Resources

Yes. Your computer can download ActiveX controls without having to buy software. Products such as RegCure aren’t designed to assist in downloading ActiveX controls or other add-ins. Nor are they designed to analyze the safety of ActiveX controls. Rather, RegCure (and other registry cleaning utilities) is designed to clean up the registry in the aftermath of failed installations and un-installations as well as remove registry entries related to malicious programming such as when a malicious ActiveX control has been installed. These products also remove obsolete entries and more.

ActiveX controls are also called “add-ons.” They are small programs that are used in conjunction with your Web browser. In a perfect world, ActiveX programs would be safe to use every time. Unfortunately, ActiveX controls have been abused by advertisers and malware writers, making it necessary to take precautions.

Your computer’s Web browser comes with options for allowing or preventing the downloading of ActiveX controls. If you have Internet Explorer 7.0 (the process is similar for other versions), go into the Tools menu and choose Internet Options. Click on the Security tab and make sure the Internet icon is highlighted. What security level is your computer set on? Each level has difference allowances. For example, at “medium-high,” Internet Explorer is told not to download any unsigned ActiveX controls.

You can also click the Custom Level button and make your own security decisions regarding how ActiveX controls are handled. Scroll to the ActiveX Controls and Plug-ins section and make your decisions. Among the options are:

• Allow previously unused ActiveX controls to run without prompt
• Allow Scriptlets
• Automatic prompting for ActiveX controls
• Binary and script behaviors
• Download signed ActiveX controls
• Download unsigned ActiveX controls
• Run ActiveX controls and plug-ins
• Script ActiveX controls marked safe for scripting

Each of these options has choices such as enable, disable, or prompt. Prompting is a good compromise when you’re unsure what to do about your settings. By being prompted, you can evaluate the ActiveX control on a case-by-case basis. For example, if you trust the Web site and are prompted to download an ActiveX control, you can make an informed decision about whether or not to allow the download. Likewise, if you’re on a random Web site such as one you visited based on a link in a Spam e-mail message, you probably shouldn’t allow the download without further evaluation or research.

You can also remove ActiveX controls from within Internet Explorer. Go to the Tools menu and choose Manage Add-ons followed by Enable or Disable Add-ons. From there, you can disable or delete ActiveX controls.

 Remember the old cowboy movies where you could tell the good guys from the bad guys based on the color of their hats? The outlaw wore a black hat while the sheriff rode into town with a crisp white hat. Like the renegades of the Wild West, hackers have adopted the same symbols. So-called “black hat” hackers are the ones causing all the trouble while “white hat” hackers do their part to bring order to the Internet.

In order to beat hackers at their game, you’ve got to know the game. By learning how hackers exploit systems, you can implement blockades and secure perimeters. Ethical hackers learn hacking techniques in order to defend against them. In fact, Certified Ethical Hackers enroll in extensive training programs and pass a series of exams in order to earn this highly regarded credential. Most certification programs also require participants to sign an agreement that the hacking techniques they learn will be used for good, not harm.

What does this mean to regular computer users like you and me? Imagine two financial institutions, one that employs ethical hackers and one that doesn’t. The first institution regularly puts its defenses to the test and plugs exploitations discovered, making it harder for the black hat hackers to get in. The second institution does nothing and is an easy target for hackers.

While there’s no way for us to know which companies employ ethical hackers, it is reassuring knowing that information security professionals are on the job, valiantly fighting against the bad guys.

We can also take advantage of the progress made by ethical hackers by purchasing tools that have been developed to combat known threats. Critical tools include:

• Routers
• Firewalls
• Anti-virus software
• Anti-spyware software
• Anti-spam software
• Privacy control software
• Security software

In addition to installing and using products, we must also adopt safer computer habits including creating unique, hard-to-crack passwords, implementing security on wireless networks, recognizing scams and phishing attempts, using care with downloads and attachments, and never leaving our computer unguarded when amongst other people.

Just as a good detective tries to get inside a criminal’s mind in order to solve or prevent a crime, so too does an ethical hacker try to get inside a hacker’s mind. As a computer user, it doesn’t hurt to think like a hacker as you go about your computing business. Think like a hacker when creating passwords. How easy would a password like “1234″ be to crack? (Easy.) What about a password such as, “oNe#2#thRee#foUR”? (Hard.)

Think like a hacker when making an online purchase. How easy would it be to intercept your credit card information if the Web site is unsecured? (Easy.) How about if the Web site uses encryption? (Hard.)

Think like a hacker when strange or even legitimate-looking e-mail messages arrive in your Inbox. How easy would it be to copy a logo from a Web site and create a fake e-mail to trick you into revealing your account information? (Easy.)

Learn to think like a hacker and invest in the tools that ethical hackers have helped to develop and you’ll be far better protected against attacks.

 I’ve been using online banking for ten to fifteen years and have never had an issue. In fact, once you try online banking, you’ll never want to go back to the old way of banking. I have several bank accounts and only one of those has an actual bank building. While I like the service and rates that I receive from virtual banks, I do like having the option of going to a branch in an emergency.

However, even my brick and mortar bank offers online banking so I rarely need to go into the building. I pay all of my bills online as well as download all transactions into my computer banking software. I can transfer funds with a click of a button and schedule future transactions.

But, what about all of my personal information being sent across the airwaves and the Internet? Is it safe? I’m convinced of it. Besides, in my community, we have a row of banks along the interstate that are regularly robbed. By avoiding these banks, I’m reducing my risk of being caught in a bank robbery shootout!

The financial industry uses sophisticated tools and encryption to ensure the privacy and integrity of their customers’ data and transactions. If you’re considering online banking for the first time, take a look at your bank’s Web site and search for their privacy policy. This policy tells you exactly how they work to protect your personal information. For example, Bank of America has an entire section dedicated to Privacy and Security with policies as well as information on how to further protect your personal information.

Banks are implementing further security measures to prevent others from trying to crack your code. For example, ING Direct uses a visual keypad on the screen. Rather than keying in your code, which could be intercepted by keyloggers, you click the corresponding key. In addition, many sites, ING Direct included, use a “site key” or image that you preselect. If you visit the bank’s Web site and your image does not display, then you know that you have been redirected to an imposter’s web site.

Banks are also blocking out portions of your account number from view. This means that even if your computer falls into the wrong hands, the bad guys won’t necessarily be able to figure out your account number.

In addition, one-time passwords are becoming popular. For example, PayPal offers a “security key” which is a physical device that generates temporary passwords that can only be used with your account. Bank of America has a service where they send temporary passwords to your cell phone.

Financial institutions understand how critical security is and have made banking online safer than ever. You can even stop receiving paper bank statements in the mail, further reducing banking fraud.

Like all secure transactions, you should get in the habit of looking for signs that you are on an encrypted page such as the padlock symbol displayed in the status or address bar as well as the “https” prefix of the URL.

RSS (Really Simple Syndication) feeds have become increasingly popular in recent years. Through the use of a reader such as Google Reader, you can have content automatically delivered to you according to your preferences. Microsoft’s Windows Live Mail, which replaced Outlook Express, has a built-in RSS feed reader as well, making it easier than ever to subscribe to content. But are RSS feeds safe?

Depending on how many feeds you subscribe to, you can have hundreds of incoming feeds each day. While this is overwhelming on its own, you should be aware of the potential dangers that RSS feeds pose.

First, RSS collects content from a variety of Web sites and delivers it to subscribers. For example, you might subscribe to an RSS feed that delivers financial information to you. Rather than visiting your favorite financial Web sites each day, the RSS feed gathers the information and delivers it to your feed reader, personalized Web site, or e-mail inbox. The danger here is that the RSS feed could pick up comments left on source sites that contain malicious code. The RSS feed and related Web sites may be trusted but the comments section could pose a threat.

IT security experts caution that as RSS feeds become more popular, they’ll start to attract hackers. While as RSS becomes more prevalent, you can bet that hackers will begin exploiting the technology to their advantage.

Among the major security concerns surrounding RSS are feed manipulation with JavaScript or HTML tags, cross site scripting, cross site request forgery, SQL injection for RSS feed manipulation, and a lack of encryption. Hackers are highly skilled at bending technology to their will. Both server and client ends of the RSS feed chain can - and will - be exploited.

How do you protect yourself from malicious RSS content? Start by subscribing to trustworthy RSS sites but be aware that the content provided may not be completely trustworthy. User generated content can contain malicious code, even if the Web site is trustworthy. Next, arm your computer with real-time monitoring software to block malicious content when found. While anti-virus and anti-spyware applications can solve problems after the fact, those with real time monitoring will prevent the problems from occurring in the first place.

You’ll notice that Filetonic.com offers RSS feeds. For example, if you are interested in PC Performance and want to be alerted with recent Filetonic posts in this category, you can subscribe to the Filetonic Performance RSS feed. We review all comments before allowing them to be published, which prevents unwanted spam and malicious code.