Computer Internet network security News

Software trade group Business Software Alliance or BSA has revealed findings of its own study that found that for every 10 software products sold via the Internet, about four are pirated copies of original OEM software. The most usual victim of such piracy is of course, the most popular software in the world, the Microsoft OEM software.

To understand the real issue behind this, it would be appropriate if you would be refreshed about OEM. The word stands for ‘original equipment manufacturer’. OEM is a re-branded component of a computer unit you can visit www.viral-toolbar-builder.com you know for a fact that not all parts of a computer unit is designed and built by a single manufacturer. There are specific parts, like chips, memory, and drives that are made by third party firms.

For example, you are buying a computer unit made of maker A. because Microsoft is the most used and functional software, you will definitely opt to buy the computer if it already contains Microsoft software. That software is known as Microsoft OEM software. In other words, Microsoft OEM software is a computer program that is installed in a computer unit upon purchase by consumers.

Online scams

That is the main thrust for piracy concerns. Because computer manufacturers are always aiming to minimize their costs and maximize popularity and demand from consumers, they always aim to offer the best packages and deals to the market. What else can be better than selling computer units already installed with Microsoft OEM software?

As computer manufacturers find Microsoft OEM software online and elsewhere, they most likely encounter scam and fake copies of the software. Investigations have it that PC makers are not always to be blamed for their patronage of pirated Microsoft OEM software. Most of the time, several Microsoft OEM software packages available in the market look like original products, only to be found out eventually that they are not.

In fact, investigators are also most of the time deceived. They can attest that they, too, can be fooled by pirated Microsoft OEM software being distributed in the market. Perhaps, there must be more stringent and more particular rules and regulations that should be installed and established to regulate the rise of fake Microsoft OEM software.

Fake Microsoft OEM software in emails

The most common form of dissemination and circulation of pirated copies of Microsoft OEM software are through emails. For sure, you are familiar with spam emails. Such mails are proliferating in the emails of people around the world. Usually, headings and titles indicate cheap and marked down costs of particular Microsoft OEM software.

BSA asserts that as always, consumers are thrilled and deceived by cheaper and more affordable versions of products. In the case of software, consumers are more than anxious to secure cheaper installations of Microsoft OEM software, to be particular.

And why not?

Pirated Microsoft OEM software is very cheap. At the same time, they are coming in full and unlimited versions, making them more in-demand and highly attractive to buyers. If you would try buying the legitimate copies, you would notice that they are more expensive or visit www.text2speech-converter.com another setback is that despite the high tag prices, software copies are limited and are not in full versions.

Thus, when there is Microsoft OEM software that is in full and unlimited versions at lower prices, consumers would naturally come across to patronize the products. As for counterfeits against hoaxes and pirated versions, it is always hard to tell if a product is pirated or not. Most of the time, pirated Microsoft OEM software looks exactly the same as the original copies. The features are almost always the same and the overall packaging and functions bear no difference than the original versions.

About the Author: www.software-index-website.com

Microsoft security oem, pirate, Security software

Thanks for your article. Our team will review your post and will update it soon.

Computer security Systems

Moving files between computers on a floppy disk (the so-called “sneakernet”) is a thing of the past. If you have more than one computer in your home, you can share files across your home network. Shared folders from other computers appear in Windows Explorer just as if they were on the computer you’re using.

Sharing files is a two-step process:

1- Share a folder on the computer that stores your files. This step is described in Sharing files.

2- Create a connection to the shared folder on the computer that you want to use to open the files. You can connect to the shared folder in two ways:

3- You can directly open the shared folder. This is the quickest way to get to your shared files.

4- Click Start, and then click My Documents

5- Click the Tools menu, and then click Map Network Drive

6- In the Map Network Drive dialog box, click Browse

7- In the Browse For Folder dialog box, click the folder you want to connect to, and then click OK.

8- In the Map Network Drive dialog box, make a note of the drive letter shown, and then click Finish

9- If prompted, type your user name and password, and then click OK

10- Microsoft Windows XP will open a folder to your shared files. In the future, you can open the shared folder from My Computer by clicking the appropriate drive letter.

Networking security mapping, network drive

Introduction Most people have heard of software licensing and pay per view television, but possibly not connected it with a development in technology called Digital Rights Management (DRM). To understand what DRM is trying to achieve you first of all need to understand intellectual property. Intellectual property To understand digital rights you need to remember that books, plays, pictures, films and so on (including this paper) are subject to copyright or intellectual property rights. By international agreements such as the Berne Convention countries recognize these rights and provide a framework that allows copyright holders to have uniform rights in different countries and to be able to enforce them. Whenever you buy a book, hear a modern recording played on television or see a film a payment is being made to the copyright holders of the work. You will find significantly more detail on intellectual property rights (IPR) on the web site http://www.wipo.int/. The site provides a comprehensive information resource about the work of the World Intellectual Property Organization (WIPO). Now intellectual property rights were important in the book and film trades, but television, DVD, computer software and computer games have had such a significant effect on world trade that the World Trade Organization (WTO) has a special section of its activities devoted to dealing with intellectual property rights called Trade-Related aspects of Intellectual Property Rights (TRIPS) and more information on the world negotiations are at http://www.wto.org/english/tratop_e/trips_e/trips_e.htm. You can gather from this that several industries consider intellectual property to a very big deal indeed. Demand for digital rights management So now when we talk about digital rights management we are talking about works of intellectual property that are processed by digital computers (or even analogue ones). There are many many industries producing copyright works that are held on and processed by computers. That includes anything processing cassette tapes, VCR, CD-ROM, DVD, flash cards and so on. There are even laws that create rights in databases as collections of information. The copyright holders (owners) found that the original computer systems, broadcast television and cassette tapes, records and VCR machines made no attempt to stop people from copying their work and even selling it on with the owner getting paid the royalty that IPR law gave them. This started in the late 1980’s, and grew significantly with the introduction of music standards such as MP3 which did not prevent copying, but did make mass market copying very easy. Other owners selling ‘expensive’ works such as financial analyses of companies or markets found that people would purchase one copy and then make copies of it to pass on to their friends for free. When the reports were printed they were photocopied, but making them digital made the copying easier and faster. The IT industry saw a massive opportunity to be able to make significant amounts of money if they could find one or more ways to control what the person who had licensed a digital work (when you buy a book in theory you license it, and the same goes with a picture or a photograph) did with it.

DRM controls as against IT controls Obviously the things that you would want to control were any form of access and use, and particularly to prevent any attempt to remove the controls. So controls often provided are: – reading the item; – number of times; – start and end dates for reading; – printing the item; – at all; – poor quality printing; – number of copies; – altering the item; – changing information content; – removing copyright marks; – copying the item; – making copies others can use; – copying parts of the work; – taking screen dumps as copies; – running the item as a program; – running the item on one computer; – only allowing one user to run the item; – limiting the number of CPUs the item may use. These controls are a long way from the original IT type controls on files which (for those not instantly familiar with them) still are: – read; – write; – append; – delete; – execute. Now as you can see, it’s quite a different list of controls with quite a significant impact. DRM and charging mechanisms When DRM systems first came out there was a strong move to be able to license significant amounts of the information found on the Internet, and to charge for every conceivable use of an item, as well be able to pass on enforceable rights from one rights holder to another. Original owners were also to be recompensed through micro-payments mechanisms that would transfer their proportion due each time an aspect of their work was sold/licensed. This was proposed so that owners would receive an accurate payment for use. Did that make it work? Well, this is where the detail gets a bit more complicated. The only mechanism that computer systems have for enforcing controls when the computer operating system is not in control (which is almost all the time with the Internet) is encryption. If you don’t encrypt (make secret) the thing you are trying to protect then your (lack of) protection mechanism will soon be detected and either all the works you were trying to protect will suddenly become freely available on the web (as happens more often than you might think) or they will be shared amongst private groups of users freely.

Now encryption requires a number of disciplines if it is going to be successful. It also imposes quite an overhead on a system. For instance, whilst the user would not worry about the time it takes to decrypt a file (say a document, spreadsheet, .pdf file) because the amount of information is in reality quite small, but if they are waiting for the decryption of streaming video or voice the heavy encryption currently used can harm performance. Certainly the average DVD would not perform well using a PC to decrypt all its information using, say triple DES. Encryption also requires the control of cryptographic keys. Some people who have installed or re-installed Microsoft Windows will have typed in a long series of letters and numbers (a.k.a. a cryptographic key). But DRM system often require you to be in contact with a server that is monitoring user requests and comparing them with dynamically imposed controls (such as continuing to subscribe to a service). Cryptography allows strong controls, but it also imposes overheads and technical difficulties. The early DRM systems failed simply because they were too expensive for the amount of money they could reasonably collect. This idea of cost may sound rather strange, but the cost of mounting the servers, the processing overhead and the amount of connectivity required to operate those systems was simply too much compared to the amount of money they could realistically collect. Can you make it work? Cryptography can work effectively in a number of situations. But at the moment, micro-payments simply isn’t one of them. Using cryptography to control the actions of a user who has paid a substantial amount of money for the product will work where micro-payments will not. Cryptography will let you control a number of events. But it depends upon how effective your cryptography is. A number of disasters have already overtaken those who either chose to implement poor algorithms or failed to understand that you have to do something significantly better than password protection if you are going to protect something that has significant value for your business. It is not necessary for this paper to do more than state that many of the ‘industry standard’ solutions failed to recognize the real management issues of cryptography and therefore failed to provide the protection that they seemed to claim. Later solutions to DRM implementation have been more successful. Although it is fair to note that right owners need to think through what it is that they are licensing their customers for. And to make sure that their licensing is consistent with current international agreements. (Issues of international rights are the subject of a separate paper.) Moving forwards Decoupling DRM from micro-payments has enabled a more effective control suite to be provided that on the one hand supports industry objectives and on the other hand is acceptable to users. Users were not willing to work on the basis of micro-payments, but are more willing to buy a service that is delivered over a period of time. It seems, from current market feedback, that whilst users do not like restrictions on their ability to share information with others, and to have it locked down to a specific computer, they will accept those kinds of limitations. What they are not happy about are situations where they have to be online to remote servers before they are able to use information that, as far as they are concerned, they have purchased, and should be able to access at any time, and for all time. These requirements are at odds with the ideas of the ‘pay per view’ community from the record and film industries, who see a massive market opportunity if they can charge for each and every use of an item as against having sold it to a customer for permanent use. (In other words they may prefer the model of the DVD/Video shop to that of the customer buying a the item and being able to use it forever thereafter.)

Conclusion DRM offers industry information providers, which include the financial industries, analysts, consultants, programmers (applications, games) database owners and so on, as well as the record and film industries, with significant potential. DRM significantly extends the old IT controls and provides a much finer grained control over the ability of the user to make use of an item. Attempts to link finer grained control to micro-payments controls has not been successful so far, and may prove to be unattainable in the longer term because the cost of operating the mechanism exceeds the possible income per transaction. Speculation that web costs are zero may be correct for the end user, but studies have demonstrated that information service providers actually pay to have their information made available on the web. The correct mechanism to implement DRM will vary significantly with the delivery requirement. Services that require high speed decryption still need to be implemented in hardware if they are to work in an online situation. Realtime services can only be delivered using dedicated hardware, and owners requiring this service should be aware of this limitation.

Copyright digital right, digital right management, DRM security

The phishing activities has been increased and many of the financial institutions systems hit by the phishers this year. There is a need to curb these activities and do a deep research to overcome.

The financial sector’s increased reliance on the Web for the delivery of banking and finance services, has made it a prime target for phishers as few other industries can offer the same economic rewards it offers, according to a media statement released by Financial Insights.

While financial institutions have stepped up on their own security measures, cyber criminals have diverted their focus to customers. This trend has led regulators to take a more proactive stance on online security, noted Financial Insights.

Regulators in the Asia-Pacific region have since introduced rules aimed at tightening security loopholes that can be exploited. The Hong Kong Monetary Authority, for example, recently mandated the use of two-factor authentication for all high-risk Internet banking transactions.

Douglas A. Jaffe, associate director with Financial Insights, said: “The ability of criminals to rapidly circumvent new defensive measures should be of great concern to advocates of dual-factor authentication.

“However, an additional layer of protection, in conjunction with improved customer education and financial industry cooperation can be effective in helping improve security,” he said. “The growing influence of the Web means there really is no choice but to improve online security. How best to do this, however, is still open to debate.”

News financial institutions, phishers, web-security

Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks.

The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory.   The vulnerability is rated “critical” on Windows 2000, Windows XP and Windows Server 2003.

Microsoft said it was aware of “limited, targeted attacks attempting to exploit the vulnerability” but the company did not provide any clues about the origin of the attacks or the target that was hit.    There are no signs yet of public proof-of-concept code.

• The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
• Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

The vulnerable Windows Server service provides RPC support, file and print support, and named pipe sharing over the network. It is also used to allow the sharing of your local resources (such as disks and printers) so that other users on the network can access them.

Microsoft security critical worm, out-of-band patch, vulnerability

Getting Firefox installed on your computer is your first step to using it. The below reading will show you how to install Firefox on Linux.

Many Linux distributions include Firefox by default. Some distributions include IceWeasel, which is a version of Firefox with the Firefox trademarks removed.

Most Linux distributions have a package management system that lets you easily install Firefox. Generally, you should install from package management. Package management will:

• Ensure that you have all the required libraries
• Install Firefox in a way that works best with your distribution
• Create shortcuts to launch Firefox
• Make Firefox available to all users of your computer
• Make removing Firefox work the same as removing any other application

Package management also has some downsides:

• It may not give you the latest version of Firefox
• It may give you a version without Firefox branding

Linux security firefox, installing firefox, Linux security

AVG Internet Security is a software package for Microsoft Windows. It includes a firewall component, which controls which programs can access the outside world. If AVG Internet Security is not set to fully allow Firefox, Firefox will be unable to connect to web sites and may generate “Server not found” errors.

This article describes how to configure AVG Internet Security 8.0 to give Firefox access to the Internet.

1. If Firefox is open, close it by clicking File > Exit from the Firefox window’s menu bar.
2. Click the Windows Start button, then select All Programs > AVG 8.0 > AVG User Interface to open the AVG Internet Security Window.

1. In the AVG internet Security window’s menu bar, click Tools > Firewall settings to open the Firewall settings window.
2. In the section on the left side of the Firewall settings window, locate the Profiles item. Underneath Allow all and Block all there should be at least one profile (Standalone computer is an example of one created by default). Click the + next to this profile’s name.
3. In the expanded list for the selected profile, click the Applications item.
4. In the List of applications on the right side of the window, find Firefox and click on it to select it.
5. With Firefox selected, click Delete.

1. When prompted, click Yes to confirm the deletion of the rule.
2. Repeat the previous 5 steps for each profile listed underneath Allow All and Block all.
3. Click Apply at the bottom of the Firewall settings window, then click OK to close the Firewall settings window.
4. Click the X in the top-right corner of the AVG Internet Security window to close it.
5. Open Firefox. You will be prompted by the AVG Firewall Asks for Confirmation window. Click to place a check mark next to Save my answer as a permanent rule, and do not ask me next time and then click Allow for all.

Antivirus avg, firefox, Security-configuration

Symantec Corp.  today announced the 2008 North American Partner Award winners at Symantec Partner Engage 2008. The Symantec Partner Awards recognize channel leaders for their success in partnering with Symantec to help joint customers protect their information-driven businesses. These organizations have invested in expanding their knowledge of Symantec solutions to help customers effectively secure and manage the information that is critically important to their businesses. The winners of the 2008 Symantec Partner Awards are Consonus, Laurus Technologies, CMT, CDW, CDW-G and TeraMach.

Symantec developed the Partner Awards program to recognize industry leaders from around the world for their innovative use of technology in driving business value results. The winners were formally recognized by Randy Cochran, vice president, North American channel sales, Symantec, during his keynote on Thursday, Oct. 16.

“We work in an information-driven world and IT departments must have the confidence that they are able to secure and manage a growing amount of information and an increasingly complex infrastructure,” said Randy Cochran, vice president, North American channel sales, Symantec. “Our success is tied to the strength of the relationships we build with our customers and partners. The 2008 Channel Partner awards serve as a way to spotlight those partners who have clearly improved the customer’s experience by combining Symantec products with their own quality service.”

Partner Engage, Symantec’s annual partner conference, is being held Oct. 15-17 at the JW Marriott in Washington, D.C. At the event Symantec will address partners through various keynotes and breakout sessions on relevant topics including data protection, storage management and high availability, endpoint management and security, the Symantec partner program and sales and partnering strategies.

News awards, security partners, symantac

Microsoft Corp. has announced that it will start beta testing the next service pack update for Windows Vista in coming weeks.

The update release will be SP2 for Vista, the operating system which has started fairing well. Familiar sources cited that testers have received invitations to beta test Windows Vista Service Pack 2 (SP2).

In the forthcoming weeks, beta releases will be offered to invited testers, but not to the general public.

As of, service packs consist of collections of the patches, hotfixes and reliability updates released since the original edition of the operating system, or its last service pack, whichever came last.

On the same laegue, Vista SP2 will include Windows Search 4, Bluetooth 2.1 wireless support, and support for Via Technologies Inc.’s 64-bit processor. Currently, Via is best known for its C7 chip.

Windows Search 4.0 is the latest version of Microsoft’s desktop search engine, and was issued to current Vista users via Windows Update last July.

So far, the company has issued just one service pack for the operating system, SP1.

The company wants to issue the service pack before it releases Windows 7, Vista’s successor.

Lately, Microsoft announced “Windows 7” code name as official name for the upcoming operating system.

Macintosh security beta-testing, Microsoft security, service pack, vista

The Federal Trade Commission urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage.

“In fact, these messages may be from ‘phishers’ looking to use personal information — account numbers, passwords, Social Security numbers — to run up bills or commit other crimes in a consumer’s name,” the FTC said.

Security firm Arbor Networks details two recent malware attacks that try to trick recipients into opening an e-mail attachment. One e-mail, claiming to have been sent by the Federal Deposit Insurance Corp., warns recipients that their bank accounts were involved in fraudulent activity. The attached file, disguised as a written account of that activity, is in fact a program designed to swipe passwords from the victim’s PC.

Another e-mail making the rounds, according to Arbor senior security researcher Jose Nazario, appears to come from Wachovia, which is slated to be acquired by Wells Fargo. The message tells recipients they need to install a special security certificate into their Web browser in order to do online banking with the new institution. The attached cert in question is, of course, more malware.

Phishers also are capitalizing on the banking crisis. Phishtank.com, a community-based effort to verify and track phishing Web sites, found this recent phish, which tries to convince Citibank customers to enter their account details at a fake Citibank Web site. This cleverly worded phish promises customers concerned about keeping their assets in U.S. banks “the option to have your account moved on our servers abroad.”

Because we value you as our customer and share your concerns about your financial assets, we now offer you the option to have your account moved on our servers abroad. This will prevent any financial loss from your account in case the U.S. financial system collapses. This option is free of charge. After successfully completing the required steps, your account will be moved on our new servers located abroad. You won’t feel any negative impact of account movement and you won’t have any problems accessing your money from anywhere in the world.

No doubt, people who fall for this scam will have their funds transferred abroad: straight into bank accounts controlled by organized criminals.

I think it’s fair to assume we can expect attacks exploiting public concern over the banking sector to continue and even increase in their sophistication. Remember, not all e-mail-based phishing and malware attacks are alike: Scammers also are using very targeted techniques, addressing recipients by name and including other details that can increase the apparent authenticity of the come-ons.

Remember, never click on or open attachments in e-mails that you weren’t expecting, even if they appear to come from someone you know. Also, banks should never ask for any personal information via e-mail, and I’m not aware of a single legitimate instance of a bank asking customers to install anything on their computers.

More at Washington post

News hackers, Phishing, virus

There is an email making the rounds which appears to be from
“Microsoft Corporation Security Center” with a subject line of
“Internet Security Update”.

The email has an attachment which the email describes as being
the “1 Mar 2002 Cumulative Patch” for IE.  The attached file is
typically named “Q216309.exe”.

There is no such patch from Microsoft and furthermore,
Microsoft never emails its patches- they are posted to Microsoft’s
web pages.

The bogus email is actually the GIBE email worm.  The GIBE worm is
written in Visual Basic, and, if run, appears to be a valid install
of a patch from Microsoft.  GIBE, however, will email itself to
everyone in your address book and install a backdoor component on
your system which allows the virus writer to access your system
remotely.

1. Do not run the attached file
2. Delete the email

Because Windows/ME backs up system files, this virus may well be
backed up along with other system files and your antivirus software
will be unable to remove the virus unless you do the following:

1. Right click My Computer on the Desktop, and choose Properties.
2. Click the Performance Tab.
3. Click the File System button.
4. Click the Troubleshooting Tab.
5. Put a check mark next to “Disable System Restore”.
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
NOTE: The Restore Utility will now be disabled.
10. Restart the computer in Safe Mode.
11. Run a complete virus scan to delete all infected files, or browse
the file’s located in the C:\_Restore folder and remove the files.
12. After removing the virus files, restart the computer normally.
13. Re-enable the Restore Utility by doing steps 1-9 and on step 5
remove the check mark next to “Disable System Restore”.

If you need to manually remove the virus for some reason, you will
need to boot to pure DOS and delete the following files from your
Windows folder:

Q216309.exe – a copy of the file dropper
BcTool.exe – the mass-mailing component
WinNetw.exe – e-mail address searching component
GfxAcc.exe – backdoor component
Vtnmsccd.dll – a copy of a dropper
MSWinsck.ocx – standard Winsock library

The easiest way to boot to pure DOS would be to use a DOS boot
diskette.  Please note, that there are also registry entries that
the virus created.  If you are familiar with the REGEDIT tool and
confident in your ability to use it correctly, first backup your
registry and then perform the following steps:

1. Click the Start button, then “Run”
2. In the Run dialog box, type “regedit” and click OK.
3. In the Registry Editor, navigate to the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the following values:

LoadDBackUp C:\Windows\BcTool.exe
3Dfx Acc C:\Windows\GFXACC.exe

5. Next, navigate to the following key and delete it

HKEY_LOCAL_MACHINE\Software\AVTech

6. Close the Registry Editor and reboot your system

Windows security email work, phony email, virus