To secure the user, there are alarms, laptop locks, stickers and labels that have been developed. Mere password locking is not sufficient to ensure data security. Full-disk encryption (FDE) is a widely used method to protect the laptop before the operating system starts up. FDE can be done by adopting a software-based approach or hardware-based approach or both.

Then there is the remote laptop security (RLS) with which access can be denied to a stolen laptop, thereby ensuring security of information. Also, there are programs that can be installed using which the owner of the stolen laptop can wipe financial or client-sensitive information from a remote location. There are also GPS tracking programs that can help to trace stolen laptops.

One of the smart things to do while traveling with laptops is to ensure that you have a back-up for everything you need and avoid accessing any financial information so that you do not leave a trail of your sensitive information.

However, there are doubts over the effectiveness of anti-theft measures that can prevent sensitive information from getting lost when a laptop is stolen. On both the Mac and PC, a laptop robber can get rid of many of the checks and balances that anti-theft and recovery software impose. The network connection can be turned off so you can never track the software’s location; the thief can even clear the hard disk.

If you are still keen to try out any recovery software, check out Undercover for the Mac (and iPhone). Nowadays it also comes with a WiFi-based positioning to help map where the stolen laptop may be possibly stored. Also, there’s the MacTrak software which transmits pictures and network with the help of e-mail or to a Flickr account.

For Windows, LoJack for laptops is popular. The software’s location can be traced via network connection daily. If the laptop is stolen, you can trace location changes every 15 minutes. You can also remotely wipe data.

Over and above the standard 30-day trial period, the Windows Secrets newsletter has listed the steps to add another 90 days of grace period. This means that for an entire 120-day period the operating system is not degraded and you get free, unrestricted access whether you are using Ultimate or the Basic.

Since it’s free, most users will rush for the topmost version, Ultimate, during the 120-day grace period. However, for regular use you may actually buy the Home Premium and not Ultimate. But here lies the catch. The Home Premium will refuse to activate if you’re having the Ultimate installed. This means that you’ve to go through a complete re-install for Windows 7 Home Premium. But there’s also an easier way out: Simply install Windows 7 Home Premium or Pro from a Windows 7 Ultimate CD.

You have to keep a few things in mind while installing Windows 7. In case you insert a DVD of Win7 Ultimate and run the installer, the Win7 Ultimate will be installed. However, you should delete the ei.cfg file to get to chose from Starter, Home Basic, Home Premium, Professional and Ultimate.

By now, although Microsoft has distributed a small number of copies of Windows 7, surely there are many more unlicensed copies of Windows 7 doing the rounds in the market before the official launch in October. But to protect your system, ensure that you download the licensed version from the authorised sites. Because the biggest player in the market has realized that the best way to beat the grey market is to extend the trial period of the licensed version.

Internet is a separate sphere, distinct from physical real world.  Liberal interpretation of existing laws of any country to apply to the cyberspace activities will be wrong as there will be vast difference between the physical and cyber worlds.  Any transaction that takes place through cyberspace should have legal sanctity for enforcement and without cyber laws this cannot be done.  In the absence of effective cyber laws, people will distrust Internet to the extent that e-commerce may become totally unviable which will be a disaster for the whole world.

Jurisdiction for application of the cyber law is a big issue.  For example, a single transaction through the Internet may involve laws of at least three jurisdictions, i.e. the laws of the county of the transaction initiator, the country hosting the server facilitating that transaction and the country of the other end-user.  These three different entities could be located in three different countries, e.g. a merchandise order placed from US through a server based in Brazil and executed from China; obviously, cyber laws of one country will have no jurisdiction on players in the other two countries.  Yet another scenario of lack of jurisdiction is that contents of a website could be legal in one country but illegal in another country, e.g. pornography.

Obviously there is need for cyber laws that can be applied to all players uniformly but this is easier said than done.  The next best approach then is for individual nations to enact their own cyber laws to regulate all actions on the Internet affecting their own population.  Additionally, nations could enter into multi-lateral international agreements to formulate uniform rules applicable to cyberspace activities.  There will also have to have an international organization that can formulate new rules and enforce those rules across countries.

The cyberspace growth has been phenomenon. The original inventors of Internet could not have imagined the scope and size of Internet as it is to today and ever growing without any stop! It is estimated that the Internet population is doubling roughly every 100 days!  Growth of Internet and its players will obviously give birth to ticklish issues needing resolution across borders.  Many countries have recognized the need for specific cyber laws and have enacted laws to suit their needs. The crying need of course is to have a common cyber law with jurisdiction across borders.

Recognizing the privacy concerns of mobile phone users, Latitude allows you to control your privacy as you wish.  In the privacy menu of Latitude, you can choose to detect and share your location automatically or manually set your location (you can even choose to enter a false location!), hide your location to all or a chosen few of your group, or completely turn off Latitude.  Another privacy control option allows you to decide how much details you want to share.  One can choose between no location data, city-level info or even a ‘best available’ data mode.

Google Latitude is not an auto detection add-on that lets anybody and everybody to track each other.  To let two individuals to track each other, both have to give consent to each other and also that both will have to be subscribers of the same mobile network. (This restriction may soon disappear, depending on how enthusiastically customers will receive this location based service.)  Invitations can be sent out through email or can be added through Gmail contacts.  Since privacy settings for each contact is individually set, one can always reconfigure the settings for each contact at will.

Google Latitude can be installed on mobile devices where Google Maps for mobile v3.0 and above is supported.  Some of the currently available devices are – Android-powered devices, BlackBerry devices, Windows Mobile 5.0 devices, Nokia smartphones, Symbian S60 devices, etc. Latitude is not presently available on iPhones but apparently Google is working on developing a version of Latitude for iPhones too. Google Latitude is now offered in 27 countries.

On the Latitude activated devices, the location detection and updating is done automatically in the background, letting your friends, who have permission to track your location , to update your progress constantly.  However, continuous location sharing involve high amount of data traffic, and therefore it is advisable to subscribe for unlimited data plan before Latitude is activated. Another concern is the expected high drain on your mobile battery, though no data on battery drain is as yet available.

BrightKite and Loopt are two similar services already in existence, and Google’s Latitude seems to be an attempt to beat the competition.  Both the BrightKite and Loopt have limited audiences currently and only time will tell whether Latitude can attract a wider customer base and become successful.

Google with its worldwide presence and muscle may be able to market Latitude much better.  However, the privacy concerns may be a daunting impediment to overcome for the desired penetration.  If you are able to willingly announce and share your location, it may also be possible for the crooks to ‘steal’ the information for their wicked activities.  So, the conservatives may decide to wait and watch, but the adventurous guys are welcome to jump in.

Cyber attacks on US companies are increasing despite the best efforts to deflect such attacks by the corporates.  GoDaddy.com, the well known domain name register and web hosting provider was hit by a distributed-denial-of-service (DDoS) attack recently, which affected thousands of hosting customers.  This was initially thought to be an ‘outage’, but later GoDaddy.com later admitted that it was a cyber attack.  Another attack reported was on the USAjobs.gov, website run by Monster.  About 146,000 users of the website had their personal information stolen, except social security numbers that were encrypted in the database. 

The US society is completely dependent on cyberspace, such as banking, investments, shopping, travel, utilities, news, work and personal communications, etc.  Even at the governmental level, all the various organs, organizations, utilities, etc. are dependent on their cyber networks for carrying out their mandated tasks.  Needless to say, such extensive and widespread use of cyberspace in US also provides opportunities for cyber attacks.  

Apparently, some three million attempts of infiltration into Pentagon computer networks are defeated almost on a daily basis. Despite such constant vigil, attacks do get in and paralyze networks. Only in November last Defense Department computers were compromised by attacks that originated from Russia which apparently affected computers in combat zones, especially in Iraq and Afghanistan. Such attacks highlight the increasing danger and potential importance of computer warfare.  

Cyber attacks can take many forms such as defacing a website, stealing valuable data or crippling a network controlling operations. These cyber attacks are targeted at corporate assets and services, such as web, email, database, etc., all of which contain corporate information and are used for e-commerce services.  These important applications can be bombarded with spurious service requests and the DDoS attacks will disrupt business with severe deficiencies in communications, transactions, productivity and profitability. Such attacks can cost the corporations significant amount of money in goods, reputation and time. 

Risk assessment is an important technique for information security.  It is also important to have formal policies and procedures to safeguard information.  However, such policies & procedures are non existent in many corporations, though the situation is changing slowly for the better.  Unconventional methods are also being used for obtaining cyber security.  For example, Microsoft hired hackers to test the Vista security.   

Cyber attacks are treated as serious federal crime in the US under the National Information Infrastructure Protection Act of 1996.  Conviction will result in imprisonment for a number of years and fine.  Not just US, several other nations have similar stringent laws.  However, detection and conviction is difficult as cyber attacks can come from across borders and with fictitious identities.  It is not expensive to organize and implement attacks by the criminals.  Cyber attacks as a means of crippling governments have not yet reached alarming proportions, but the prospect of such concerted and coordinated attacks in the future can not be wished away.  And the world community will have to put their heads together to come up with effective strategies to counter these malicious attacks.

It has been reported recently by RSA Security that there is a new form of phishing e-mail which purport to give a CNN news flash about an imminent ceasefire in Israel’s Gaza operation.  As CNN is one of the most widely watched and respected news channels, the recipient will be drawn to the news flash link.  However, if the embedded link is clicked on, the next screen will tell you to download Adobe Flash Player to view the page.  This Adobe Flash Player is not the real one; on the contrary, this is a ‘Trojan horse’ phishing program to steal the financial passwords and personal details stored in the computer.

The ingenuity of the fraudsters lie in using the attention grabbing current news flashes on world affairs and it emphasizes the view that these fraudsters are indeed evolving with the time.  The alert mails will carry different subject line phrases like “CNN.Com Daily Top 10″, “My  CNN Alert” or “CNN Alerts: Breaking News”.  These legitimate looking emails use the highly rated CNN as a hook to take advantage of the curiosity of the recipient and make him click on the link, only to be told to download a video codec (a malware) and if done so, ultimately infect the system.

Some time back there was another spam run which infected many systems with the ‘Storm’ worm.  In January 2007, scam emails made rounds carrying links purported to contain details of impending violent windstorms in northern Europe.  Storm worm was one of the most powerful pieces of malware ever written and many of the infected PCs are yet to be brought back to life.

These fake CNN alerts are apparently more successful than the one line spam messages in the recent past for the simple reason that the words CNN provide legitimacy to the message!  RSA Security has however indicated that these fake alerts may not last long as they have managed to successfully shut down the Chinese server which was hosting the fake web page.

So what should be done when such tempting invites are seen in your inbox?  Google advises that recipients should not to click on links or attachments in e-mails from unknown sources.  As a rule, one should open emails only from known contacts.  If you see such a CNN alert, check if you have subscribed to an online news alert recently. If not, there is every reason to suspect that the mail is a hoax.  Ideally, you should delete the mail immediately. If you are however eager to know the veracity of the news, you have the option to go to CNN website to search for the news.  These days, strict and careful vigilance is the only action that can prevent virus/malware attacks.

So, how do the hackers get into these wi-fi networks? Let us examine few security issues.

It is normal for all hardware items to be shipped with factory default settings.  The hackers are masters and they know what the hardware factory settings are.  So, usage of the network router with factory set defaults will leave a wide open unprotected door for the hackers to get in.  To protect yourself, the first thing you do before anything else is to change the administrative password of the router.  Administrative password is the master-key without which none can get inside.  The factory set administrative password is an open secret, so change it as soon as possible to have complete control of the network in your hands.  Password change procedure will be different from brand to brand, but if you make use of the installation CD that came with the hardware, you will be able to accomplish the change easily.

Hackers or mobile malicious code like botnet worms scan for unprotected wi-fi networks and systems and will choose anyone that appear to be an easy prey.  Most of the routers will provide an option for you to hide your SSID; so hide it.  Remember, if you are not seen, then you can not be touched!

In a wi-fi network all the information and data are exchanged through open air.  So, any one capable enough to snoop and collect information can do so pretty easy.  However, you can protect the information by using encryption.  There are two encryption standards available, i.e. WEP (Wireless Equivalent Protocol) and WPA (Wi-Fi Protected Access). WPA is the better one and has 2 settings – WPA Personal and WPA2 Personal.  Use WPA2 Personal, but make sure that your hardware and software support it.  (Windows Vista supports WPA2, but in XP you may need to download and install a Hot Fix from Microsoft.)

MAC (Media Access Control) address is another area where the hackers will find space to squeeze in.  Each and every piece of networking equipment has a unique MAC address.  You should note down the MAC address of all the hardware in your network (in command prompt, use ipconfig/all to get all the MAC addresses).  You can then feed these numbers under the “permit only” tab in the Wireless Network Access tab.  With such limited permission, any equipment not conforming to the ‘permit only’ MAC address will be blocked from entering your wi-fi network – obviously the hackers will be kept at bay!  (However, if your network must allow computers that keep changing, the MAC addresses also will need to change – for a huge network, this may be a difficult task to maintain.)

It is also a good practice to shut-down your network when not in use.  Turn it on only when you need it.  Keeping an unmonitored wi-fi network open all the time is inviting problems.  It was reported that during the recent Mumbai terror attack, the terrorists gate crashed unprotected wi-fi networks to send out messages.  Therefore, do what it takes to plug all loopholes to protect your wi-fi network.

There are two main reasons for the high number of viruses – many variants of the same virus make the combating ability of anti-virus programs difficult as they are developed to combat only against known infections, and not the different variants.  The second reason is that the security firms mainly concentrate on large scale outbreaks of attack and by making series of smaller outbreaks, some of the viruses get through unharmed and create havoc in numerous affected systems.

The methods of attack have also changed.  Previously, the common method was booby-trapped attachment to emails, which get activated the moment the email is opened.  Subject lines of these emails were provocative, pornographic or very personal, inducing the receiver to open the mail!  However in 2008, the method of attack took a new direction.  The virus developers started subverting web pages by inserting malicious programs.  The cyber criminals are able to send out spamming mails containing links to the compromised webpages and these webpages are able to decipher whether the visiting computer is a Mac or PC and then deliver the appropriate malicious malware to that computer. It is reported that by the end of 2008 there was a newly infected webpage almost every 4 seconds!

Wi-Fi enabled devices (Apple’s iPhone, iPod Touch, etc.) are also prone to hacker attacks and as the popularity of the wi-fi enabled devices grow the threats of attack will also increase.  Wi-fi devices are more personal and carry personal information, which is all the more attractive to the hackers to go for phishing and identity thefts from those devices.

It was reported that China was the biggest host of malware in 2007 (51.4%), followed by US, Russia, Ukraine and others.  There have also been open accusations by countries on origin of malware attacks though it is quite difficult to pinpoint a particular source.  Estonia blamed Moscow for a large-scale Distributed Denial-of-service attack in April 2007.  And in December 2007, M15 (British secret service) accused China of electronic espionage.

Hi-tech has acquired high level of sophistication in production of malwares.  Mebroot is a virus which sends out a report to its creators when it is detected and the creator promptly releases a new version of the virus with the bug fixed, making detection of the variant much more difficult.  In yet another method, hi-tech criminals have turned away from viruses to produce ‘security programs’ that look absolutely legitimate.  These programs, on installation, carry out a thorough scan of the computer and come up with a long list of spyware and malicious program on the system, which is actually a fake report.  Removal of these reported infections requires a fee, which is their way of making money!

Fortunately, in mid-December 2008, the US Federal Trade Commission got a restraint order to shut down several firms fleecing consumers from these ‘fake’ scare scams. Over five million people around the world have fallen prey to such scams in 2008.  Another success was closure of the US network firm McColo in mid-November, which saw a drastic reduction in spam volumes, but only for a temporary period!

Most of these malicious programs are targeted at the Windows PCs. Mac systems were not targeted because the criminals had a massive market in the Windows PC segment.  However, the criminals have started attacking the Mac systems too as they realized that identity theft from Mac systems is also extremely profitable!

Security threats are only going to get worse in 2009 and beyond. Too many hi-tech experts are losing jobs each day because of the current severe recession all over the world.  It is quite likely that a few of these experts may turn their attention to the cyber world menace of viruses, identity theft or hoax scareware programs to fleece the net users. They may even invent new ways of threats.  The impending catastrophe is exceedingly alarming and the battle of bad guys vs. the good guys is going to be fierce and never ending…..

Google Sandboxing or blacklisting is the act of lowering the web page ranking by Google.  The lower ranking makes it impossible for the web page to come on top in search result pages thus depriving it of visibility and visitors. Web site design experts say that Google accomplish this with the help of an alleged filter (Google vehemently deny existence of such a filter, though!), which considerably lower the page ranking of a website, resulting in blacklisting of the webpage.

Sandboxing can happen for various reasons.  Search engine optimizers manipulate listing requirements to get their web page on top of the search results, usually by creating a number of inbound links from other (possibly optimizers’ own) websites.  Excessive inbound links for a new web site listing are viewed suspiciously by Google as unnatural.

Another reason for Google blacklisting is spamming.  Spam websites use various tactics to reach the top of search results and make a killing on the hits by achieving heavy sales, before they are eventually detected and blacklisted.  Google’s extensive list of rules for web site owners specify what is and what is not acceptable.  Any violation, such as a SEO created deceptive or misleading content, of these rules will result in removal of the website from Google’s index. For example, some time before the website of the well known car manufacturer BMW was Google sandboxed (blacklisted), for unknown reasons.  So there is a need to be cautious about tactics used for SEO and there is reason to be afraid of Google sandboxing.       

If an excellent website is not seen in the top search result pages of Google, there is reason to suspect that the web site is in the Sandbox.  To know for sure, check if the web site has strong Google PageRank and good incoming links.  Do a search using secondary search phrases to see if it generates excellent results.  Finally if the site is still not found using the primary search phrases in Google search results pages, one can assume that the web site is in the Sandbox or blacklisted. 

A blacklisted website may stay in the sandbox for about three to six months depending on whether the search keywords are less competitive or hyper competitive respectively.  The average time in the sandbox for most search phrases is about three months.

The frustrating agony is that there is no easy way out of the hole.  Only time will heal the disease and the ‘probation’ period has to be endured before the website can come out.  Therefore, in the meantime, it is better to devote time and energy for improving your website (e.g. add more key words, make sure title tags matches the key words, add more links, etc.) and avoid all the (dirty?) tricks used previously to get up there.  However, once you are out of the box, you will find a quantum leap in the ranking and placement of your website in the search result pages.  

There also apparently exist a ‘reverse sandboxing’ by which a webpage rich in content but without any inbound links is given a higher ranking and pushed up in the search result pages, just as the prominent display of a ‘new release’ in a book store! This reverse sandboxing is pleasing if it is your website that is getting the treatment! But let us discuss more on that and other related issued in a later article…..

It is estimated that there are over a billion Windows users worldwide.  The number obviously speaks for its overwhelming popularity.  Windows 7 is developed on Windows Vista and will offer, when it is finally released in the marked, many improvements over Vista.  The emphasis, from what we glean from various sources, is on improving security, reliability and performance.  It will be fully compatible with the hardware, applications and device drivers of Windows Vista.  Windows 7 will also facilitate improved navigation and will offer a new taskbar and an efficient user interface so that all tasks are done with speed and ease.  Sharing of data among PCs and devices in home or office network and, with the help of Windows Live and Internet Explorer 8, staying in touch with your peers and clients will become extremely smooth routines.

Windows 7 will also help you derive more benefits from devices such as digital cameras, mobile phones and printers and the networked media devices will facilitate playing music, watching video or displaying photos far more smooth.  For developers, Windows 7 is expected to provide a solid platform for development of various next-generation solutions.

Another important feature of Windows 7 will be improved security enhancements.  It is understood that alerts from 10 different Windows features, including Security Center, Windows Defender and User Account Control (UAC), are consolidated into a single “Action Center”. The UAC is intended to inform the user about any ‘system-level’ changes made on the computer, such as a virus turning off the firewall or a rootkit stealthily taking over the machine. In Windows 7, the UAC has been redesigned to allow users adjust the behavior of alerts with a slider; for example, it is claimed by Microsoft that the user equipment will continue to be protected against malicious software, even if no fresh alerts are seen by the user.

Other security features of Windows 7 are the extension of BitLocker encryption support to removable media (USB thumb devices), facility to manage and control of biometric login data, and improved System Restore utility (which will warn the users what programs will disappear after restoration of the system to a specific restore point).  And surprisingly, Microsoft will also allow third party developers to disable part of Windows Firewall to be replaced by their own Firewall software.

Let us hope that Microsoft will able to deliver especially on the security features unlike the current version, which is extremely susceptible to security breaches; otherwise, the success of Windows7 will be too far off!