jump to navigation

Microsoft Releases Free Anti-Virus September 30, 2009

Posted by Nikk in Information Technology.
Tags: , , , ,
add a comment

ms

Microsoft Security Essentials is a free Anti Virus program which detects viruses, spyware, rootkits, and trojans.  The program runs on Windows XP, Vista, and Windows 7.  No registration or renewal, however  in order for it to work your PC must run genuine Windows.   Updates are published 3 times a day via Microsoft Update. There arent any management options so I don’t see it replaceing mainstream AV vendors in the corporate world.The focus of the product is more on the 50 to 60 percent of computer users who don’t have, or won’t pay for, antivirus protection.  After testing the product I found it to be fairly easy to use, intuitive, not very resource intensive and fairly effective.

 

Stats for 2008 on percent of market share:
Symantec 22%
McAfee   10.9%
Trend    7%
Others 60%

Download link here

Best Internet Browser? September 23, 2009

Posted by Nikk in Information Security, Information Technology.
Tags: , , , , , , ,
1 comment so far

ie

I’ve been using Internet Explorer, Firefox and Chrome for some time now. While each of them has some unique features, they all basically perform the same function, browsing the web. Since IE is the most prevalent internet browser in the world, 65% IE vs. 26% Firefox it only makes sense that the bad guys would try to exploit what is the most available. Clearly the search for the least amount of work vs. the most return is in play here.

In my experience any of the less used browsers will provide more “security through obscurity” levels of protection, which might work for a while, however not recommend. Since I do a lot of work in security I’m apt fire up Linux and use Konqueror for highly malicious sites as more exploits are written for a Windows type internet browser. While for day to day enterprise operations IE works just fine. In a recent study done by a third party vendor IE8 blocked eight of 10 of the malware-distributing sites, Mozilla’s Firefox 3 blocked 27% of the same sites. Chrome 2 blocked only 21%.

A question to pose is which version of IE you are using. If you’re using IE8 most of the new reports show IE8 to be the more secure. If you’re using IE6 or IE7 I’d say it’s time to upgrade. Ultimately following some industy best practices such as keeping your browser, OS, AV and antispyware up to date will help protect your system and to avoid unwanted payloads from malicious websites.

Need a Reason to switch to Windows 7? September 16, 2009

Posted by Nikk in Information Technology.
Tags: , , , , , , ,
add a comment

7 is like XP SP3 with all the nice bells and whistles of Vista running correct

compare-professional

I’ve been an avid Windows XP fan for years.  I’ve been one of those stalwart believers that felt  nothing could be better than XP and that Vista was just another incarnation of Windows ME.
I lobbied for an extension of support for XP and believed that XP was the only operating system I would ever need… Until Windows 7.   Im not saying that Windows 7 is the answer to my “Enterprise Woes”.  After all when you have 10’s of thousands of PC’s there are numerous things to take into consideration.  However for the home user 7 is a real improvement over XP and Vista.

A fast install & boot up time
Better control over the UAC (User Account Control)
BitLocker To Go for encryption of removable storage devices
Improved Performance:
It’s designed to sleep & resume quicker
Less memory intensive
Find USB devices faster

Improved networking
Better driver and program support
Revamping of classic applications like Calc, Paint and WordPad
It’s not Vista.

Windows 7 requirements

1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor
1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)
16 GB available hard disk space (32-bit) or 20 GB (64-bit)
DirectX 9 graphics device with WDDM 1.0 or higher driver

Approximately 175,000 laptops are lost each year in European airports May 22, 2009

Posted by Nikk in Information Security, Information Technology.
Tags: , , , , , , , ,
add a comment

Approximately 175,000 laptops are lost each year in European airports.  A large percent of those laptops contained confidential company information.  (The US reports over 600,000 lost per year)

  • Heathrow-900 a week
  • Amserdam-750 a week
  • Paris CDG-733 a week
                 Laptops lost per week in top 3 European airports

 

Laptop loss is a major issue for many organizations, whether you are talking about the data contained or the cost of replacing the physical asset.  FDE (Full Disk Encryption) will not solve the inventory management portion of this problem, but it could keep you from becoming the next data breech headline.  FDE could be part of the solution.

By adding FDE to your enterprise Defense in Depth infrastructure, your organization can mitigate some of the risk.  Container level encryption is also interesting, in an enterprise level environment but you need something more. Some would argue for container level encryption and that the average user should know and take responsibility for the data contained on their PC/Laptop, and to ensure its proper placement in an encrypted area of the HD. In a perfect world this is what would happen.  But how should a user be responsible for data classification?  I’ve yet to see more than a few industries that even have a data classification scheme let alone FDE or even container encryption.   I’m a firm believer in making sure that the users experience is as easy as possible.  A balance between strength of security and ease of use must, therefore, be sought. If you’re making your customers (users) life more complicated, it will make gaining their acceptance much more difficult. 

 Various regulatory requirements such as the EU Data Protection Act; SOX, PCI or numerous others “help” (these don’t always require encryption) to ensure that some type of protection is keeping the data safe and secure.  Now while FDE isn’t the answer to your midday prayers, it certainly adds a very real and affordable layer of protection.  For those who see key management as a potential obstacle, a modicum of forethought and a solid architecture will ensure success.  As is often the case, it’s not the technology itself which hinders the implementation; rather, it is building the process to support the technology which requires the most attention.

Link to comparison of disk encryption software