthreats include:

• Bot-network operators: Bot-net operators use a network, or bot-net, of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack or services to relay spam or phishing attacks).

• Criminal groups: Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, online fraud, and computer extortion. International corporate spies and criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

• Hackers: Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain, and political activism, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

• Insiders: The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization, as well as careless or poorly trained employees who may inadvertently introduce malware into systems.

• Nations: Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power — impacts that could affect the daily lives of citizens across the country. In his January 2012 testimony, the Director of National Intelligence stated that, among state actors, China and Russia are of particular concern.

• Phishers: Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.

• Spammers: Individuals or organizations distribute unsolicited email with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).

• Spyware or malware authors: Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.

• Terrorists: Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information. These sources of cyber threats make use of various techniques, or exploits, that may adversely affect computers, software, a network, an organization’s operation, an industry, or the Internet itself. Table 2 provides descriptions of common types of cyber exploits.

Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.

Read more about wide area network in Network World’s Wide Area Network section.

While there are many articles warning you about computer viruses and Trojans, which is what we think about first in the computer “maintenance” mindset, there are many other peripheral things that need to be maintained to keep your computer long-lived and happily computing along.

Follow these simple suggestions for a maintenance-free computing experience:

There is no good reason to keep your laptop on 24/7, unless it is supporting ancillary networks ( here is good advice from “How Stuff Works” on this subject) or devices! In fact, there are plenty of good reasons not to. Let’s start with power consumption and the dissipation of heat! Heat kills electronics and degrades plastics as well. That small cooling fan inside runs constantly for cooling your computer’s electronics and has a functional life-span in hours of service. Secondly, it costs you money to keep it on. Most computers consume between 50 to 200 watts depending on model, size and mode. You may net a savings of between $30 and $100 a year, just keeping it from idling all the time! Simply put, the more you turn your computer off, the longer it will last and the more dollars it will save you.

All of your external ports that are not in use are just sitting out in the environment collecting dust and everything else that decides to invade those connectors. If you are not using these ports (and most people don’t use some of them ever), simply cover them with hypoallergenic first-aid, adhesive tape (a low residue tape product that will not leave a residue on the port connectors) and remove when in use. Otherwise, foreign particles and debris can sit inside the open connectors and gets pushed back into the far reaches of the connectors when used and eventually need to be cleaned. Think about it, as a comparison your cell phone usually has all it’s ports mechanically covered with rubber or plastic grommets. Your laptop computer is basically the same thing and some of the newer laptops and smaller devices are in fact coming with external port seals.

Speaking of external computer ports on your laptop, when you do use your external ports take great care not to bend or exert side/up/down pressure on the terminals or sockets. Constant insertion/extraction and external pressures on the port mechanically will excessively wear the metal connector pins and/or the outside socket support framing, both causing eventual connection issues. Case-in-point, one of the major failures of a computer is that of the power cord socket itself. This is due to the constant plugging-in-and-out of the dc/power cord, but also is excessively worn due to overhanging or cantilevering of the power cord itself, which puts excessive mechanical pressure on the socket.

Another preventative maintenance trick to keeping that disc player relatively clean is to keep a spare disc (or a movie you like to view from time to time) in your disc tray. The disc will actually serve as a dust protector of sorts, keeping the mechanical part of the functioning device (optics) inside that disc player cleaner.

One of the primary functioning parts to any laptop is the battery. Batteries will last a long time if properly treated and maintained! It is advisable to remove your battery from your laptop when you have your computer plugged in at home or office, unless you are purposely charging the battery for future use. One of the common mistakes of laptop users is keeping the dc/power supply plugged in all the time or “topping off” the battery frequently, whether it needs it or not. Both of these mistakes will considerably shorten your battery life. Laptop (lithium technology) batteries like to be left with about a 40% “full” charge while stored. Your battery basically has a “charging-cycle” limited lifetime. So, the idea is to discharge it fully (or almost) and recharge only when fully discharged. This will increase the usable lifespan of the battery. Here are more tips on your laptop battery.

Proper cleaning of your computer’s keyboard is also essential to your computer’s health in general. Keyboards seem to attract an array of foreign substances from cookie crumbs to spilled coffee or other foreign substances. While general cleaning of the keyboard includes dumping the computer upside down and hoping that this material falls from the reaches, professional cleaning of the keyboard is advised unless you have meticulous mechanical skills to take your computer apart to access the keyboard.

Your computer screen is a very delicate device that can be easily cleaned with some careful advice. While most computers come with the proverbial “linen” or “micro-fiber” wipe for the screen, usually skin oil and a variety of other things left over from fingers can build up on the screen and is difficult or even impossible to remove completely with the provided wipes. Soft, semi-damp, cotton towels can provide a great grease-busting tool. I would not however, recommend any type of surfactant be used or any other “dry” wipe on the plastic screen itself.

Criminal underground peddles sub-$300 spyware installer.

Security researchers have discovered a trojan being sold on black market websites as a way to steal customer credit card information from hotels.

According to security firm Trusteer, the remote access trojan was being peddled in underground forums for $US280 ($A270).

The malware targets hotels’ front-desk computers. Once installed, it downloads spyware that captures screenshots from point-of-sale (PoS) applications to sniff out credit card numbers and expiration dates.

Trojan sellers have also included guidance on how to use social engineering to trick front-desk clerks into installing the trojan.

Oren Kedem, director of product marketing at Trusteer, said the hospitality industry was a lucrative target because it dealt in valuable financial data.

Fraudsters may also find hotels soft targets because employees regularly received emails from unknown people, and could be tricked into opening malware-laden messages, he said.

“Hotels communicate with the public,” he said. “If you’re a hotel you open emails and communicate with people you don’t know on a regular basis.”

Kedem added that hotel employees often used unmanaged mobile devices that may not contain patches and anti-virus protections to stop new trojans.

Verizon Business’ Data Breach Investigation Report has highlighted the hospitality and retail sector as a prime target of data thieves in recent years.

The report this year included data from the Australian Federal Police and highlighted an increase in automated attacks against PoS systems of small hospitality and retail businesses.

Copyright © SC Magazine, US edition

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate.

The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and other companies want Microsoft to change Vista so their products can easily replace the operating system’s built-in Windows Security Center on the desktop. But Microsoft is resisting the call.

“By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,” Bruce McCorkendale, a chief engineer at Symantec, said in an interview. “How do we trust that Microsoft knows what all the important things about security are to warn users about?”

Windows Security Center, introduced with Windows XP Service Pack 2, pops up on desktops to alert PC owners if their firewall, virus protection and other security tools need attention. The version in the Vista update, set for broad release in January, will add new categories and management tools.

It is possible to run third-party security consoles in Vista, said Stephen Toulouse, a program manager in Microsoft’s Security Technology Unit. However, people have to manually disable the Windows Security Center if they don’t want to use it. And the software giant has no plans to give other companies the ability to turn off the Windows Security Center, Toulouse noted.

“Our main concern is to provide customers with a fall-back option if there is no other security center running,” he said.

If the differences aren’t worked out, it could spell annoyance for consumers, the rival security companies say. People who choose to use Microsoft’s console alone will get a limited view of their Vista PC protection, they suggest. Those who buy competing software will have to run it alongside Microsoft’s dashboard, which could report conflicting information. Rivals have charged that the Redmond, Wash.-based software giant is hurting consumers, raising the specter of more antitrust complaints for Microsoft.

“Microsoft’s Windows Security Center demonstrates fairly limited sophistication, and having (it) control the console could take away the consumer’s visibility into the threats he faces,” said Siobhan MacDermott, a spokeswoman for McAfee. “Ultimately, it’s something the consumer should decide, not Microsoft.”

Jostling for position
Tensions are flying high in the security space after Microsoft, with its $34 billion war chest, entered the market. It launched Windows Live OneCare for consumers and is readying enterprise security products. With its huge presence on desktops, the software giant has a built-in advantage–one that is making other security companies nervous. European antitrust regulators are closely watching Microsoft.

Security companies have already fought several battles over Vista similar to the one about Windows Security Center. Some they won. Most recently, Microsoft added the ability for third-party products to turn off Windows Defender spyware protection in Vista, rather than requiring the PC user to do it. Earlier, it provided the same functionality for the Windows Firewall. In both cases, Microsoft has asked security companies to re-enable the Windows defenses if their products are removed from a PC.

A dispute still exists over “PatchGuard,” a security feature that Microsoft says is designed to guard core parts of the 64-bit version of Vista, but which critics say locks out helpful software from security rivals.

And then there is Windows Security Center, which sits in the Windows Control Panel and pops up any time there is a security alert, such as when antivirus protection is disabled or the firewall is turned off. Microsoft is beefing up the console in the successor to XP, and refers to it as the “voice of security for Windows Vista.”

In Vista, the security dashboard will add reports on spyware protection, Internet security settings, and Windows security technology called “User Account Control.”

Another change in Vista is that Windows Security Center will be used to manage the security software, in addition to reporting on it. For example, a PC user could update antivirus definitions or disable a firewall directly from the Windows Security Center, according to a recently published Microsoft document on the feature.

This could give rivals the opportunity to change tack and focus on developing products that plug into Microsoft’s security dashboard, rather than continuing to produce their own, Toulouse suggested. “They might not need to have their own security center anymore,” he said. “It is our hope that they build products that connect into Windows Security Center.”

Microsoft agreed that multiple security consoles on a single PC could confuse users, especially different information is displayed, but said that this is an argument in favor of funneling all security software management via the Windows Security Center.

“It is a fundamental lack of clarity for the user,” Toulouse said. Microsoft’s dashboard is “neutral” and “vendor agnostic,” Toulouse added.

But Symantec and Check Point chuckle at the notion that Microsoft is neutral. For example, both companies doubt it is a coincidence that the company added an anti-spyware category to the Windows Security Center only after it introduced Windows Defender, an anti-spyware tool that will ship as part of Vista.

“Who is Microsoft to define the right way to think about security?” asked Laura Yecies, general manager of Check Point’s ZoneAlarm division. “Microsoft does not have the track record or expertise in this space. They have not earned it.”

Best view
McCorkendale said Symantec’s own security center will give its customers the best view of the status of Symantec products, so people should have the option to use the Symantec dashboard instead of Microsoft’s. “Customers should be allowed to choose their security product suites and therefore the security console to go with them,” he said.

Symantec’s console is called the “Norton Protection Center,” and Check Point has a management console in ZoneAlarm Internet Security Suite. McAfee, one of the top players in the consumer security space, also has a security console. Trend Micro and CA declined to comment.

Competing consoles

Microsoft’s Windows Security Center will appear in the Vista update. Here’s a list of rival technology, which ships in the maker’s security suite product.

McAfee: McAfee SecurityCenter

Symantec: Norton Protection Center

Check Point: ZoneLabs’ ZoneAlarm Security Suite management console

Trend Micro: PC-cillin Internet Security console

Michael Cherry, an analyst at Directions on Microsoft, also questioned the software maker’s neutrality when it comes to Windows Security Center, wondering whether Microsoft’s developers would respond quicker to a request from the OneCare team then to Symantec’s Norton AntiVirus team.

“I am not comfortable yet that that information is being shared equally and that all partners are equal partners,” Cherry said. “It is only neutral when they can prove that OneCare, or Windows Firewall, or Windows Defender does not get a more favorable review or a more favorable access to technology.”

There is something to be said for a central point in Windows that has security information, Cherry added. But if a user picks a third-party security suite, that product should be able to turn off Windows Security Center, he said.

“If I choose to use a third party’s tools, then I would want to use a security center from them. So I’d be much more comfortable if Microsoft’s could be uninstalled in favor of the one I want to use,” he said.

Restricted Vista?
Symantec, Check Point and McAfee also argued that Microsoft’s Windows Security Center risks giving consumers a limited view of security.

“If we were to just cede the dashboard console view of security to Microsoft, we could only talk to users about firewalls, antivirus and anti-spyware,” Symantec’s McCorkendale said

Check Point’s Yecies said that Microsoft’s console looks at security with blinders that are surprisingly convenient to its own product lineup.

“The modules, as Microsoft has currently defined them, are incomplete in an environment of zero-day exploits,” she said. “Setting up those terms really limits the view consumers have about what is possible and potentially what they need. It might lead a consumer to think that they are fully protected, when in fact they are far from it.”

But Natalie Lambert, an analyst at Forrester Research, argued that Microsoft is helping PC users. “The Windows Security Center is helpful, it really does provide a quick view into security,” she said. “Consumers need to have security handed to them on a silver platter.”

Vista is the first major update to Windows since Microsoft shipped XP in 2001. Back then, Microsoft was not a player in the security arena, and things went much smoother, McCorkendale said

“It is really hard work and we have had to be very, very persistent and over a very long period of time, which is different from how we used to work with Microsoft before they got into the security space. They have really changed the rules of the game; we used to have a lot more pleasant dialogue,” he said.

Ultimately, Symantec hopes all the differences can be resolved nicely, McCorkendale said.

“All our concerns are about consumer choice. Consumer should be allowed to choose their security solution and if they are not allowed to make that choice…you risk a monoculture in security, which reduces innovation and diversity.”

Microsoft can perform a type of network access control on Windows RT devices as a way to protect corporate networks from harm these devices might inflict if put to corporate use, making them a cut above iPads and Android tablets in this regard.

The newly announced capability can check the devices for compliance with corporate policies surrounding passwords, encrypting data, antivirus, anti-spyware and auto updates, according to the Building Windows 8 blog. This is similar but less comprehensive than what some NAC schemes do in order to keep devices that don’t comply from connecting to networks.

Previously Microsoft had announced four flavors of Windows 8 — Windows 8, Windows 8 Pro, Windows 8 Enterprise and Windows RT — with Windows RT lacking many of the features included in the Enterprise edition that might make the devices more palatable to businesses.

BACKGROUND: Windows RT tablets will add to the BYOD nightmare

TEST YOURSELF: The Windows 8 Quiz

Windows RT is the name Microsoft has given to a Windows 8 operating system that is packaged with ARM-based hardware such as power-efficient tablets. They are expected to ship later this year or early next. The devices don’t support applications that run on standard x86/64 machines, and until now, would accept Metro-style applications designed for Windows 8 only directly from Microsoft.

None of this made Windows RT seem any more BYOD-friendly than Android tablets or iPads.

But a client announced by Microsoft will monitor the security posture of the devices and enable downloading proprietary business applications to them. The client will communicate with an undefined cloud-based management platform that will be announced later by the team working on Microsoft’s System Center.

The client’s main function is to download and install Windows 8 Metro-style applications that are designed to work on both x86/64 and ARM devices. Without the agent, owners of Windows RT devices can only download applications that are stocked in the Windows Store or via Windows Update or Microsoft Update.

But Microsoft recognizes that businesses will create their own Windows 8 Metro apps that they want to deploy to personal Windows RT devices that employees might want to use for work, according to the blog.

The client makes this possible by connecting to the corporate management infrastructure and to a self-service portal, which displays applications that are available for each user to download. This provides a mechanism to download proprietary line-of-business Metro apps to employees without placing them in the public Windows Store. As the blog says, “… there is no reason to broadcast these applications to others or to have their application deployment managed through the Windows Store process.”

If the business or the owner of the device decides to remove it from corporate management, the client wipes out the proprietary apps.

Before users can connect their Windows RT devices to the management service, their Active Directory settings must be changed to allow it and to specify how many devices they are allowed to connect via SSL authentication. The process involves registering the device with the network.

Each user authorized to use the management service must be specified within Active Directory as someone allowed to connect devices. Once connected, the client makes daily maintenance reports about the hardware, applies changes to settings policies on the devices, reports on compliance with those policies and updates the proprietary apps as needed.

The client also informs the management platform whenever users initiate application installation from the self-service portal, the blog says.

Administrators can set security parameters the devices must comply with such as maximum failed logins, lockout after a maximum period of inactivity, requiring passwords of specified length and complexity, imposing enabled and expired dates on passwords and maintaining password history.

The agent can also set up VPN connections automatically to the management infrastructure so users don’t have to do it manually. The client also reports the status of drive encryption, auto update, antivirus and anti-spyware.

“Leveraging this compliance information, IT admins can more effectively control access to corporate resources if a device is determined to be at risk,” the blog says. “Yet once again, the user’s basic experience with the device is left intact and their personal privacy is maintained.”

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.

Read more about software in Network World’s Software section.

VANCOUVER, British Columbia–(BUSINESS WIRE)–

Faronics, a global leader in simplifying, securing and managing
multi-user computer environments, has released a new version of Faronics
Anti-Executable, the company’s flagship application control tool that
ensures endpoint security by only permitting approved executables to run
on a workstation or server. The new release simplifies application
control in the face of increasing attacks via social networking
websites, and comes as part of the company’s ongoing commitment to
providing the most comprehensive layered security suite on the market.

Organizations today are faced with a struggle against ever-complex
security threats that standalone solutions can no longer mitigate. While
many anti-virus tools offer protection against known spyware and
malware, they require extensive staff resources for definition file
updates and patches. With vast amounts of new malware emerging every day
and the onset of highly-targeted email scams, these definitions simply
cannot keep up with this rate of growth – leaving corporate networks
exposed to zero-day attacks, mutating viruses or the installation of
unlicensed software as a result.

Faronics Anti-Executable allows only approved applications to install
and execute by creating a centralized control list that blocks
unauthorized executables from infecting machines or causing system
degradation. The control list then enables enterprise-wide policies to
be set and managed through specific user groups, eliminating the
time-consuming process of updating each workstation on a per user basis.

“Many of today’s security approaches have become virtually ineffective,
as they continue to be based on the same old technologies that are often
ill-equipped to protect against emerging threats,” said
Dmitry Shesterin, VP, product management at Faronics. “In this age of
social networking, employees can inadvertently pose a serious security
risk simply by clicking a link from a ‘trusted’ Facebook friend or
LinkedIn connection, for instance. With today’s cybercriminals able to
bypass so many conventional defenses, managing IT security has never
been more difficult. As such, the only way to ensure total protection of
the corporate network is to introduce layered security policies that can
adapt in line with the evolving threat landscape.”

Key features and end-user benefits of the new release include:

• Enhanced security. Confidential data is protected from exposure
  to malicious third parties using keyloggers and spyware to access the
  corporate network. Zero-day, targeted attacks and mutating viruses are
  combated through application control lists without the need for
  constant definition updates
• Flexibility. Centralized control of applications and
  policy-based user groups make it easier for administrators to create
  and maintain lists of approved executables
• Lower costs. By preventing system degradation from unlicensed
  software, Anti-Executable 5.0 reduces the amount of time that IT teams
  spend on troubleshooting employee workstations. The lifespan of
  hardware is maximized by ensuring efficient performance. Systems and
  bandwidth integrity is preserved
• Productivity. Full system availability is preserved through
  prevention of performance degradation and the running of unauthorized
  applications and malware. Employee productivity is increased by
  removing distracting applications from their computers

“Preventing unauthorized programs from wreaking havoc on a corporate
network is a mission-critical task – and with that in mind, a key
component of Anti-Executable 5.0 is the introduction of application
control lists, which act as a safety net should malware slip past other
security tools,” continued Shesterin. “At Faronics, we have always
recommended a layered approach to security that combines Faronics
Anti-Virus with the instant system restore solution Deep Freeze, as well
as Faronics Anti-Executable. In support of this, we are constantly
innovating to ensure that customers get the most up-to-date, robust
protection to minimize the financial costs and reputational damage of
failed security.”

Faronics Anti-Executable 5.0 is available now, and further details can
be found here: http://www.faronics.com/assets/AE5-0_V1_Datasheet_EN.pdf

About Faronics:

With a well-established record of helping businesses manage, simplify,
and secure their IT infrastructure, Faronics makes it possible to do
more with less by maximizing the value of existing technology. Faronics
is the only endpoint security software vendor to offer a comprehensive
layered security solution consisting of anti-virus, application
whitelisting, and instant system restore protection. Incorporated in
1996, Faronics has offices in the USA, Canada and the UK, as well as a
global network of channel partners. Our solutions are deployed in over
150 countries worldwide, and are helping more than 30,000 organisations.

For more information visit www.faronics.com.

According to a new report from The Inquirer, criminals are capitalizing on hotel point of sale (PoS) applications to “siphon off travellers’ credit card details.” This form of theft is achieved by “using a remote access Trojan program to infect hotel front desk computers. The malware includes spyware components that steal credit card and other customer information by capturing screenshots from the PoS application. The malware is capable of stealing credit card numbers and expiration dates, but not CVV2 numbers in the sample Trusteer inspected.”

Trusteer, the world’s leading provider of secure web access services, detected these schemes and says hotel poaching is a virile trade in underground and tech forums. Attack codes can be purchased in Visa underground forums for $280 and the spyware cannot be detected by anti-virus software. The package even includes a manual loaded with tips on how the poacher can trick the desk clerk into loading the spyware for them.

Amit Klein, Trusteer’s CTO, warns that:

“Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises.”

“One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications.”

Will these attacks inspire hotel chains to beef up their security and educate their employees about cyberooks?

Gang alleged to have to have broken into corporate networks in France, Russia and Iceland
 
Experts at SophosLabs have welcomed the news that French authorities have arrested a total of 22 people suspected of running an international hacking gang that broke into business networks in France and overseas.

According to French media reports, the 22 alleged hackers were arrested in Paris, southern and central France following a four month investigation involving over 90 members of the police force.

The arrested members of the alleged gang are said to be all under 25 years of age, with one reported to be only 13 years old. According to media reports, the gang were members of an internet forum of some 200 hackers where they were seen bragging about their “successes”.

Police have said that it is not clear at the moment what the motivation for the hacking was, although some data was reportedly destroyed on company networks. If found guilty of destroying data and degrading network performance in affected companies the hackers could face a maximum of five years in jail.

“One of the disturbing facts about this story is that 16 of the 22 people arrested are under 18 years old,” said Graham Cluley, senior technology consultant for Sophos. “While the authorities must be applauded for investigating cases like this, we should also question what is going wrong with our education of young people to make them think that computer hacking might be an acceptable way to behave. More has to be done to teach children in school how to use their computer skills responsibly.”

According to official statements, 34 businesses in France, Iceland and Russia were allegedly affected by the hacking, but at present only seven firms have registered a formal complaint.

“Companies not only need to be on their guard to defend their systems against cybercriminals and internet hackers, they must also be prepared to report crimes when they occur,” explained Cluley. “If individuals and businesses don’t come forward and report an offense, the authorities can find it hard to put together a concrete case against the perpetrators.”

Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend their networks, email and web gateways against the threats of hackers, malware, spyware and spam.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos’s network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK

SAN FRANCISCO–(BUSINESS WIRE)–

Lookout Inc., the leader in mobile security, today announced a new
feature to enhance Lookout’s award-winning antivirus and mobile security
service to T-Mobile’s Android customers. Mobile devices are an essential
part of people’s lives making it more important than ever for customers
to take steps to safeguard their data and privacy, and the Lookout app
serves as a lifeline for mobile devices, protecting against malware,
spyware, data loss and device loss. Since launching a partnership in
2011, Lookout Mobile Security has been available as a preload on most of
T-Mobile’s Android smartphones and tablets, including the new Samsung
Galaxy S® Blaze™ 4G.

With Lookout, T-Mobile customers can pinpoint a missing smartphone or
tablet on a Google map and use SCREAM™ Tones, a new feature that sounds
a loud noise, to help identify a lost device nearby. T-Mobile customers
can choose from six tones of animated sounds, including wolf howl, train
whistle, euro siren, beam me up, the T-Mobile jingle, and Lookout’s
original siren, to help locate a lost phone or tablet.

“Smartphones and tablets are our most personal devices and as consumers
store more information on them, there’s an elevated interest to protect
them,” said Torrie Dorrell, vice president of application, content and
games, T-Mobile USA. “Lookout is a great fit for T-Mobile because the
app is powerful yet easy to use, and it gives our customers protection
across a range of mobile security threats.”

“T-Mobile is a leader in mobile communications and we’re thrilled to
work together on enhancing mobile security,” said John Hering, CEO and
co-founder, Lookout. “Having the Lookout app preloaded on T-Mobile
devices means customers can quickly and easily access content that helps
them feel safe and confident to do more with their phones.”

Available in Google Play, the Lookout app is a free download that
enables people to find a missing device when it is lost or stolen,
manage phone security, and easily backup precious data. From a single
online destination at mylookout.com,
people can manage multiple mobile devices and locate a phone or tablet
on a Google map. Lookout makes automatic updates over-the-air, making
data and device protection simple for users. The Lookout Premium app
includes the essential security in the free Lookout app, in addition to
enhanced security with Remote Lock Wipe, Safe Browsing, and Privacy
Advisor.

Lookout has more than 15 million users in 170 countries across 400
mobile networks and is continuing to add a million new users every
month. The top-rated security app available, Lookout was recently
awarded PC Magazine’s Editors’ Choice award and has a five-star rating
from CNET. To learn more or download Lookout, please visit www.mylookout.com.

About Lookout

Lookout is a mobile security company dedicated to making the mobile
experience safe for everyone. Lookout delivers award-winning protection
from the growing threats facing mobile users today, including malware,
phishing, privacy violations, data loss, and loss of the phone
itself. Cross-platform, Lookout is designed from the ground up to
provide advanced mobile protection while remaining lightweight and
efficient on the phone. With 15 million users across 400 mobile networks
in 170 countries, Lookout is the world leader in smartphone security.
Headquartered in San Francisco, Lookout is funded by Accel Partners,
Andreessen Horowitz, Index Ventures, Khosla Ventures and Trilogy Equity
Partners. For more information and to download Lookout, please visit www.mylookout.com.

Other links you may like:

Gregory Evans on Television http://gregorydevans.com/video-gallery/, LocatePC, Fake Emails go to SPOOFEM.COM, LIGATT Security, Hacker Gear OnlineStolen Computer Alert

MALAYSIA recorded RM2.75bil losses due to cybercrimes over five years (from 2005 to 2010), with the financial sector the worst hit, CyberSecurity Malaysia reported recently.

With the increased uptake in mobile applications of local enterprises, it is crucial that Malaysian companies implement guidelines and a strict policy on their employees with mobile devices to safeguard the confidentiality, integrity and availability of data contained in the devices.

“Mobile devices today carry confidential information such as company e-mail messages, product pictures and customers’ contact details. Similar to personal computers, mobile devices are vulnerable to spam, viruses, spyware, theft, loss, and even phishing attacks. The confidentiality and availability of company data will be compromised if a mobile device is misplaced, lost, stolen or hacked into,” Cybersecurity CEO Lt. Col (R) Prof Datuk Husin Jazri (pic) reiterates.

Husin stresses user education on best practices of using mobile devices securely for users.

“For example, users should learn (or be trained) about how to encrypt data on their mobile devices and portable storage devices such as thumbdrives for protection in case the devices are misplaced or stolen.”

A few policies that Malaysian organisations can implement include pre-installing anti-virus, anti-spyware and firewall on the mobile devices before issuing them to the employees; and encrypting all confidential data and e-mail stored or received on mobile devices to prevent data theft.

Ultimately, the organisations need to control the usage of private applications as well the use of Bluetooth and Wi-fi by employees who are using mobile devices provided by the company to protect them from viruses, spyware and phishing attacks.

“Employers should not be allowed to download and install apps on their devices without approval from the company’s Head of ICT Security,” he says.

Related Stories:
Jump safely on the mobile train
Free Wi-fi users warned

MALAYSIA recorded RM2.75bil losses due to cybercrimes over five years (from 2005 to 2010), with the financial sector the worst hit, CyberSecurity Malaysia reported recently.

With the increased uptake in mobile applications of local enterprises, it is crucial that Malaysian companies implement guidelines and a strict policy on their employees with mobile devices to safeguard the confidentiality, integrity and availability of data contained in the devices.

“Mobile devices today carry confidential information such as company e-mail messages, product pictures and customers’ contact details. Similar to personal computers, mobile devices are vulnerable to spam, viruses, spyware, theft, loss, and even phishing attacks. The confidentiality and availability of company data will be compromised if a mobile device is misplaced, lost, stolen or hacked into,” Cybersecurity CEO Lt. Col (R) Prof Datuk Husin Jazri (pic) reiterates.

Husin stresses user education on best practices of using mobile devices securely for users.

“For example, users should learn (or be trained) about how to encrypt data on their mobile devices and portable storage devices such as thumbdrives for protection in case the devices are misplaced or stolen.”

A few policies that Malaysian organisations can implement include pre-installing anti-virus, anti-spyware and firewall on the mobile devices before issuing them to the employees; and encrypting all confidential data and e-mail stored or received on mobile devices to prevent data theft.

Ultimately, the organisations need to control the usage of private applications as well the use of Bluetooth and Wi-fi by employees who are using mobile devices provided by the company to protect them from viruses, spyware and phishing attacks.

“Employers should not be allowed to download and install apps on their devices without approval from the company’s Head of ICT Security,” he says.

Related Stories:
Jump safely on the mobile train
Free Wi-fi users warned