…okay, maybe we’re being a little harsh there.

But a recent ScanSafe report indicates that malicious PDF files accounted for 80% of all web-encountered exploits in 2009. Flash exploits, on the other hand, dropped from 40% of all exploits in 1Q09 to 18% in 4Q09.

(By comparison, web-encountered exploits in Word and Excel comprised less than 1% of all detected exploits for the year).

It’s an interesting change-of-scene. In response to these perceived security flaws, some are recommending avoiding Adobe products altogether – which would make sense, except that more than 90% of internet-enabled PCs have Acrobat installed (and more than 99% of them have Flash).

But as Dancho Danchev at ZDNet points out, the increased number of exploits may be owing to the number of outdated Adobe products in use. As mentioned in his article, if 83% of those PC users with Acrobat installed haven’t installed the latest security patch, they may as well paint a big target on their backs.

Given the widespread use of Adobe products, avoiding Acrobat and Flash isn’t really a viable answer for most small businesses and individuals. Like most things in internet security, you can do a lot to protect yourself by just being a little more proactive. Keep your Adobe products updated. Treat any downloaded PDF files with the same caution you would use when opening an executable file. And if you’re really worried, disabling the use of javascript in Acrobat Reader and avoiding the use of browser plug-ins will give you an extra layer of protection.

(And in case you’re wondering, you can download the original ScanSafe report here. Yes, we’re well aware of the irony that it’s delivered as a PDF.)

Kipp Chambers
Sr. Internet Marketing Specialist

Share on Facebook

Choosing the right password – What’s it to me?

In today’s world technology is always right at all of our fingertips. All things considered, this is a good thing to most people. Still, we must work to keep our personal identities safe.  How would you honestly answer this question:

How safe am I being on the internet?

Typical people can have multiple passwords to a series of different accounts on the internet, like social media sites, e-mail and online banking. We are all vulnerable out there when it comes to the simple passwords we choose so that we can remember them all.

A study at the trends of the simple passwords used in the 1990’s all the way to now, we have seen many similarities in passwords chosen like “12345, abc123, and password” When we look at the overall picture we see that the best way to make sure you don’t fall victim to hacker’s with bad intentions choose a more complex password.

Pointers for  password creation:

- Select one with 8 or more characters
- Add  a capital letter, number, and some form of punctuation mark (ex. Pa33w0rd!)
- Never use your street name or your own name in a password

This above example (Pa33word!) shows a very simple password converted to different characters to make it more difficult for a hacker to figure out. Most hacker’s at this time do not try and guess your password by inputting it themselves they have programs that do that for them. The experts suggest that everyone should choose at least two different passwords; a complex one for Web sites where security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Here is a list of the top 32 user passwords that got hacked from a company that makes software for social media sites like Facebook and MySpace:

Most popular passwords:

1.  123456
2.  12345
3.  123456789
4.  password
5.  iloveyou
6.  princess
7.  rockyou
8.  1234567
9.  12345678
10.  abc123
11.  nicole
12.  daniel
13.  babygirl
14.  monkey
15.  jessica
16.  lovely
17.  michael
18.  ashley
19.  654321
20.  qwerty
21.  iloveu
22.  michelle
23.  111111
24.  0
25.  tigger
26.  password1
27.  sunshine
28.  chocolate
29.  anthony
30.  angel
31.  FRIENDS
32.  soccer

Source: New York Times

It should go without saying, but don’t ever use one of these passwords! And, if one of these is currently a password of yours, I would greatly advise that you change it ASAP!

Chris Branson, Network Engineer

Share on Facebook

Mozilla Firefox has just released version 3.5.6 on December 15th. This update of the open-source browser sews up security and stability issues, resolving three critical security holes, and also patches up other stability issues. The three flaws that this update rectifies:

1. An integer overflow flaw in the libtheora video library
2. A memory Safety concern in the liboggplay media library
3. A problem with Javascript that could allow for crashing the browser and potentially running malicious commands

Please see Mozilla’s list of security advisories for a full list on the critical fixes and more details.

The moral of this post: When your Firefox browser prompts you to install some updates, please do so!

Share on Facebook

1. Don’t open emails from unknown sources -  Email is the main source of worms, viruses, and Trojan horses. Be especially careful not to open any attachments from an unknown source.

2. Protect your PC with antivirus – If you don’t have an antivirus software on your PC, you’re dancing with disaster! Never click any of those “Free antivirus software, click here!” pop-up ads. They actually GIVE you viruses. Make sure you purchase antivirus from a trusted, well known company. And once you have it, make sure it remains up to date at all times. To ensure that you’re using the right antivirus software for your needs, please talk to your IT provider.

3. Scan everything – Scan all discs and downloads for viruses before running them.

4. Maintain all updates – This does not only go for the patches mentioned above. Make sure all system updates are installed. If you run Windows, visit the Windows Update website. It has the answers to your operating system needs.

5. Watch your downloading and clicking habits – Be careful what sites you download things from off of the internet.  Always try to download new programs directly from the source when possible. Always be suspicious of any downloads that a chat application may send you; ie. AIM or MSN messenger. Most people don’t think twice before they click a random link and end up sorry for it. Most likely, your old college roomate really isn’t going to be the one sending you a “How much do you know about me” quiz or a “Click here to claim your prize!”

Remember these few simple tips and your PC will thank you!

Share on Facebook

We recently had a partner, Ryan Hickey from NSK and Associates, out at a client site to perform a presentation on the dangers of spyware, viruses, and other malware due to unchecked Internet usage.  A lot of small businesses have no active Internet browsing policies, leaving a lot of ambiguity on what users can or cannot visit as work-appropriate sites.  There are a lot of great tips that I wanted to share with you all. Feel free to pass this post on to your employees and co-workers.  Your bottom line will thank you.

Please consider yourself warned: Viruses and malware have such a huge negative effect on your productivity, and have real costs associated with troubleshooting, rebuilding, or replacing computers.

5 ways you can get viruses, spyware, malware, etc. from visiting the Internet:  How to protect yourself with common sense, and some general tips to tighten up your overall Internet security plan:

1.  Peer to peer networking sites

• Bit torrent, Kazaa, Limewire, and Sharezaa shouldn’t be used.
• Loaded with viruses and misleading content.
• Also, they have very little relevance in the business environment.

2.  Social Networking sites: Facebook and Myspace

• Automated malware attacks hit Facebook and Myspace constantly.
• Don’t blindly trust Facebook and Myspace as they are a great breeding ground for viruses and social engineering hacks.
• Be wary of fake profiles that send you messages asking you to click on them to “view videos” which prompts you to install “special software” to view them.
• There are Facebook applications that contain malware. Especially some that can tell you who has been visiting your profile.
• Unknown links can either download a virus right away or say something like your video player Adobe Flash is out of date and needs to be updated and that’s when the virus downloads.

3.  Web browsing

• Be careful about how far down a path you go, clicking on link after link
• Don’t download “smileys” or special “emoticons”
• A lot of websites have been set up by hackers to try to trick you to download things on your computer when you go to them
• Depending on your browser settings things may get automatically downloaded or it may ask you to install an update or active x control or something like that
• When possible, make sure you have the most updated web browser out there (not always possible when you have specific business software that needs an older browser like IE6 or 7)

4.  IM

• Don’t click on links in an IM from someone you don’t know
• If it is from a friend ask them if it is OK to open or try a different method to send it
• Don’t open attachments unless you know who it’s from and you are expecting it
• Don’t download applets when it asks you to view pictures, etc.

5.  Email

• Don’t click on a link if you don’t know the sender and the email is unsolicited.
• Don’t click on links from services you don’t recognize that want you to update your account info or verify membership or something.
• Don’t click on a link if you know the sender but the message is strange.
• Don’t open attachments unless you know who it’s from and you are expecting it
• Never open .exe or .scr attachments. Typical attachments are doc, xls, pdf, jpg.

General tips and friendly reminders:

• You have a lot of control over the safety and security of your computer
• Most viruses and malware need your help in getting installed
• Remember the “Trojan Horse” story?  That’s why some viruses are referred to as “Trojans.”
• Don’t believe everything you see in pop-up windows, especially offers to:
  • Optimize your computer
  • Protect your computer
  • Your computer is infected and you need Win Anti Spyware to clean it
  • These things will always download malware into your computer that will make it unusable, steal your information, use your computer to send spam, etc.
  • Hitting “cancel” on some popup windows is not enough. Sometimes the way it is worded will install the program if you click cancel.
  • Close it using red X in the top left corner of the window or going to Windows task manager (Ctrl-alt-del and click “Task Manager).

If you are unsure about doing something, call Everon right away. It is better to attempt to stop something before it gets into your computer than to have us try to remove it or have to rebuild your computer. The old saying “It’s better to be safe than sorry,” definitely should apply to computer usage, especially when you’re on the Internet.

Share on Facebook