Many of you are endlessly entertained by the back-and-forth bickering between us storage vendors over things like benchmarks.
Sometimes the disagreement is over how the test was conducted, or the use of "lab queen" configurations that would never be found in a customer environment.
And, occasionally, there's very strong disagreement around comparing two very unlike things using a common standard. That's what this post is about.
Why should you care?
In a world of exploding data growth, massive scale and limited resources, how you do things may end up being more important than what you do.
I believe many IT architects will want to take note of this particular debate, because you'll be seeing ever-more variations of this same theme in the near future.
How This Came About
Nothing brings out the competitive nature of IT vendors more than benchmarks.
While I'm a general skeptic of many benchmarks, the SPEC tests (specifically the SPECsfs2008 NFS and CIFS workloads) are notable in that the SPEC organization has an ongoing process to ensure the workloads match those of the member organizations.
Put differently, you can't seriously claim the SPEC isn't "real world".
The testing methodology is difficult to game, although if you scrutinize some of the submissions you can see obvious signs of creativity here and there. For example, you'll sometimes see some vendors export only a small amount of the total capacity configured in an effort to goose the numbers. Or occasionally turn down the flush rate from write cache to persistent storage.
You know, stuff real users wouldn't do.
And, unlike most other benchmarks, most of us bigger vendors routinely make submissions.
There is no cost element defined for the equipment used in submitting SPEC tests, however. Another form of vendor creativity can result from assigning inflated prices to the other guy's gear, and then showing various per-unit comparisons in an effort to put their own results in a favorable light.
However, this sort of comparison is neither sanctioned nor condoned by the SPEC organizations. The SPECSFS test is sheer performance, plain and simple.
The Core Of The Current Debate
Simply put, there are two approaches to getting really good numbers from the SPEC tests.
One approach is to architect a single, scalable file system that goes really fast and scales linearly. Not many of these submissions, as you'll find.
A more common method is to aggregate multiple, independent file systems (using a global name space) to appear -- at least in some aspects -- as a single entity, although it clearly doesn't behave as one, as we'll see in a moment.
My point of view (as well as EMC's) is simple: since these two approaches are radically different in terms of user experience and administrative effort, they shouldn't be directly compared. Apples and oranges. At a very minimum, their inherent differences should be well understood by all.
I'll make my arguments here; you can draw your own conclusions.
Let's Start With A Traditional Single File System
Imagine, say, a single 16TB file system, sitting on a filer.
People start to use it, and -- eventually -- it either fills up, gets slow, or both. Before long, its time for more performance and/or more capacity. That usually means another controller or NAS head, in addition to more capacity.
You then acquire a separate device (array, NAS head, etc.) and add it to the configuration.
But you've got a new problem -- you now have to allocate the new capacity and/or performance amongst the people who need it. How many users and their data go to the first NAS device, and how many to the second?
You sit down, and do a static rationalization of what might go where in an ideal world. You copy a bunch of data around, and set up new mappings. Hopefully, you can do all of this without disrupting users.
But you're working with imprecise information; and of course there's absolutely no guarantee that all your users will continue to be nicely behaved in the future. For example, one set of users might grow faster in terms of capacity or performance than expected.
In a dynamic environment that's growing fast, that means you'll find yourself sitting down to perform this "analyze, recommend, migrate" loop more often. Fast forward: more independent filers get added over time. More capacity needs to be shoveled around from place to place, and it's now taking days instead of hours.
Users now start to notice that they can't use their data predictably. Storage admins find themselves pulling late nights and weekends to keep up with the growth. Over-provisioning performance and capacity quickly becomes a defense mechanism against having to move things around so often. Overall utilization of resources goes way down as a result.
What might have made sense at 10TB becomes painful at 100TB and downright unworkable at 1000TB.
To give users a simplified logical view, the filers will often aggregate their name spaces (a global name space) so the combination of multiple, independent file systems. But this ends up being nothing more than a layer of shrink-wrap film over a pallet of multiple containers.
You can call it one container, but it's patently obvious to all it's just an aggregation of much smaller containers.
Administrators still have to continually juggle what's in each file system container -- both from a performance and capacity perspective. And power users will often get involved in where their data physically resides -- simply because these capacity, performance and availability issues start to impact them as well.
Not a pretty sight. But it doesn't have to happen that way ...
Let's Start Again With A Scalable Single File System
.
Now let's go through this same scenario, but using a scalable single file system approach vs. valiantly attempting to aggregate multiple, independent file systems.
Our first 16TB file system goes in like before. But when the second one is needed for either capacity or performance reasons, the story changes considerably.
The additional unit is quickly configured, and the scalable file system software does any required balancing and/or data migration: transparently and in the background.
The administrator can stick around and watch this magic happen if they like; but once you'e seen it it's about as exciting as watching a washing machine go through its cycles.
A third unit gets added, and a fourth, and so on up to potentially very large numbers indeed.
Each time, the new resources are automatically integrated -- and all available performance and capacity is auto balanced with each new resource added. Data protection (locating portions on multiple nodes) is also adapted as well to the new resources.
Users see a single giant file system that's essentially "flat' in terms of performance and capacity. Administrators get to see one giant pool of self-administering, self-balancing and self-protecting resources.
No downtime, no drama.
And no need to over-provision as a defensive mechanism.
The level of effort -- and usability -- remains largely constant whether we're talking 10TB, 100TB, 1000TB or more. Capacity and performance scale; hassle doesn't.
You'll have to admit -- there is a meaningful difference between the two approaches.
This glaring and obvious difference has been validated in customer forums that I've been at. On one side of the room, large environments who use a single scalable file system approach. On the other, those using a more traditional approach of aggregating many, many smaller file systems.
Their worlds are very different indeed :)
In All Fairness
Competitors who only offer the traditional approach of aggregating smaller file systems using a global name space will claim that there are multiple ways of solving customer problems, and that every customer is different.
While it's hard to disagree with that sort of platitude, it's hard to imagine a scenario where the aggregated separate file systems approach would have any sort of decided advantage. I mean, how many use cases are there where user demands precisely orient around the capacity and performance of a traditional file system?
And, in all fairness, EMC's higher-end VNX products (such as the VG8) have long used this aggregated independent file system approach.
But, as many of you know, EMC's Isilon is different -- it creates a single, scalable file system over many nodes.
For those of us who are now familiar with both, the differences couldn't be more stark -- especially at scale.
The Magic Of Scale-Out
Compared to our competitors, I think EMC is quite fortunate to now have multiple scale-out technologies in our portfolio.
In addition to Isilon for scale-out file systems (NAS and CIFS), Greenplum (now augmented with Hadoop!) uses the same architectural style to achieve blazing performance coupled with cost-efficiency and administrative ease.
If you're into distributed object storage (e.g. cloud storage), Atmos uses a scale-out design to achieve the same results. And, if you're familiar with enterprise block storage at scale, well, that's a VMAX.
And, of course, VMware's products create scale-out clusters using cool technologies such as VMotion.
As just about any server admin will tell you, a shared pool of server resources that auto-balance is vastly preferable to isolated ones that don't :)
Many years back, we recognized that riding Intel's curve and building products that scaled out as well as up was going to be the architecture of the future: storage, database, servers and so on.
We've invested literally many billions of dollars in this one concept, and will continue to invest many more.
By this standard, many of our traditional competitors have some very serious work ahead of them.
All Is Fair In Benchmarks, Or Is It?
Perusing the various SPECsfs2008 NFS and CIFS submissions, you have to look carefully to determine whether the competing product simply aggregates multiple, independent file systems to achieve their results -- or creates a single, scalable file system to get the job done.
You won't see it in the inventory of the parts list. Nor can you spot it from configuration diagrams. Nor will the submitting vendors likely come forward at the outset and clearly state "hey, we achieved this result by aggregating 24 smaller file systems".
Your only clue is the subtle entry "file system type" which is intended to be only descriptive in nature.
Many will say "global name space". A few may say "single scalable file system".
Trust me, there is a difference.
By: Chuck Hollis
Wednesday, December 21, 2011
Tuesday, December 20, 2011
SMS Fraud on the Android Market
Thanks to Masaki Suenaga and Andy Xies for their analysis.
Following the tweet from our @threatintel Twitter account last night about malicious applications targeting users in European countries, Symantec Security Response has identified another group of fraudulent apps on the Android market, but this time under a different publisher ID. From our analysis the 11 newly discovered apps are published under the name “Miriada Production” and are identical to the apps published under the name “Logastrod”. These apps are capitalizing on popular game titles, and masquerade as these games, but in fact they just sends two texts to premium-rate, local SMS numbers in the country where the SIM card is registered. The app also prevents notifications from being displayed if the incoming text is from certain numbers.
Once notified of these apps by Symantec, Google acted promptly and removed them from the Android Market.
The malicious content in all the apps appears to be identical. This suggests both publishers took the malicious code from the same template, or, they are the same publisher using two different names.
By: Symantec Security Response
Following the tweet from our @threatintel Twitter account last night about malicious applications targeting users in European countries, Symantec Security Response has identified another group of fraudulent apps on the Android market, but this time under a different publisher ID. From our analysis the 11 newly discovered apps are published under the name “Miriada Production” and are identical to the apps published under the name “Logastrod”. These apps are capitalizing on popular game titles, and masquerade as these games, but in fact they just sends two texts to premium-rate, local SMS numbers in the country where the SIM card is registered. The app also prevents notifications from being displayed if the incoming text is from certain numbers.
Once notified of these apps by Symantec, Google acted promptly and removed them from the Android Market.
The malicious content in all the apps appears to be identical. This suggests both publishers took the malicious code from the same template, or, they are the same publisher using two different names.
Note, as with all Android applications, users must choose to allow the permissions requested by applications before they can be installed. Permissions are displayed by the Android operating system under broad headings that summarizes the implications of the permissions requested. For example the permission to allow an application to send SMS or MMS messages is organized under the easy to understand heading of “Services that costs you money”. Understanding these permissions can help users avoid applications which make unnecessary requests. In this particular instance, the applications ask for the permission to send SMS messages – a service that will cost you money (something users should think twice about before accepting and proceeding with the install).
Symantec customers are protected, since the apps are detected as Android.Rufraud.By: Symantec Security Response
Monday, December 19, 2011
Raising Kids In The Information Age
As adults, most of us are hard-wired to take parenting very seriously indeed.
Although the mission of raising kids hasn't really changed over the generations, the context certainly has.
The world is now a very different place when I was growing up. I'd like to be able to reach back into my own childhood experiences as source material for modern challenges; unfortunately, though, way too much has changed.
I find myself having to think hard and long about where the world is going, and how best to prepare my children to thrive in it.
Since many of you reading this are faced with similar tasks (or will be soon!) I thought I'd share a few aspects of how I'm trying to raise my kids in this new world.
Take this unsolicited advice with a grain of salt: every situation is different. And while there is no guarantee on how my kids will eventually turn out, I am rather pleased as to where they are in their journeys.
Early Access I've always had computers around me, and I've always had computers around my kids. Online connectivity was always seen as a basic necessity, even when it was 9600 baud through the house phone line.
I clearly remember my first child climbing up on my lap, banging on the keyboard, and squealing with glee when the computer beeped. That gave way to the inevitable kids games (Putt-Putt was a favorite back then), with progressively richer computer experiences as they grew up.
I now have a young niece, age 6. I recently splurged and bought her a basic iPad, loaded with fun games and semi-educational software. It is by far her most cherished possession. I'd like to think I'm giving her a leg up in the new world.
Competing With The Online World
If you're growing up in the modern era, it's all happening online.
That's where the cool content is, that's where your friends are, that's where your homework gets done, and so on. Much like Alice in Through The Looking Glass, the small screen is a portal into an endlessly fascinating and engaging world.
As a parent, I don't want to discourage that engagement, but I do know there are downsides as well.
First, I care about balance. I want them to have engaging and fascinating real-world experiences to balance their online ones.
Trying to limit their consumption of online experiences in hopes that they will seek out real-world ones wasn't as successful as I had hoped; I now realize I have to actively put interesting experieces in front of them that will tempt them away from the soft glow of their screens.
Second, I care about hygiene. There are corners of the digital world that are unsavory -- as there are parts of the physical world.
Rather than try and hide reality; my wife and I have spent serious time educating them about what's out there, how to recognize it, and what to do about it. From porn to perverts to malware -- it's all out there -- so our goal is to create kids who are digitally aware.
And, of course, their computers were always in a public place in our house; never in their rooms.
Third, I care about conduct. Of course, I want their online conduct to mirror real-world standards: be polite, watch your language, etc. It only took a few examples of us coming back to them with something they said or posted online to realize the internet was a very open place indeed :)
But it goes farther than that. My personal online experience has taught me that there are many people who tend use their keyboards instead of their therapists; I want my kids to spot these same behaviors, recognize them for what they are, and respond appropriately -- usually by ignoring them; or occasionally escalating if the abuse becomes serious.
Learning To Form Independent Opinions
Completing classwork was relatively straightforward in my day.
You went to the library, there were authoritative books, and your task was to assemble and regurgitate the content from those publications into your classwork. People largely believed what they were told by the mass media, the government, the church, etc.
But that's not the game anymore, is it?
As my children progressed in their classwork, they'd often encounter multiple perspectives online around the same topic or question. For me, that's when the real learning begins: learning to assess the context and perspective of various authors, assemble your own perspective, and be prepared to defend it.
Life rarely presents you with simple and obviously correct answers. Authority is a subjective concept in the modern world.
Of course, you sometimes have to defend your approach when their teachers occasionally disagree with their conclusions, and grade accordingly :)
This behavior has carried over into watching mass media. We'll be watching a "news" program, and they'll often spot the inherent bias. Or they'll be watching one of the many reality TV shows that seems to feature people who live their lives as train wrecks (Jersey Shore comes to mind), and roundly criticize the cast for their behavior.
I may not agree with all their opinions, but I do appreciate the fact that they have a brain, and aren't afraid to use it.
Education Matters
As parents, my wife and I assume responsibility for our kids' educations. The school does their part, we do ours. The local public schools were more than adequate at the outset, but as the kids got older the divergence between what the schools thought important and what we thought important tended to increase.
Over time, our kids ended up at a relatively modest Catholic school; not because we are Catholic, but we saw that the implicit moral code and sense of community made a big difference in their educational experience.
My wife and I also invested substantial time to stay current with their classwork and their social lives; problems inevitably will crop up, and they're always best addressed gently at the outset if humanly possible.
Don't worry if you feel you weren't paying attention in high school; you'll get a second chance at all those classes :)
Thinking about colleges and universities presents a new set of issues; there are clear choices to be made, they can be expensive choices, and the choices tend to matter over time. In my day, you selected a major (and a school) that tended to point you in a specific career direction: engineer, doctor, lawyer, business person, artist, etc. While that model can still work for some people; I believe that the really interesting careers are more likely when you attempt to blend multiple traditional disciplines.
Unfortunately, many higher educational institutions haven't fully embraced this notion yet, meaning that -- as a parent -- we have to collaborate with our children to maximize their educational experience in this newer paradigm, working within the constructs of the university, while at the same time acknowledging their individual preferences and inclinations.
It's a delicate and expensive balancing act, and I'm not sure we've quite mastered it yet, but we're certainly trying :)
In my ideal world, my kids would be certifiably "good" at one or two core disciplines, and then spend the rest of their time broadening their perspective: literature, political science, photography, languages, economics, archaeology ... whatever it might be, as long as it is clearly outside their core.
Occasionally, we're fortunate to take them outside of the US to get an up-close view of what goes on outside of this vast country -- and how Americans are often perceived from the outside.
The reason is simple, the world is a diverse place; and I want them to be exceedingly comfortable with all forms of diversity: cultural, intellectual, religious, political, etc.
Social Brand Matters
As part of my work at EMC, I have built a professional social brand. I have explained to my kids why I've done that, and why I think it will be more important to them in the future.
One promising development: my eldest daughter is in her final undergraduate year at the university; she continues to invest in her professional social brand, and she's seeing the powerful benefits result as she transitions from academia to the workforce.
My youngest daughter (the artist in the family) routinely posts her work in various online forums where she receives feedback from kids like her -- and gets to see what they're all doing. Peer review in the modern world :)
This, in particular, is a major departure from how things worked in my day. Yes, networking and being visible was important back then, but we now have access to tools and platforms that are orders-of-magnitude more powerful than before.
My message? Learn to use them -- they matter -- no matter your choice of profession.
Lifelong Learning Matters
Back in the day, the widely-held perspective was that you got your education, and you went off to work.
Clearly, that approach isn't going to work in the modern economy -- most of the jobs my kids will be applying for might not exist yet. And as our politicians struggle with "creating jobs", I have to wonder -- how much of the onus rests on us as individuals to keep our marketable portfolio of skills current and relevant?
As a society, we are awash in educational opportunities: both formal and informal. For example, I can easily keep up not only with topics relevant in my official role here at EMC, but with topics clearly out of the box: current economic thinking, cosmology, physics, biology, music, etc. -- anything that attracts my interest is out there for easy consumption -- if I want to consume.
The behavior I struggle to instill in my children is curiosity -- because it's that natural inquisitiveness that ultimately motivates us to seek out these conversations and dialogues, and thus continually enrich ourselves in the process.
Raise inherently curious kids -- and the rest will likely take care of itself. At least, I hope so :)
Relationships Matter
One of the incredible benefits of our information age is just how easy it is to stay in close contact with the people you care about.
Email, Skype, texting, Twitter, Facebook ... the mechanisms are simple to use and ubquitiously available. Yes, writing long letters is becoming a lost art, but the richness of communications can be exceptional.
From my younger kids simply texting "we got here OK" to my eldest daughter continually sharing links she finds interesting -- I never had this sort of close, intimate and constant communication with my family when I was younger. It was mostly extended (and expensive) phone calls back then :)
We are inherently social beings, and are at our happiest when we feel connected to others in a meaningful way.
Sure, raising your kids in the information age presents new challenges where there might not be the clearest guidance forward.
But it's pretty clear that we all now have the opportunity to stay connected with them and their lives in a way that wasn't possible before.
I'll take it.
By: Chuck Hollis
Although the mission of raising kids hasn't really changed over the generations, the context certainly has.
The world is now a very different place when I was growing up. I'd like to be able to reach back into my own childhood experiences as source material for modern challenges; unfortunately, though, way too much has changed.
I find myself having to think hard and long about where the world is going, and how best to prepare my children to thrive in it.
Since many of you reading this are faced with similar tasks (or will be soon!) I thought I'd share a few aspects of how I'm trying to raise my kids in this new world.
Take this unsolicited advice with a grain of salt: every situation is different. And while there is no guarantee on how my kids will eventually turn out, I am rather pleased as to where they are in their journeys.
Early Access I've always had computers around me, and I've always had computers around my kids. Online connectivity was always seen as a basic necessity, even when it was 9600 baud through the house phone line.
I clearly remember my first child climbing up on my lap, banging on the keyboard, and squealing with glee when the computer beeped. That gave way to the inevitable kids games (Putt-Putt was a favorite back then), with progressively richer computer experiences as they grew up.
I now have a young niece, age 6. I recently splurged and bought her a basic iPad, loaded with fun games and semi-educational software. It is by far her most cherished possession. I'd like to think I'm giving her a leg up in the new world.
Competing With The Online World
If you're growing up in the modern era, it's all happening online.
That's where the cool content is, that's where your friends are, that's where your homework gets done, and so on. Much like Alice in Through The Looking Glass, the small screen is a portal into an endlessly fascinating and engaging world.
As a parent, I don't want to discourage that engagement, but I do know there are downsides as well.
First, I care about balance. I want them to have engaging and fascinating real-world experiences to balance their online ones.
Trying to limit their consumption of online experiences in hopes that they will seek out real-world ones wasn't as successful as I had hoped; I now realize I have to actively put interesting experieces in front of them that will tempt them away from the soft glow of their screens.
Second, I care about hygiene. There are corners of the digital world that are unsavory -- as there are parts of the physical world.
Rather than try and hide reality; my wife and I have spent serious time educating them about what's out there, how to recognize it, and what to do about it. From porn to perverts to malware -- it's all out there -- so our goal is to create kids who are digitally aware.
And, of course, their computers were always in a public place in our house; never in their rooms.
Third, I care about conduct. Of course, I want their online conduct to mirror real-world standards: be polite, watch your language, etc. It only took a few examples of us coming back to them with something they said or posted online to realize the internet was a very open place indeed :)
But it goes farther than that. My personal online experience has taught me that there are many people who tend use their keyboards instead of their therapists; I want my kids to spot these same behaviors, recognize them for what they are, and respond appropriately -- usually by ignoring them; or occasionally escalating if the abuse becomes serious.
Learning To Form Independent Opinions
Completing classwork was relatively straightforward in my day.
You went to the library, there were authoritative books, and your task was to assemble and regurgitate the content from those publications into your classwork. People largely believed what they were told by the mass media, the government, the church, etc.
But that's not the game anymore, is it?
As my children progressed in their classwork, they'd often encounter multiple perspectives online around the same topic or question. For me, that's when the real learning begins: learning to assess the context and perspective of various authors, assemble your own perspective, and be prepared to defend it.
Life rarely presents you with simple and obviously correct answers. Authority is a subjective concept in the modern world.
Of course, you sometimes have to defend your approach when their teachers occasionally disagree with their conclusions, and grade accordingly :)
This behavior has carried over into watching mass media. We'll be watching a "news" program, and they'll often spot the inherent bias. Or they'll be watching one of the many reality TV shows that seems to feature people who live their lives as train wrecks (Jersey Shore comes to mind), and roundly criticize the cast for their behavior.
I may not agree with all their opinions, but I do appreciate the fact that they have a brain, and aren't afraid to use it.
Education Matters
As parents, my wife and I assume responsibility for our kids' educations. The school does their part, we do ours. The local public schools were more than adequate at the outset, but as the kids got older the divergence between what the schools thought important and what we thought important tended to increase.
Over time, our kids ended up at a relatively modest Catholic school; not because we are Catholic, but we saw that the implicit moral code and sense of community made a big difference in their educational experience.
My wife and I also invested substantial time to stay current with their classwork and their social lives; problems inevitably will crop up, and they're always best addressed gently at the outset if humanly possible.
Don't worry if you feel you weren't paying attention in high school; you'll get a second chance at all those classes :)
Thinking about colleges and universities presents a new set of issues; there are clear choices to be made, they can be expensive choices, and the choices tend to matter over time. In my day, you selected a major (and a school) that tended to point you in a specific career direction: engineer, doctor, lawyer, business person, artist, etc. While that model can still work for some people; I believe that the really interesting careers are more likely when you attempt to blend multiple traditional disciplines.
Unfortunately, many higher educational institutions haven't fully embraced this notion yet, meaning that -- as a parent -- we have to collaborate with our children to maximize their educational experience in this newer paradigm, working within the constructs of the university, while at the same time acknowledging their individual preferences and inclinations.
It's a delicate and expensive balancing act, and I'm not sure we've quite mastered it yet, but we're certainly trying :)
In my ideal world, my kids would be certifiably "good" at one or two core disciplines, and then spend the rest of their time broadening their perspective: literature, political science, photography, languages, economics, archaeology ... whatever it might be, as long as it is clearly outside their core.
Occasionally, we're fortunate to take them outside of the US to get an up-close view of what goes on outside of this vast country -- and how Americans are often perceived from the outside.
The reason is simple, the world is a diverse place; and I want them to be exceedingly comfortable with all forms of diversity: cultural, intellectual, religious, political, etc.
Social Brand Matters
As part of my work at EMC, I have built a professional social brand. I have explained to my kids why I've done that, and why I think it will be more important to them in the future.
One promising development: my eldest daughter is in her final undergraduate year at the university; she continues to invest in her professional social brand, and she's seeing the powerful benefits result as she transitions from academia to the workforce.
My youngest daughter (the artist in the family) routinely posts her work in various online forums where she receives feedback from kids like her -- and gets to see what they're all doing. Peer review in the modern world :)
This, in particular, is a major departure from how things worked in my day. Yes, networking and being visible was important back then, but we now have access to tools and platforms that are orders-of-magnitude more powerful than before.
My message? Learn to use them -- they matter -- no matter your choice of profession.
Lifelong Learning Matters
Back in the day, the widely-held perspective was that you got your education, and you went off to work.
Clearly, that approach isn't going to work in the modern economy -- most of the jobs my kids will be applying for might not exist yet. And as our politicians struggle with "creating jobs", I have to wonder -- how much of the onus rests on us as individuals to keep our marketable portfolio of skills current and relevant?
As a society, we are awash in educational opportunities: both formal and informal. For example, I can easily keep up not only with topics relevant in my official role here at EMC, but with topics clearly out of the box: current economic thinking, cosmology, physics, biology, music, etc. -- anything that attracts my interest is out there for easy consumption -- if I want to consume.
The behavior I struggle to instill in my children is curiosity -- because it's that natural inquisitiveness that ultimately motivates us to seek out these conversations and dialogues, and thus continually enrich ourselves in the process.
Raise inherently curious kids -- and the rest will likely take care of itself. At least, I hope so :)
Relationships Matter
One of the incredible benefits of our information age is just how easy it is to stay in close contact with the people you care about.
Email, Skype, texting, Twitter, Facebook ... the mechanisms are simple to use and ubquitiously available. Yes, writing long letters is becoming a lost art, but the richness of communications can be exceptional.
From my younger kids simply texting "we got here OK" to my eldest daughter continually sharing links she finds interesting -- I never had this sort of close, intimate and constant communication with my family when I was younger. It was mostly extended (and expensive) phone calls back then :)
We are inherently social beings, and are at our happiest when we feel connected to others in a meaningful way.
Sure, raising your kids in the information age presents new challenges where there might not be the clearest guidance forward.
But it's pretty clear that we all now have the opportunity to stay connected with them and their lives in a way that wasn't possible before.
I'll take it.
By: Chuck Hollis
Friday, December 16, 2011
The 6th Scam of Xmas – Mac Scams
For the sixth scam of Christmas, the criminals gave to me, Mac scams!
Many Mac users (I think) still do not think this affects them. However, Mac Malware increases by 10% every month. As I have said many times before, where the people go – criminals follow. Apple’s increase in market share has made them a target for scams and malware.
As with all scams, just a bit of education goes a long way to help spot these scams and not become the next victim. If you use a Mac, here is what you need to know:
Tips to Avoid Becoming a Victim:
1. Download Mac updates as soon as they’re available, so you’re protected from these latest threats.
2. Never download or click on anything from an unknown source.
3. When searching the web, use the safe search tool like McAfee SiteAdvisor®, which tells you if a site is safe to click on or not right in your search results.
4. Keep your computer safe by installing security software such as McAfee® Internet Security for Mac.
Tips on What to Do If You Have Become a Victim:
You’re a victim, now what?
1. Disconnect your computer from the Internet and run a full security scan.
2. Install the Mac update that locates and removes rogue antivirus programs as soon as it’s available.
3. If you have revealed your credit card or other banking information, immediately contact your financial institutions to notify them of the situation.
4. Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.
Here are a few posts I have written this year that go into more detail about the scams that target Mac users:
http://blogs.mcafee.com/consumer/cyber-security-mom/fourth-scam-of-xmas-fake-anti-virus-scareware
http://blogs.mcafee.com/consumer/fbi-warns-about-scareware-targets-distributors
http://blogs.mcafee.com/consumer/fake-antivirus-pop-ups-mac-edition
This holiday season, why not share the gift of knowledge and share these tips with your friends who use a Mac. Stay safe out there!
By: Tracy Mooney
Many Mac users (I think) still do not think this affects them. However, Mac Malware increases by 10% every month. As I have said many times before, where the people go – criminals follow. Apple’s increase in market share has made them a target for scams and malware.
As with all scams, just a bit of education goes a long way to help spot these scams and not become the next victim. If you use a Mac, here is what you need to know:
Tips to Avoid Becoming a Victim:
1. Download Mac updates as soon as they’re available, so you’re protected from these latest threats.
2. Never download or click on anything from an unknown source.
3. When searching the web, use the safe search tool like McAfee SiteAdvisor®, which tells you if a site is safe to click on or not right in your search results.
4. Keep your computer safe by installing security software such as McAfee® Internet Security for Mac.
Tips on What to Do If You Have Become a Victim:
You’re a victim, now what?
1. Disconnect your computer from the Internet and run a full security scan.
2. Install the Mac update that locates and removes rogue antivirus programs as soon as it’s available.
3. If you have revealed your credit card or other banking information, immediately contact your financial institutions to notify them of the situation.
4. Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.
Here are a few posts I have written this year that go into more detail about the scams that target Mac users:
http://blogs.mcafee.com/consumer/cyber-security-mom/fourth-scam-of-xmas-fake-anti-virus-scareware
http://blogs.mcafee.com/consumer/fbi-warns-about-scareware-targets-distributors
http://blogs.mcafee.com/consumer/fake-antivirus-pop-ups-mac-edition
This holiday season, why not share the gift of knowledge and share these tips with your friends who use a Mac. Stay safe out there!
By: Tracy Mooney
Thursday, December 15, 2011
All You Need To Know About Managed Services - Elements Magazine - Issue 004
The other day my son came to me and told me that I had to listen to a musicianʼs music because they were “sick.” Immediately, I thought how unfortunate it was that such a young and talented person be afflicted with an illness. Of course, my son corrected me, while making fun of my age, by explaining that “sick” meant they were really good and not dying of a horrible disease as I had first thought.
This made me think back to my childhood. The terms we used confused the adults, they were disconnected from our youth culture as well. Then I realized that youth culture, and culture in general, continually takes over words and phrases so that their meaning evolves.
The IT world is not unlike any other “scene” in the modern day. For example, we now speak of Cloud in passing conversation knowing exactly what it is and what its implications are. However, our parentʼs generation may have visions of us taking paper files and somehow launching them into the stratosphere, thus creating “storage in the cloud.”
My question is, how does one differentiate terms and their meanings if they evolve at such a fast rate? Look at the term “Hosted Services.” Can anyone in this day and age place a true meaning on the term? Or is this a term like “sick” that we all have to decipher? At Nitro, we obviously offer Hosted Services; some people might refer to it as Professional Services, and some people might not know what either term means.
Further, although we speak of “Hosted,” some people think of “Cloud” as we can store our files remotely.
In all, this issue outlines multiple aspects and meanings of the term Hosted Services. I encourage you to read these articles and determine their meaning for yourself. I also invite you to read about Nitroʼs Hosted Services as a comparative. At some point, perhaps we can all come to a conclusion as to what these terms mean to all of us.
Now, I must return to my youth-to-adult language dictionary to translate what my kids want for dinner.
Sincerely,
Larry Poirier
Chief Executive Officer
Nitro IT Business Solutions
+Read Elements Magazine
This made me think back to my childhood. The terms we used confused the adults, they were disconnected from our youth culture as well. Then I realized that youth culture, and culture in general, continually takes over words and phrases so that their meaning evolves.
The IT world is not unlike any other “scene” in the modern day. For example, we now speak of Cloud in passing conversation knowing exactly what it is and what its implications are. However, our parentʼs generation may have visions of us taking paper files and somehow launching them into the stratosphere, thus creating “storage in the cloud.”
My question is, how does one differentiate terms and their meanings if they evolve at such a fast rate? Look at the term “Hosted Services.” Can anyone in this day and age place a true meaning on the term? Or is this a term like “sick” that we all have to decipher? At Nitro, we obviously offer Hosted Services; some people might refer to it as Professional Services, and some people might not know what either term means.
Further, although we speak of “Hosted,” some people think of “Cloud” as we can store our files remotely.
In all, this issue outlines multiple aspects and meanings of the term Hosted Services. I encourage you to read these articles and determine their meaning for yourself. I also invite you to read about Nitroʼs Hosted Services as a comparative. At some point, perhaps we can all come to a conclusion as to what these terms mean to all of us.
Now, I must return to my youth-to-adult language dictionary to translate what my kids want for dinner.
Sincerely,
Larry Poirier
Chief Executive Officer
Nitro IT Business Solutions
+Read Elements Magazine
False Epidemic Alerts Spread Malicious Content
Spammers have used scare tactics in the past, notably during the swine flu outbreak in 2009. A similar spam campaign using scare tactics was observed during the weeks leading up to April 1, 2010 as an expansion of the Conficker worm with the possibility of a major threat launch. Overall, scare attacks are meant to cause panic reactions among recipients who may, out of fear, click malicious links or download and install malicious code. Similar approaches have been observed recently, this time with a false epidemic alert. In this spam campaign trumpeting false epidemic news, spammers try to infuse fear in users and encourage them to read instructions to remain safe from infection.
Sample email subjects suggest there is an epidemic in nearly all countries in the world. However, in individual messages they only mention a single country. The list of countries found in sample messages include countries from Afghanistan to Iceland, Philippines to United States. Sample email also list individual US States, such as Kansas, Colorado, Mississippi, New Jersey, Virginia, and Washington.
Subject: Fwd: Epidemic in Afghanistan
Subject: Fwd: Epidemic in Alaska
Subject: Fwd: Epidemic in Algeria
Subject: Fwd: Epidemic in Andorra
Subject: Fwd: Epidemic in Anguilla
Subject: Fwd: Epidemic in Afghanistan
Subject: Fwd: Epidemic in Alaska
Subject: Fwd: Epidemic in Algeria
Subject: Fwd: Epidemic in Andorra
Subject: Fwd: Epidemic in Anguilla
Subject: Fwd: Epidemic in Australia
Subject: Re: Epidemic in Portugal
Subject: Re: Epidemic in Saint Barthélemy
Subject: Re: Epidemic in Saint Helena, Ascension and Tristan da Cunha
Subject: Re: Epidemic in South Sudan
Subject: Re: Epidemic in Sweden
Subject: Re: Epidemic in Syria
Subject: Re: Epidemic in Taiwan
Subject: Re: Epidemic in Tennessee
Subject: Re: Epidemic in Togo
Subject: Re: Epidemic in Tonga
Subject: Re: Epidemic in Trinidad and Tobago
Subject: Re: Epidemic in Turkey
Subject: Re: Epidemic in Tuvalu
Subject: Re: Epidemic in United Arab Emirates
Subject: Re: Epidemic in Venezuela
Subject: Re: Epidemic in Vermont
Subject: Re: Epidemic in Washington
Subject: Re: Epidemic in Wisconsin
Subject: Fwd: Re: Epidemic in United States
The email body informs users that the government is hiding the epidemic news. If users want to benefit from instructions on how not to get infected, they need to click the link provided in the email. This link leads users to a malware site.
The malicious file downloaded is detected as Trojan.Malscript. These files exploit vulnerabilities and may perform heap spraying.
Email users need to be aware of such scare tactics and avoid panic. Do not believe email from unfamiliar senders. We also recommend users not click links in any message without first verifying the source of the email and, importantly, do not install software downloaded from the internet unless it has been scanned for viruses. Please make sure your virus definitions are updated regularly.
By: Mayur Kulkarni
Sample email subjects suggest there is an epidemic in nearly all countries in the world. However, in individual messages they only mention a single country. The list of countries found in sample messages include countries from Afghanistan to Iceland, Philippines to United States. Sample email also list individual US States, such as Kansas, Colorado, Mississippi, New Jersey, Virginia, and Washington.
Subject: Fwd: Epidemic in Afghanistan
Subject: Fwd: Epidemic in Alaska
Subject: Fwd: Epidemic in Algeria
Subject: Fwd: Epidemic in Andorra
Subject: Fwd: Epidemic in Anguilla
Subject: Fwd: Epidemic in Afghanistan
Subject: Fwd: Epidemic in Alaska
Subject: Fwd: Epidemic in Algeria
Subject: Fwd: Epidemic in Andorra
Subject: Fwd: Epidemic in Anguilla
Subject: Fwd: Epidemic in Australia
Subject: Re: Epidemic in Portugal
Subject: Re: Epidemic in Saint Barthélemy
Subject: Re: Epidemic in Saint Helena, Ascension and Tristan da Cunha
Subject: Re: Epidemic in South Sudan
Subject: Re: Epidemic in Sweden
Subject: Re: Epidemic in Syria
Subject: Re: Epidemic in Taiwan
Subject: Re: Epidemic in Tennessee
Subject: Re: Epidemic in Togo
Subject: Re: Epidemic in Tonga
Subject: Re: Epidemic in Trinidad and Tobago
Subject: Re: Epidemic in Turkey
Subject: Re: Epidemic in Tuvalu
Subject: Re: Epidemic in United Arab Emirates
Subject: Re: Epidemic in Venezuela
Subject: Re: Epidemic in Vermont
Subject: Re: Epidemic in Washington
Subject: Re: Epidemic in Wisconsin
Subject: Fwd: Re: Epidemic in United States
The email body informs users that the government is hiding the epidemic news. If users want to benefit from instructions on how not to get infected, they need to click the link provided in the email. This link leads users to a malware site.
The malicious file downloaded is detected as Trojan.Malscript. These files exploit vulnerabilities and may perform heap spraying.
Email users need to be aware of such scare tactics and avoid panic. Do not believe email from unfamiliar senders. We also recommend users not click links in any message without first verifying the source of the email and, importantly, do not install software downloaded from the internet unless it has been scanned for viruses. Please make sure your virus definitions are updated regularly.
By: Mayur Kulkarni
Wednesday, December 14, 2011
Public Sector Experts Weigh In on Virtual Desktops and the New Virtual Workspace
Have you ever sat in on a TelePresence meeting? It really makes you think about how technology can make distance disappear, and bring together people across a wide geography for the purpose of collaborating and sharing ideas. Such is the case with the National Townhall on Desktop Virtualization I participated in recently, along with VMware. Seven industry experts from seven US cities, discussing the impact or key learnings of implementing desktop virtualization in government, healthcare and education. I was joined by my colleague Chris Westphal of VMware, and our panelists, bringing firsthand experiences of their journey to desktop virtualization. If you want to attend the interactive webcast of this event, please click here – I think you’ll find it incrementally valuable if you’re on the verge of a pilot, proof of concept or just researching your options.
This experience reminded me of something important regarding the transformation of the user desktop as we know it. Immersive business video is increasingly becoming a modality of enterprise collaboration that workers will depend on to be productive. Consider the fact that ten people had meaningful discourse in this session, without any of them having to board a plane. IP telephony is the same – we can’t imagine a day without access to our phone. So when we talk about using virtual desktops making people more productive, and making business more agile, it makes total sense that we expect by extension of that premise, voice, video and virtual desktops to converge in a single workspace that’s accessible on any device, anywhere. We depend on all of these modalities to be effective, not just one.
Now back to the townhall itself… I won’t spoil it for you, since I really hope you’ll actually attend it and hear first-hand, but some consistent themes came up throughout the meeting that we can all learn from:
Our education sector panelists are striving to achieve a “borderless classroom” for not only K-12, but also higher ed, as well as students pursuing continuing professional education (ex: exec MBA programs). Being able to deliver an educational, media-rich workspace that’s accessible on any device, while un-tethering students from traditional PC lab environments is key to improving learning, while also attracting the best students at the higher ed and lucrative professional levels where students want to be able to place-shift their learning environment.
Our panelists from the Federal sector have been driving this technology for years… in the DoD, they face unique challenges in terms of coordinating resources across theaters, so providing universally accessible, secure workspaces for employees and contractors is key. Telework mandates and specific executive orders related to cost-efficient use of technology, coupled with the current budget crisis are all driving accelerated adoption of virtual workspaces. Additionally, many defense-related departments face increasing base closures and consolidation, that would normally have resulted in relocating employees, or extending commutes, or simply losing experienced talent altogether. Telework options built on workspace virtualization are providing a more attractive option.
State and local agencies with mobile field service personnel are reaping the benefits of being able to walk into any office or home with the device that best suits them, and get persistent access to their files and applications. They’re spending more time interviewing or delivering services to communities and constituents, and less time traveling to and from their physical brick-and-mortar office to update case files.
Doing more with what you got is also a consistent theme as our panelists shared their experiences of driving higher ratios of supported users, in some cases doubling the number of constituent users after having made the transition to virtual workspaces. Eliminating the “sneakernet” in K-12 environments also seemed to be a home-run, along with reaping considerable utility savings associated with lower power thin-clients in the classroom.
Security! This is implied just by nature of moving to virtual desktops right? In many respects yes, but in others, you may need to take a closer look. With the proliferation of BYOD and the myriad of possible user endpoints seeking to access network resources (not just virtual desktop services), our panelists felt there was a heightened need for being able to apply centralized management of device access/policy in this consumer-led movement that circumvents traditional IT control.
Even if you’re not in Public Sector, you might find the experiences shared valuable in shaping your own journey to implement virtual workspaces. Plan to join us on December 15th for an interactive, informative session! After attending, please weigh-in and share your thoughts here!
By: Tony Palikeday
This experience reminded me of something important regarding the transformation of the user desktop as we know it. Immersive business video is increasingly becoming a modality of enterprise collaboration that workers will depend on to be productive. Consider the fact that ten people had meaningful discourse in this session, without any of them having to board a plane. IP telephony is the same – we can’t imagine a day without access to our phone. So when we talk about using virtual desktops making people more productive, and making business more agile, it makes total sense that we expect by extension of that premise, voice, video and virtual desktops to converge in a single workspace that’s accessible on any device, anywhere. We depend on all of these modalities to be effective, not just one.
Now back to the townhall itself… I won’t spoil it for you, since I really hope you’ll actually attend it and hear first-hand, but some consistent themes came up throughout the meeting that we can all learn from:
Our education sector panelists are striving to achieve a “borderless classroom” for not only K-12, but also higher ed, as well as students pursuing continuing professional education (ex: exec MBA programs). Being able to deliver an educational, media-rich workspace that’s accessible on any device, while un-tethering students from traditional PC lab environments is key to improving learning, while also attracting the best students at the higher ed and lucrative professional levels where students want to be able to place-shift their learning environment.
Our panelists from the Federal sector have been driving this technology for years… in the DoD, they face unique challenges in terms of coordinating resources across theaters, so providing universally accessible, secure workspaces for employees and contractors is key. Telework mandates and specific executive orders related to cost-efficient use of technology, coupled with the current budget crisis are all driving accelerated adoption of virtual workspaces. Additionally, many defense-related departments face increasing base closures and consolidation, that would normally have resulted in relocating employees, or extending commutes, or simply losing experienced talent altogether. Telework options built on workspace virtualization are providing a more attractive option.
State and local agencies with mobile field service personnel are reaping the benefits of being able to walk into any office or home with the device that best suits them, and get persistent access to their files and applications. They’re spending more time interviewing or delivering services to communities and constituents, and less time traveling to and from their physical brick-and-mortar office to update case files.
Doing more with what you got is also a consistent theme as our panelists shared their experiences of driving higher ratios of supported users, in some cases doubling the number of constituent users after having made the transition to virtual workspaces. Eliminating the “sneakernet” in K-12 environments also seemed to be a home-run, along with reaping considerable utility savings associated with lower power thin-clients in the classroom.
Security! This is implied just by nature of moving to virtual desktops right? In many respects yes, but in others, you may need to take a closer look. With the proliferation of BYOD and the myriad of possible user endpoints seeking to access network resources (not just virtual desktop services), our panelists felt there was a heightened need for being able to apply centralized management of device access/policy in this consumer-led movement that circumvents traditional IT control.
Even if you’re not in Public Sector, you might find the experiences shared valuable in shaping your own journey to implement virtual workspaces. Plan to join us on December 15th for an interactive, informative session! After attending, please weigh-in and share your thoughts here!
By: Tony Palikeday
Tuesday, December 13, 2011
Securing New Digital Devices
Laptops, desktops, Macs, mobiles, and tablets are on many people’s wish lists this holiday season. Once these shiny new devices are connected to the Internet, they will be under siege by malware created by criminals in order to steal identities.
According to a recent McAfee survey, 60% of consumers now own at least three digital devices, and 25% own at least five. Cybercriminals are taking advantage of these new opportunities by widening their nets to target a variety of devices and platforms. McAfee Labs is reporting an increase in Mac and mobile malware, while PC threats also continue to escalate.
Mobiles: Mobile malware is on the rise, and Android is now the most targeted platform. Attacks aimed at the Android platform increased 76% from the first to second quarters of 2011. Malicious applications are a main threat area, so be careful of third party applications, and only download from a reputable app store. Read other users’ reviews and make sure you are aware of the access permissions being granted to each app.
Macs, iPads, and iPhones: Unfortunately, the popularity of Apple computers and devices has led to escalated threats. As of late 2010, there were 5,000 pieces of malware targeting the Mac platform, and they have been increasing at a rate of about 10% each month.
Since more threats are being aimed at this platform, consider installing security software for your Mac as a proactive measure. Check out Apple’s new iCloud service, which provides several tools for syncing, backing up, and securing data, and consider a product that offers remote locate, wipe, and restore features in case of loss.
Laptops and desktops: Your security software should include, at a minimum, antivirus software with cloud computing, a two-way firewall, anti-spyware, anti-phishing, and safe search capabilities. Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection to encrypt sensitive financial documents.
Gaming and entertainment devices: Remember that the Nintendo Wii and 3DS, PlayStation 3, and Xbox 360 are now Internet-connected, making them vulnerable to many of the same threats as PCs. To protect your investment, make reliable backup copies of your games. Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.
Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent, consider employing monitoring tools. Connect your device to secure Wi-Fi networks only, and don’t store personal information on your device.
Removable storage devices: Flash drives and portable hard drives require technologies to protect your data. Consider using a secure, encrypted USB stick, which scrambles your information to make it unreadable if your device is lost or stolen. Install security software that protects portable hard drives, and set a password. Since removable storage devices are small and easily stolen, you should not leave them unattended.
By: Robert Siciliano
Learn more tips from McAfee here: http://blogs.mcafee.com/consumer/securing-new-devices
Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)
According to a recent McAfee survey, 60% of consumers now own at least three digital devices, and 25% own at least five. Cybercriminals are taking advantage of these new opportunities by widening their nets to target a variety of devices and platforms. McAfee Labs is reporting an increase in Mac and mobile malware, while PC threats also continue to escalate.
Mobiles: Mobile malware is on the rise, and Android is now the most targeted platform. Attacks aimed at the Android platform increased 76% from the first to second quarters of 2011. Malicious applications are a main threat area, so be careful of third party applications, and only download from a reputable app store. Read other users’ reviews and make sure you are aware of the access permissions being granted to each app.
Macs, iPads, and iPhones: Unfortunately, the popularity of Apple computers and devices has led to escalated threats. As of late 2010, there were 5,000 pieces of malware targeting the Mac platform, and they have been increasing at a rate of about 10% each month.
Since more threats are being aimed at this platform, consider installing security software for your Mac as a proactive measure. Check out Apple’s new iCloud service, which provides several tools for syncing, backing up, and securing data, and consider a product that offers remote locate, wipe, and restore features in case of loss.
Laptops and desktops: Your security software should include, at a minimum, antivirus software with cloud computing, a two-way firewall, anti-spyware, anti-phishing, and safe search capabilities. Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection to encrypt sensitive financial documents.
Gaming and entertainment devices: Remember that the Nintendo Wii and 3DS, PlayStation 3, and Xbox 360 are now Internet-connected, making them vulnerable to many of the same threats as PCs. To protect your investment, make reliable backup copies of your games. Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.
Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent, consider employing monitoring tools. Connect your device to secure Wi-Fi networks only, and don’t store personal information on your device.
Removable storage devices: Flash drives and portable hard drives require technologies to protect your data. Consider using a secure, encrypted USB stick, which scrambles your information to make it unreadable if your device is lost or stolen. Install security software that protects portable hard drives, and set a password. Since removable storage devices are small and easily stolen, you should not leave them unattended.
By: Robert Siciliano
Learn more tips from McAfee here: http://blogs.mcafee.com/consumer/securing-new-devices
Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)
Monday, December 12, 2011
Six Ways To Protect Your Enterprise From Scams This Holiday Season
Holiday season is like any other time of year for IT security except moreso. Users shop, hunt for bargains, book travel, and check and manipulate their bank accounts a lot more than they do the rest of the year. They’re also often stressed and strapped for cash, so they’re more susceptible to phishing, fake promotions and discounts, and other tricks that grab personal financial information and inject malware into devices and networks. Check out McAfee’s 12 Scams of Christmas blog to learn about some of the more prevalent threats that emerge big time before and during the holiday season.
This is not only a threat to the online consumer, but, thanks to the consumerization of IT, to the enterprise as well. Users hunting for bargains and hitting social networks and personal email at the office or home put the network in danger of malware infection and data theft. Their devices can get infected at home and spread that infection across the enterprise the next time they connect. Those who tend to use the same password for everything can give hackers a way in to your company network to steal your company’s intellectual property.
Holiday season, or shortly before, is a good time reassess your corporate policy and security architectures and re-educate your staff about all the dangers out there. Some of the things to consider and reconsider are.
Passwords In addition to the usual password policies, users should know they should not use the same passwords for shopping, Web sites, and social networks that they use for work applications.
Smart Phones If your company embraces multiple smart phone platforms it’s time to reeducate users to their device theft, data theft, and malware hazards. This is particularly true for Google Android, which has seen a huge increase in malware in the past year. Users should know what and from where they’re permitted to download and should be trained to recognize signs of possible hazards, such as software that seeks permissions it doesn’t really need. Corporate data should by encrypted in transit and at rest. And consider implementing or updating a centralized mobile management solution.
Virtualization An effective way to bring in home laptops safely is to separate home and work applications, data, and other items into separate virtual machines so users can do what they want at home without worrying about affecting the work environment.
Endpoint and Gateway Protection Make sure they are installed, managed, and up to date to guard against the latest threats. An effective network access control (NAC) implementation will ensure that anything that connects to your network is up to date with the latest security patches and software.
Acceptable Use Policy and Enforcement Examine your company’s acceptable use policy to make sure it is up to date with the latest uses and threats and make sure you have the systems in place at the gateway and endpoint to enforce it.
Education Educate users to the latest scams, including phony bargain sites, e-cards, friend requests, charity solicitations, delivery service invoices, online job postings, auction sites, Christmas Carol lyrics, banking emails, mobile applications, antivirus scareware, holiday screensavers, etc. Start with the 12 Scams of Christmas and keep them up to date with the new scams that appear monthly or weekly so they know how to look out for them. Users should report any scams they discover and others should be alerted.
The moral: If it sounds too good to be true, it probably is.
By: Leon Erlanger
This is not only a threat to the online consumer, but, thanks to the consumerization of IT, to the enterprise as well. Users hunting for bargains and hitting social networks and personal email at the office or home put the network in danger of malware infection and data theft. Their devices can get infected at home and spread that infection across the enterprise the next time they connect. Those who tend to use the same password for everything can give hackers a way in to your company network to steal your company’s intellectual property.
Holiday season, or shortly before, is a good time reassess your corporate policy and security architectures and re-educate your staff about all the dangers out there. Some of the things to consider and reconsider are.
Passwords In addition to the usual password policies, users should know they should not use the same passwords for shopping, Web sites, and social networks that they use for work applications.
Smart Phones If your company embraces multiple smart phone platforms it’s time to reeducate users to their device theft, data theft, and malware hazards. This is particularly true for Google Android, which has seen a huge increase in malware in the past year. Users should know what and from where they’re permitted to download and should be trained to recognize signs of possible hazards, such as software that seeks permissions it doesn’t really need. Corporate data should by encrypted in transit and at rest. And consider implementing or updating a centralized mobile management solution.
Virtualization An effective way to bring in home laptops safely is to separate home and work applications, data, and other items into separate virtual machines so users can do what they want at home without worrying about affecting the work environment.
Endpoint and Gateway Protection Make sure they are installed, managed, and up to date to guard against the latest threats. An effective network access control (NAC) implementation will ensure that anything that connects to your network is up to date with the latest security patches and software.
Acceptable Use Policy and Enforcement Examine your company’s acceptable use policy to make sure it is up to date with the latest uses and threats and make sure you have the systems in place at the gateway and endpoint to enforce it.
Education Educate users to the latest scams, including phony bargain sites, e-cards, friend requests, charity solicitations, delivery service invoices, online job postings, auction sites, Christmas Carol lyrics, banking emails, mobile applications, antivirus scareware, holiday screensavers, etc. Start with the 12 Scams of Christmas and keep them up to date with the new scams that appear monthly or weekly so they know how to look out for them. Users should report any scams they discover and others should be alerted.
The moral: If it sounds too good to be true, it probably is.
By: Leon Erlanger
Friday, December 9, 2011
Fifth Scam Of Christmas, “Santa in 3-D”!
For the 5th Scam of Christmas, the criminals gave to me “SANTA IN 3-D”!
During the holidays, friends of mine are always willing to share the latest holiday cuteness via a forwarded email. I have to remain vigilant to be super careful what emails I open up this time of year. Holiday-themed ringtones, e-cards and screensavers can contain malicious code.
If you see email that seems to be from a friend, but it has misspelled words, or the message doesn’t seem like something your friend would say, be cautious. Often times scammers make the messages short and contain a link in the hopes that you will click on the link. That click can either download the malicious file to your computer or it will trick you into giving up your password so they can spam your friends with more of the same sneaky links.
Tips for avoiding this scam:
– Your first line of defense is a comprehensive security suite. Make sure it is set to update automatically so your computer remains protected from the very latest threats.
– Hover your mouse over links in emails and check the lower left corner of the screen for the actual link address. Avoid clicking on links that contain misspelled words or suspicious url’s.
– When searching for holiday freebies, use SiteAdvisor, McAfee’s free add-on that tells you the websites that are safe to visit.
Check out more tips at: http://mcaf.ee/6bh53
Stay safe out there!
By: Tracy Mooney
During the holidays, friends of mine are always willing to share the latest holiday cuteness via a forwarded email. I have to remain vigilant to be super careful what emails I open up this time of year. Holiday-themed ringtones, e-cards and screensavers can contain malicious code.
If you see email that seems to be from a friend, but it has misspelled words, or the message doesn’t seem like something your friend would say, be cautious. Often times scammers make the messages short and contain a link in the hopes that you will click on the link. That click can either download the malicious file to your computer or it will trick you into giving up your password so they can spam your friends with more of the same sneaky links.
Tips for avoiding this scam:
– Your first line of defense is a comprehensive security suite. Make sure it is set to update automatically so your computer remains protected from the very latest threats.
– Hover your mouse over links in emails and check the lower left corner of the screen for the actual link address. Avoid clicking on links that contain misspelled words or suspicious url’s.
– When searching for holiday freebies, use SiteAdvisor, McAfee’s free add-on that tells you the websites that are safe to visit.
Check out more tips at: http://mcaf.ee/6bh53
Stay safe out there!
By: Tracy Mooney
Thursday, December 8, 2011
Cybersecurity Is Material To The Business Says The SEC – Finally
The Securities and Exchange Commission’s Disclosure Guidance on Cybersecurity, issued on October 13, is another big step towards the widespread realization that for many organizations, IT and the business are one. More and more critical business processes are dependent on hardware and software and today a company’s worth is just as likely to be based on its intellectual property as its physical assets. Much of that intellectual property is under the trust of IT and can be stolen in a cyberattack.
Take a glance and the disclosure guidance may not seem that important at first, since it contains no new rules or regulations. Read it carefully and you’ll see that the SEC is sending a clear message that publicly traded companies can no longer pretend cyber attacks and vulnerabilities are immaterial to the business.
The guidance spells out several existing business disclosure requirements that should take cybersecurity into account:
Risk Factors Companies should disclose the risk of cybersecurity incidents if they are “among the most significant factors that make an investment in the company speculative or risky.” Disclosures may include the frequency and nature of prior incidents, the probability of future cyber incidents, all the potential costs and other consequences resulting from attacks, and even the adequacy of business’s current preventive actions. The guidance is pretty thorough, even spelling out less tangible financial costs of an attack that should be taken into account, such as lost revenue from unauthorized use of proprietary information, reputational damage, litigation, and failure to retain or attract customers.
Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) Companies should address cybersecurity risks and incidents if the cost or other consequences are likely to have a material effect on results of operations, liquidity or financial condition. Companies may be expected to describe the effects of an actual attack and the actual property that was stolen, as well as whether the impact changes the validity of already reported financial information.
Description of the Business Cybersecurity incidents should be reported if they materially affect a company’s products, services, customer or supplier relationships, or competitive position.
Legal Proceedings Companies should disclose the details of litigation resulting from cyber attacks, such as that resulting from theft of customer information.
Financial Statement Disclosures Companies should carefully consider whether cyber risks and incidents have a broad impact on their financial statements. Some things to take into account include the costs of preventing attacks, customer incentives after attacks, and losses from warranties, breaches of contract, and product recalls or replacement.
Disclosure Controls and Procedures Companies should disclose the impact of incidents on their ability to record, process, summarize, and report information required in SEC filings, if it’s significant, and consider whether existing disclosure controls and procedures have been rendered ineffective.
If you work for a public company you should take this guidance seriously. It’s likely that publicly traded companies will be expected to start reevaluating their cybersecurity practices and audits and become more proactive about disclosing cybersecurity vulnerabilities and attacks. If you haven’t yet incorporated IT security experts in your Risk Management teams, it’s probably time to start thinking about doing so. Even if there are no new regulations here, it’s likely that after a damaging cyber attack, questions will come up about adherence to the SEC’s guidance. You can also bet this is just the beginning of a progression of new legislation and regulatory action addressing the issue of cybersecurity’s impact on the business.
By: Leon Erlanger
Take a glance and the disclosure guidance may not seem that important at first, since it contains no new rules or regulations. Read it carefully and you’ll see that the SEC is sending a clear message that publicly traded companies can no longer pretend cyber attacks and vulnerabilities are immaterial to the business.
The guidance spells out several existing business disclosure requirements that should take cybersecurity into account:
Risk Factors Companies should disclose the risk of cybersecurity incidents if they are “among the most significant factors that make an investment in the company speculative or risky.” Disclosures may include the frequency and nature of prior incidents, the probability of future cyber incidents, all the potential costs and other consequences resulting from attacks, and even the adequacy of business’s current preventive actions. The guidance is pretty thorough, even spelling out less tangible financial costs of an attack that should be taken into account, such as lost revenue from unauthorized use of proprietary information, reputational damage, litigation, and failure to retain or attract customers.
Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) Companies should address cybersecurity risks and incidents if the cost or other consequences are likely to have a material effect on results of operations, liquidity or financial condition. Companies may be expected to describe the effects of an actual attack and the actual property that was stolen, as well as whether the impact changes the validity of already reported financial information.
Description of the Business Cybersecurity incidents should be reported if they materially affect a company’s products, services, customer or supplier relationships, or competitive position.
Legal Proceedings Companies should disclose the details of litigation resulting from cyber attacks, such as that resulting from theft of customer information.
Financial Statement Disclosures Companies should carefully consider whether cyber risks and incidents have a broad impact on their financial statements. Some things to take into account include the costs of preventing attacks, customer incentives after attacks, and losses from warranties, breaches of contract, and product recalls or replacement.
Disclosure Controls and Procedures Companies should disclose the impact of incidents on their ability to record, process, summarize, and report information required in SEC filings, if it’s significant, and consider whether existing disclosure controls and procedures have been rendered ineffective.
If you work for a public company you should take this guidance seriously. It’s likely that publicly traded companies will be expected to start reevaluating their cybersecurity practices and audits and become more proactive about disclosing cybersecurity vulnerabilities and attacks. If you haven’t yet incorporated IT security experts in your Risk Management teams, it’s probably time to start thinking about doing so. Even if there are no new regulations here, it’s likely that after a damaging cyber attack, questions will come up about adherence to the SEC’s guidance. You can also bet this is just the beginning of a progression of new legislation and regulatory action addressing the issue of cybersecurity’s impact on the business.
By: Leon Erlanger
Wednesday, December 7, 2011
Phishers Piggyback on Indian Websites
Contributors: Avdhoot Patil, Ayub Khan, and Dinesh Singh
Have Indian websites become a safe haven for phishers? To better understand, let’s explore how phishers create a phishing site. There are several strategies phishers frequently use: hosting their phishing site on a newly registered domain name, compromising a legitimate website and placing their phishing pages in them, or hosting their phishing site using a web hosting service.
Let’s now focus on the second method which involves the use of compromised legitimate websites.
From April, 2011, to October, 2011, about 0.4% of all phishing sites were hosted on compromised Indian websites. These compromised websites belonged to a wide range of categories but the most targeted was the education category which included websites of Indian schools, colleges, and other educational institutions. Symantec has previously reported on the websites of Indian educational institutions compromised by phishers. The education category consisted of 13% of compromised Indian websites. Some of the other top categories were information technology (11%), sales (9%), Web services (8%), and e-commerce (6%).
The existence of Indian phishing sites in the education category may not be alarming but phishers have exploited Indian websites owned by individuals and organizations across many disciplines:
The phishing sites hosted on these Indian websites spoofed a multitude of brands. The majority of these brands belonged to the banking sector (comprising about 68%). The e-commerce sector comprised about 22%, and information services 3%.
Internet users are advised to follow best practices to avoid phishing attacks:
Have Indian websites become a safe haven for phishers? To better understand, let’s explore how phishers create a phishing site. There are several strategies phishers frequently use: hosting their phishing site on a newly registered domain name, compromising a legitimate website and placing their phishing pages in them, or hosting their phishing site using a web hosting service.
Let’s now focus on the second method which involves the use of compromised legitimate websites.
From April, 2011, to October, 2011, about 0.4% of all phishing sites were hosted on compromised Indian websites. These compromised websites belonged to a wide range of categories but the most targeted was the education category which included websites of Indian schools, colleges, and other educational institutions. Symantec has previously reported on the websites of Indian educational institutions compromised by phishers. The education category consisted of 13% of compromised Indian websites. Some of the other top categories were information technology (11%), sales (9%), Web services (8%), and e-commerce (6%).
The existence of Indian phishing sites in the education category may not be alarming but phishers have exploited Indian websites owned by individuals and organizations across many disciplines:
The phishing sites hosted on these Indian websites spoofed a multitude of brands. The majority of these brands belonged to the banking sector (comprising about 68%). The e-commerce sector comprised about 22%, and information services 3%.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.
Tuesday, December 6, 2011
Fourth Scam of Xmas, Fake Anti-virus & Scareware
For the fourth scam of Christmas, the criminals gave to me… fake antivirus pop-ups scaring my family! I have had this scam hit my family twice. The last time, my husband accidentally clicked on what looked like a message that the computer had a virus and Bam! We got the scary blue screen.
These scams even target Mac users, so if you have any kind of computer, you need to keep a watchful eye out for this scam.
Scareware now makes up 25% of all malware. This scam has been used for a few years on PC users. A user is surfing the web when they get a pop-up message that says something like “you may have a virus”. You have no choice but to click on the pop-up when mayhem erupts! … in actuality, you just allowed a malicious program to download and run on your computer.
In the Mac version, Cyberscammers are placing links to fake antivirus software in online search results. They advertise programs with names like “Mac Defender,” “Mac Security” or “Mac Protector,” offering to safeguard your computer from online threats. But once you click on the link, it downloads malicious software onto your machine.
In the background, the program may open up pop-up windows, asking you to upgrade the software for a fee to remove non-existent threats. If you agree to “upgrade,” the cybercrooks get your money—often $50—and you get nothing in return. Or, it may open up pornography, or other undesirable websites.
To avoid this scam, follow these tips:
- Always have a legitimate copy of a comprehensive security software installed on your device
- Make sure that software is updated automatically
- Exercise caution when you click on links. Using software such as SiteAdvisor (www.siteadvisor.com) can help because it distinguishes between safe and risky websites
- ALWAYS exercise caution while clicking links in emails that look suspicious, even If they appear to come from a known contact
- Hover your mouse over links without clicking and look in lower left hand corner of the window to see the actual link address – avoid suspicious web addresses that contain misspelled words
- Hit alt + F4 to close the pop ups.
- If you think you clicked on a bad link, update your security software and run a scan.
For more information about this type of scam, see this post.
Stay tuned for the next Scam of Christmas and as always, stay safe out there!
By: Tracy Mooney
These scams even target Mac users, so if you have any kind of computer, you need to keep a watchful eye out for this scam.
Scareware now makes up 25% of all malware. This scam has been used for a few years on PC users. A user is surfing the web when they get a pop-up message that says something like “you may have a virus”. You have no choice but to click on the pop-up when mayhem erupts! … in actuality, you just allowed a malicious program to download and run on your computer.
In the Mac version, Cyberscammers are placing links to fake antivirus software in online search results. They advertise programs with names like “Mac Defender,” “Mac Security” or “Mac Protector,” offering to safeguard your computer from online threats. But once you click on the link, it downloads malicious software onto your machine.
In the background, the program may open up pop-up windows, asking you to upgrade the software for a fee to remove non-existent threats. If you agree to “upgrade,” the cybercrooks get your money—often $50—and you get nothing in return. Or, it may open up pornography, or other undesirable websites.
To avoid this scam, follow these tips:
- Always have a legitimate copy of a comprehensive security software installed on your device
- Make sure that software is updated automatically
- Exercise caution when you click on links. Using software such as SiteAdvisor (www.siteadvisor.com) can help because it distinguishes between safe and risky websites
- ALWAYS exercise caution while clicking links in emails that look suspicious, even If they appear to come from a known contact
- Hover your mouse over links without clicking and look in lower left hand corner of the window to see the actual link address – avoid suspicious web addresses that contain misspelled words
- Hit alt + F4 to close the pop ups.
- If you think you clicked on a bad link, update your security software and run a scan.
For more information about this type of scam, see this post.
Stay tuned for the next Scam of Christmas and as always, stay safe out there!
By: Tracy Mooney
Monday, December 5, 2011
Secure Mobile Shopping This Holiday Season
Mobile shopping isn’t something I ever thought I’d do. I mean, come on! Why in the world would I use a tiny screen to make big purchases that often require lots of research? But I have found that as I become more dependant on my mobile phone whenever I’m away from my home/office wireless connection, I also accomplish more menial tasks while waiting at a doctor’s office or airport, for example. Tools like the eBay app, Craigslist Pro, and savvy online retailers like Amazon have made mobile shopping simple and easy.
I’m not alone. The National Cyber Security Alliance and McAfee released a study showing that In the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.
While using a PC to shop online has risks, so does mobile shopping. Caution must be taken. Of those polled, 72% admit to having no security software at all. McAfee researchers found that new examples of mobile malware increased 46% from 2009 to 2010, and within the next one to two years, mobile malware is expected to affect more than one in 20 devices.
To stay safe while mobile shopping this holiday season:
1. Keep security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
3. Protect all devices that connect to the Internet. In addition to computers, smartphones, gaming systems, and other web-enabled devices also require virus and malware protection.
4. Plug USB drives and other external devices into your computer and scan them with your security software.
5. Know the seller before making a purchase. If a seller is unfamiliar, do research to see how they have been rated and reviewed before making your first purchase. This is a good idea even if you are a return customer, as reputations can change.
By: Robert Siciliano
I’m not alone. The National Cyber Security Alliance and McAfee released a study showing that In the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.
While using a PC to shop online has risks, so does mobile shopping. Caution must be taken. Of those polled, 72% admit to having no security software at all. McAfee researchers found that new examples of mobile malware increased 46% from 2009 to 2010, and within the next one to two years, mobile malware is expected to affect more than one in 20 devices.
To stay safe while mobile shopping this holiday season:
1. Keep security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
3. Protect all devices that connect to the Internet. In addition to computers, smartphones, gaming systems, and other web-enabled devices also require virus and malware protection.
4. Plug USB drives and other external devices into your computer and scan them with your security software.
5. Know the seller before making a purchase. If a seller is unfamiliar, do research to see how they have been rated and reviewed before making your first purchase. This is a good idea even if you are a return customer, as reputations can change.
By: Robert Siciliano
Friday, December 2, 2011
Chinese Phish Tastes Bitter With Prizes
Co-Author: Avdhoot Patil
Symantec is familiar with baits commonly used in Chinese phishing sites. A grand prize, for instance, is often used as phishing bait. This November, 2011, phishers continue with the same strategy by including a brand new iPad 2 for a prize. The phishing sites were hosted on a free webhosting site.
The phishing page spoofs the Chinese version of a social networking gaming application. What is most interesting about the phishing page is that it displays a warning for an incorrect password (in red) even before any user credentials are entered. The phishing site announces to users that all fields are required to be filled before proceeding to the lucky draw. Users are prompted to enter their email address, password, email password, and birth date. The phishing site then states the winning email addresses will be drawn and winners would receive an iPad 2 and prize money of 50 million dollars. Ironically, the phishing page wishes good luck to the user towards the bottom of the page. After a user enters their credentials, the phishing page redirects to a legitimate application page of the social networking site.
A similar phishing attack was observed later during the same month only this time the phishing site was in English. The difference in this particular phishing site from the previous example is that it declares the user as a winner in advance. An amount of 124 million dollars in poker chips is claimed as the prize money and the user is prompted to login to attain the prize. The same set of credentials were asked in this phishing site as well. At the bottom of the page, an iPad 2 is stated as a bonus gift in addition to the prize money. After the credentials are entered, the phishing page gives an error of incorrect password. Upon entering the credentials for the second time, the phishing page redirects to the legitimate application page. If users fell victim to these phishing sites, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
Symantec is familiar with baits commonly used in Chinese phishing sites. A grand prize, for instance, is often used as phishing bait. This November, 2011, phishers continue with the same strategy by including a brand new iPad 2 for a prize. The phishing sites were hosted on a free webhosting site.
The phishing page spoofs the Chinese version of a social networking gaming application. What is most interesting about the phishing page is that it displays a warning for an incorrect password (in red) even before any user credentials are entered. The phishing site announces to users that all fields are required to be filled before proceeding to the lucky draw. Users are prompted to enter their email address, password, email password, and birth date. The phishing site then states the winning email addresses will be drawn and winners would receive an iPad 2 and prize money of 50 million dollars. Ironically, the phishing page wishes good luck to the user towards the bottom of the page. After a user enters their credentials, the phishing page redirects to a legitimate application page of the social networking site.
A similar phishing attack was observed later during the same month only this time the phishing site was in English. The difference in this particular phishing site from the previous example is that it declares the user as a winner in advance. An amount of 124 million dollars in poker chips is claimed as the prize money and the user is prompted to login to attain the prize. The same set of credentials were asked in this phishing site as well. At the bottom of the page, an iPad 2 is stated as a bonus gift in addition to the prize money. After the credentials are entered, the phishing page gives an error of incorrect password. Upon entering the credentials for the second time, the phishing page redirects to the legitimate application page. If users fell victim to these phishing sites, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.
Thursday, December 1, 2011
Beware of Your Holiday Travel E-Ticket Confirmation
How does Symantec know it's the week of Thanksgiving? Because as the busiest travel day of the year day quickly approaches, the day just before Thanksgiving , there is a surge in fake email ticket confirmations that lead to viruses.
Here is what a fake airline message looks like:
If you inspect the HTML coding for this message carefully, you will notice a malicious link in the anchor tag:
This link redirects to a known malware-hosting site in Russia which previously hosted Trojan.Maljava. Trojan.Maljava is a detection name used by Symantec to identify malicious Java files that exploit one or more vulnerabilities, one of many threats awaiting an unsuspecting user.
So before you click through emails during the holiday rush, here are some best practices to protect yourself from these types of malicious email attacks:
Here is what a fake airline message looks like:
If you inspect the HTML coding for this message carefully, you will notice a malicious link in the anchor tag:
This link redirects to a known malware-hosting site in Russia which previously hosted Trojan.Maljava. Trojan.Maljava is a detection name used by Symantec to identify malicious Java files that exploit one or more vulnerabilities, one of many threats awaiting an unsuspecting user.
So before you click through emails during the holiday rush, here are some best practices to protect yourself from these types of malicious email attacks:
- Be selective about websites you give your email address to.
- Before entering personal or financial details online, ensure the website has SSL encryption (look for things like HTTPS, a padlock, or a green address bar).
- Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed websites. We suggest typing Web addresses directly into the browser rather than relying upon links within your messages.
- Do not open spam messages.
- Do not reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
- Do not open unknown email attachments. These attachments could compromise your computer.
- Always be sure that your operating system is up-to-date with the latest updates and use a comprehensive security suite. For details on Symantec’s offerings, visit http://www.symantec.com.
Subscribe to:
Posts (Atom)