I am sick of Twitter, are you?

I have already mentioned at various forums that the online programs like Twitter, Facebook, etc were created to make money for those who introduced and marketed them. There is nothing wrong with it but how many similar web sites do we really need? There are several new applications AROUND the Twitter. Every one of them wants you to subscribe and login and multiple the number of users. Why? To sell the web site later! Who are those time-wasters beyond teenagers? You and me, and millions of others.

Imagine that there were no Twitter and similar web sites that grow like mushrooms after rain.
Would you really miss it? Maybe 5% of all Twitters would honestly say yes, but the majority including myself simply would not care.
People stopped to socialize personally. They use Facebook, MySpace, Craigslist, Twitter, Delicious, ...
I have counted more than 150 web sites, so far! There are probably more not listed on Wiki. Instead of meeting people personally, we are texting like crazy - everyone is super-busy to even look around - texting, texting, texting...
This is worse than swine flu. Maybe it is another, more crazy form of forgotten Usenet? I would call most of those web site social time-wasters. There are not so many that are truly useful.

I hope some day people will realize that it must be limited, and the identity theft that is a result of social networking can be stopped if people will stop posting full biography and personal data on the web sites and also will be more careful about infected web pages on social networking web sites that became simple target for malware creators/distributors.

Are you aware of the fact that there are many new social networking sites dedicated to hate, racism, anti-antisemitism, recruitment of Muslims for who knows what, hacking, and similar?
While we cannot simply stop it, we have to be at least aware of what's going on. Instead of endless texting just step aside and think for a moment about what's going with all of this craziness. Is it really useful for your life? Can you live without typing?!

There will be some folks that might disagree with me. OK, what's your take on it?

Why I use the VIPRE to protect my PC against malware

Following the news about a "pig virus" or "swine" as the media call it, I want to share my experience on protecting my home PCs against computer viruses and various spyware.

All of you use PCs on a daily basis and if you work for the company, it is not your headache to protect the end-user PC. Your headache is at home (PC or laptop).Since the viruses/spyware penetration level got to the degree when one anti-virus program installed on PC is ABSOLUTELY not enough, I usually recommend installing 3-4 programs.

• 1. Free ZoneAlarm Desktop Firewall


• 2. Free AVG Anti-virus software


• 3. Free SpyBot anti-spyware software


• 4. Free AdAware Personal anti-spyware and ad-watch software

Note the word "Free". Until recently, I was pretty much happy with it - what is better than free? The AVG Anti-virus program delivered great results by discovering the spyware like Trojans, key loggers, etc. I use the P-2-P networks as many of us (Torrents, eMule, and similar), browse hundreds of web sites, and download various small and large programs for testing/implementing. As you may guess, I am getting enough of "bad stuff" on my PC that must be cleaned every day.

How do I use all these programs? First of all, two programs are running permanently (Firewall and AVG). Also, I use the other 2 programs weekly to verify how good AVG on removing viruses/spyware. Of course, you have to be very careful about timely updates since the number of viruses/spyware is growing on a daily basis. So, the update check is setup on "every 4 hrs".

As my hard drive grows in capacity, the time to clean up that "bad stuff" is becoming an issue. My AVG Anti-virus program takes about 22-23 hrs to scan both of my drives taking often up to 95% of the CPU cycles and slowing down my PC to the degree that I have to pause the scan when I need to use the PC. I also want to mention that the sizable chunk of memory used by AVG is taken away from my applications.

Recently I got an e-mail from Sunbelt Software Company about their new and advanced product called VIPRE. This product has a combined protection: AntiVirus + AntiSpyware. Isn’t it a time to check what is better than AVG? I have downloaded the PC version of the software for one month of evaluation (try before buy).

To my absolute surprise, the very first time the software ran on my PC, it has discovered 11 spyware programs hidden on my hard drive (and it is after AVG + Spybot + AdAware said that everything is clean!). Needless to say, I have begun respecting this software from the first day. The fact is that it is amazingly FASTER than any other protection program I ever tried (Avast!, Kaspersky, McAfee, Symantec, etc) and takes less PC memory resources.

I am at this end of my evaluation, and I will buy this software without hesitation. I believe that $29.95 is justifiable spending to protect my PC against the "bad stuff".

I have restricted my wife against using the commonly used "social networking" web sites from the PC where she does an online banking to pay for our bills. Why did I do it? I spent totally 9 hrs to clean up her PC from multiple variations of spyware (in spite of installed AVG)!

The problem is that many known "good" web sites are the source of as we call it "malware" (or malicious software). The primary example is a Facebook, not to mention several others. The hackers inject malicious software into the known and respectable web sites such as business or entertainment sites. When you point your browser to one of infected web sites you automatically download the malicious software that silently does its damage. The Antivirus program itself cannot protect you against this type of infections even with a real-time monitoring mode enabled.

I am sure you heard about "confiker" virus (see my blog at http://securecyber.blogspot.com/2009/04/what-to-do-if-you-are-infected-with.html). The millions of PCs worldwide are infected with this virus. It may sit on a hard drive for a long time doing nothing, however, when the hackers want they may upload to your PC any other malicious program (such as password stealers, other viruses, spyware) using the confiker virus as a carrier. Total damage of confiker is already estimated by 9.1 billion dollars worldwide, and this is not the end.

I have compiled the page about VIPRE. You can find it here:

http://www.rtek2000.com/Tech/antivirus-vipre.html

Use it at your own discretion. My slogan is: "It's better to be cautious that sorry later".

Word of caution:
When you use multiple anti-malware programs, make sure they don’t conflict with each other. First of all, they may recognize the competing program as a malicious. Secondly, they often use the same areas of memory or control the same important files of your desktop operating system. If you do not temporary disable other anti-malicious programs while you ran the anti-virus or anti-spyware software your PC can be locked or even worse - the files will get corrupted.

If you want to install VIPRE, please UNINSTALL and REBOOT your PC or laptop before installation; and don’t forget to perform the regular backup of your important files (I hope you do it periodically, don’t you?).

What to do if you are infected with Confiker

Just to share waht I found:

1. Point your browser to Symantec.com or McAfee.com

If you are able to access the web site, your computer is probably not infected with Conficker as the worm blocks access to most security web sites. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies.

2. If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here: http://www.800-security.com/tech/FixConfiker.exe

Advice to Stay Safe from the Worm:

1. Run a good security suite (I just began using VIPRE from Sunbelt software, and very pleased with it).
2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
3. Don’t use “free” security scans that pop up on many web sites. Many of them are fake. In addition, some of them are using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. In accordance to some security pros, there is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
4. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
5. Be smarter with your passwords:

1. Change your passwords periodically
2. Use complex passwords – no simple names or words, use special characters and numbers
3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.


4. Use fingerprint readers (buy from Digital Persona - I love them). You can avoid typing (and any keylog software won't be able to capture it)


5. Use the multi-word passwords (for instance: "my buddies use rtek2000" or "security is not a measure but process"

Political correctness gone nuts!

Read the Washington Post Article here and leave your comments.

I can't stand it...

Phishing Guide

I thought you might be interested to read the new articles from PayPal on PHISHING and how to protect your identity and money.

https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/UnderstandPhishing-outside

Please read all 3 parts. The links to each next part are below the article. PayPal has done very good job on explaining the problem with plain English and nice illustrations. Don't miss it!

What's your plan on Windows 7 and new PC?

Several weeks ago, one of my customers that I am mostly volunteering (he is over 80) asked me to assist him in buying the new PC. He brought several brochures from HP and Dell. To my surprise, ALL of them where 64-bit systems. The surprise was unpleasant since I did not shop for the new PC for at least 2 years since I bought Dell 8400 with 3GHz processor. Why unpleasant? Did you try to install Office 2003 on 64-bit machine? How about a bunch of other applications that you get used to but CANNOT use with 64-bit hardware?

Do you see where I am pointing to? The PC manufacturers force the consumers to buy the 64-bit systems and, at the same time, force to update ALL applications, games, utilities because they are no longer compatible... What amazes me that I did not see the articles that scream aloud about this situation?

There were many discussions about reasons to skip an upgrade to Vista in favor of coming Windows 7, the newest Microsoft’s desktop OS coming in the beginning of 2010. I have contributed to several articles where I explained why I am NOT going to upgrade to Vista but what I would like to discuss is what to do with Windows XP now.

*** Windows 7 is being dubbed "Vista done right" ***

Plenty of sources have detailed the exciting changes that Microsoft is bringing to Windows 7, the successor to Vista. Microsoft heard the screams of PC users who said they hate Vista, and therefore the new version focuses on the user experience heavily.

Here is what I found on the net:
"While some of Microsoft's competitors focus first on flash, then on the underlying architecture, Microsoft took the reverse route this time. Now, at least, the roads come together. Windows 7 is sexy, usable, and streamlined. It was demonstrated on an ultra-lite computer with a 1GHz processor and 1GB of RAM... the OS can run in less than 512MB and boots up much faster. It's likely to have fast boot options that will provide functionality for watching DVDs or other media without requiring the full OS. And because Windows 7 is built on the same kernel as Vista, we won't suffer from vendors who leverage a Windows upgrade to obsolete their drivers and hardware… in other words, no compatibility problems. Thank goodness!" Check this out also:
http://www.wservernews.com/X9Q2B1/081103-Windows-7

At the same time, you know, I am happy about Windows 2008 server, and particularly, Windows Server 2008 R2 that is also on the horizon. It really makes sense to add the power to the servers. The updated version of Win2K8 R2 comes with significant improvements to virtualization and virtual machine (VM) management. What is interesting, this upgrade is 64-bit only (the fact is known since Microsoft did not make a secret from it). The new PowerShell 2.0 and the new PowerShell-based consoles will be added, including the Active Directory Administration Console. Check this out: http://www.wservernews.com/X9Q2B1/081103-SQL-Server-2008

*** Is it a Great Time to Buy a New Computer?!**

All the major vendors have just released brand new models based on the very latest, thinnest, most power-friendly Intel (and AMD) chipsets. New models offer more storage, better power utilization, and key new interfaces including eSATA. On the "high end", there are some laptops that even can edit High Definition video and burn it to a Blu-Ray disc. By the way, about the Blu-Ray. I see that it did not gain mainstream due to high cost of licensing for manufacturers and high retail cost.

How would you justify spending $150/$200 for a new player if you can buy pretty decent quality copies of HD movies that can be played on most of the DVD players? The market of Blu-Ray players is barely 4-5% of total market (and it is after defeating the HP with their own HD format!). I believe that the new format will be introduced by some of the known firms in the closest future.

Since Windows 7's hardware requirements might actually be lower than Vista's, the new PC 2010 could be a power horse.

I don't know about you but I am not going to upgrade my 3GHz system until Windows 7 (or whatever name it will have) will be available along with thousands of utilities and applications compatible with 64-bit system.

How about you?

3 new NIST documents

There were 3 new documents released by NIST - The US National Institute of Standards and Technology. One of them was related to the Bluetooth Security with suggestions on how to implement the Bluetooth technology securely. It will help those IT professionals who are responsible for Bluetooth communications. If you want to download it, here is the link:
http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf

The second document is a Technical Guide to Information Security Testing and Assessment. The finalized document provides a guidance to designing, conducting, and analyzing the data generated by those tests.
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

The 3rd document is just a draft, and at this momnet is not so significant (A Guide to Industrial Control Systems (ICS) Security.

DDoS attack from Russian hackers... again

1) http://blogs.zdnet.com/security/?p=1533&tag=nl.e550
2) http://www.telegraph.co.uk/news/worldnews/europe/georgia/2539157/Georgia-Russia-conducting-cyber-war.html

To confirm my point of view regarding Russian hackers and their employers, read the article above.
The actions described in the article are clear demonstration of knowledge in cyber security used to suppress the web site of a defined enemy (in this case, Georgia - former USSR republic). There are no doubts in my mind that it was pre-designed by the Russian Government. ShadowServer.org mentioned that there is no proof that the Russian Government was behind that attack. However, ask yourself why would you try to suppress the Georgian President's web site unless it's your enemy's web site?

As you can see, when the war began, all weapons in your dispositions are used. The cyber hacking or DoS attacks are the new battlefields, and it must be taken seriously.

Finally! Cheaters are punished... kind of...

Please read my comments below regarding this article from InfoWorld.

Microsoft sues site to stop certification test leaks

Microsoft claims Freetech Services was selling actual exam questions on its certification test help-site

* By Robert McMillan, IDG News Service
August 18, 2008 | http://www.infoworld.com/article/08/08/18/Microsoft_sues_site_to_stop_certification_test_leaks_1.html

A federal court in Connecticut has ordered a certification test help-site to stop publishing Microsoft-related materials after the software maker sued the company, claiming that it was selling actual certification exam questions.

In a preliminary injunction signed Thursday, U.S. District Court Judge Warren Eginton ordered Pass4sure.com and its parent company, Freetech Services, to stop distributing the materials.

Pass4sure sells "high quality IT exam practice questions and answers," according to its Web site. The company promises a full refund to anyone who does not pass an IT exam on their first try after using its testing engine.

However, Microsoft says that the company is selling actual exam answers. Company investigators downloaded the Pass4sure practice exams for a variety of tests in early May and found that they were "identical or substantially similar" to Microsoft's own certification exams, Microsoft said in court filings.

Pass4sure sells questions for many certification tests, including those offered by Cisco Systems, Oracle and IBM. The tests cost between about $80 and $125.

These kinds of professional certifications are an important measurement of professional advancement amongst IT professionals and can translate into bigger salaries for those who earn them.

Although Pass4sure no longer lists Microsoft tests on its Web site, cached pages linking to dozens of tests can be found on Google.com.

[My Comments] This company along with several others like TestKing are long due to panishing for unfair practice, stealing the revenue from competitors by engaging in the provocative Search Emgine Optimization technique (using the competitors products' keywords), cheating the Google and Yahoo with saturating their pages with hundreds of keywords related to their own products, selling the programs that repeat actual exams questions, and even selling the IT Certification certificates for a nominal fee. In order to stop their activity and bandit methods to conduct business, they have to be panished financially.

I can almost guarantee that they will announce a new web site under a new name and will do the same! Why am I so sure? They have already created the web sites with the Microsoft exams numbers as the domain names. All the links are being redirected to pass4sure.com and testking.com or testking.name (Example: www.640-802.net). I guess, Cisco must follow the Microsoft's steps.

My reply to the Article about CISSP certification

I posted the reply to the Article about CISSP certification http://www.tssci-security.com/archives/2008/06/19/rip-cissp/#comment-7927 at TS/SCI Security.

Well, I have written an article in 2002 when the certification craziness was in its highest spot (http://www.rtek2000.com/Good/Why_we_have_to_fight_with_hypes.pdf). If you spend 10 min to read the article you will understand my point regarding who particularly benefits from all 5000 existing certifications. It is still the case with some exceptions. I have been an employer and I am an employee, so I know both sides of job market. There are many cases when the certification is a big plus if you want to be hired for certain positions, and as much as I don't like certifications I have to admit that I have few including CISSP that I got last year.
While I was learning the material for about 4 months, I got my horizon expanded. I learned about risk management, disaster recovery strategies, and cryptography. I know for sure that I would never touch those topics otherwise. The CISSP certification is intended mostly for managers who plan the security and risk management within their firms. It is not in any way a substitution for hands-on experience. In fact (and many folks know it) the CISSP certification is about two inches in depth knowledge about 10 CBK domains but two miles wide (a little bit about everything). So, we are talking about generalists here, not hands-on professionals - if you are talking about hands-on knowledge, it has nothing to do with it.

Why it became a popular certification? Mostly due to the good marketing by the ISC(2) marketing team. They were able to penetrate the DoD to make CISSP a standard for any security professional. All other vendors including CompTIA failed to reach such a degree of popularity.
I passed the exam to prove something to myself, and currently I have no benefits of having it in addition to $500 exam, and $85 yearly fees. But you'd be surprised that my resume with the magic letters attracted many job recruiters. The CISSP certification may bring some benefits to job seekers.

Feel free to look for CISSP certification resources here: http://www.rtek2000.com/courses/CISSPresources.html