How Much Security Do You Need?

Recently I received the following question from a reader: Hello Randy, I use Verizon Wireless  Broadband on my Vista OS laptop . For security I use NOD32 Anti Virus and Windows Firewall. Are these adequate or do I need any other security tools? The short answer is “I don’t know”. Why don’t I know? Because

Please do not change your password – The Boston Globe

I find it hard to not be shocked at a headline like this… Then I remembered the recent top cybercrime city survey conducted by one of our competing software vendors which had Boston ranked the SECOND HIGHEST risk city in the entire United States. I’m also not one to simply lie down and let cybercriminals

Facebook Newbie | Good Practices

Since our April ESET news has already been dominated by Facebook and Koobface an updated Facebook best practices wrapup seemed in order. Facebook Newbie? Read This First While most of us involved with this blog are old hands at implementing security, sometimes it’s hard for others to process the do’s and don’ts. Michelle Green contributed

HR 4061: What Three Bucks buys you…

According to the CBO report quoted in this graphic, three dollars from every citizen of the United States each year for four years is what the final cost will be. We’re talking about the amped up Cybersecurity Enhancement Act of 2010 (HR 4061) currently passed by the House of Representatives. This can easily be confused

Senate Bill 773: What it means for Cyber Security and Cybercrime

Allow me to frame the threat of cybercrime that we all face by quoting from Jeff Debrosse’s 2009 Cybersecurity Review white paper: Cybercriminals are global and often well organized. They are smaller and more maneuverable than most corporations. Some are sheltered by certain G8 economic countries’ policies and laws. Their thefts fuel their home country’s

AV Lingo, et al

A reader recently sent in a batch of questions that I thought might be of general interest.  I also invited other members of the Research team to chime in with their thoughts. Question 1- When it is critical to give a malware specific name? [David Harley answers…] For detection/remediation purposes, it isn't really necessary for

Too Many Chiefs and not Enough Indians

Ahhh that was a coworker’s favorite saying each time administrators would make idiotic decisions because they weren’t in the trenches to see the effects of their decisions. There is a result from the National Cyber Security Alliance survey that I find specifically interesting. First, let me preface this by saying the thing you learn most


The NCSA (National Cyber Security Alliance) just released the detail of a survey of educators and technologists concerning both cybersecurity and cyberethics education in the schools. Cyberethics is prevention. It attempts to decrease cybercrime by teaching that it really is still crime and not very nice.  Cybersecurity is teaching defense. If I covered the whole

Disinfecting Files

I received a couple of questions from a reader about cleaning files. I thought the topic might be of interest to more than the reader, so I decided to post and answer the questions here, as well as providing a bit more information. The first question is: When an AV cleans an infected file, why

Behavior Blockers, Immunizers, CRCs, and Active Monitors

I recently received a question at that I thought would be of general interest, so I am answering it here. Could you tell me what the differences among Behavior Blocker, Immunizers, CRCs, and Active monitors? Thanks. A behavior blocker is a type of program that prevents certain actions from being taken. A behavior blocker

Holiday Shopping Deadlines

In just a couple of weeks you will be out of time to shop online and have that gift delivered in time for the holiday. I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that


Kelly Jackson Higgins with Dark Reading reported that the anti-phishing technology on the iPhone is currently not working. You can read the article at The truth is that no anti-phishing technology is reliable. The technologies can help, sometimes significantly, but the most effective protection is an educated user. All of the technologies have failure

Armor for Social Butterflies

I was speaking with our friend David Perry at Trend Micro about the insecurity of social networking services and what steps users could take to strengthen their security online. In the course of our conversation, we came up with a list of simple steps you could take to better protect yourselves. Be careful about whom you

M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses

Turkish Delight (2)

This is part two of a recent email interview with a Turkish web site, with part one made available here for the benefit of those of us who don’t speak Turkish.  I’ve done a little editing on parts one and two, primarily for cosmetic reasons. Question (4): What the golden rules for using the Internet with

(User) Education, Education, Education

Regular readers will be aware that, unlike many people in the security industry, people in this research team tend to be enthusiastic supporters of security education for end users, both inside and outside business: not as The Answer To Everything, not in terms of turning everyone who uses the Internet into a security expert, but

Security Education

Here are one or two resources some of you might find useful and interesting. Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues "that can impact in the workplace". The free lessons

Securing Our eCity

San Diego is a great place to live in and visit. I grew up in San Diego and didn’t realize how good I had it until I moved to San Bernardino when I was 15.  What does this have to do with security? If you need an excuse for a trip to San Diego (or

After the Hype is Gone

We all have recently endured a week or so of extensive media hype about a worm called “Conficker”. Phrases such as “One of the worst viruses ever” and other such nonsense were tossed around like promises at a political rally, with about the same level of honesty and accuracy, perhaps even less. Conficker was already

Conficker Launches Cyber Attack Against Big Ben

In an apparent effort to cause British commuters to miss their trains, Chinese hackers have ordered the Conficker.C botnet to randomly change the time on the venerable and vulnerable Big Ben. This has caused millions of Londoners to be late for work this morning. Hey, this is no more ridiculous than trying to protect against

Follow us

Copyright © 2015 ESET, All Rights Reserved.