Archive for the 'Technology' Category

29
Jun

How to Stop Spam

Roughly 85% of all email received during the first quarter of 2010 was spam mail, according to a recent Kaspersky labs report.  Spam is a multi-billion dollar industry that costs businesses billions of dollars and causes great annoyance to millions of internet users.  Fortunately, there are many ways that businesses and ordinary citizens can fight the spread of spam and minimize its intrusion on commercial and personal internet activity.

Business Spam Solutions

Businesses concerned about spam and other computer-related security issues can choose between a large number of software and hardware solutions.  Leading the way for serious protection is Barracuda Networks, a business security firm that provides a large range of spam and virus firewalls that can handle anywhere from 10 to 100,000 users.  Barracuda firewalls can be clustered to support nearly any size of business.  Spam and virus definitions are updated hourly by Barracuda networks and automatically pushed out to customer firewalls.

Of course, hardware firewalls are not the cheapest security solution, particularly for small businesses.  Software-only solutions tend to be cheaper and often have per-desktop licensing to match smaller budgets.  Symantec Endpoint Protection Small Business Edition claims to block 99% of spam in addition to providing malware protection, disk-based recovery, antivirus and email encryption.  Corporate purchasing starts at 5 licences and can be purchased in exact denominations up to 1000.

Finally, services like Google’s Postini can filter spam for businesses (usually ISP’s) before reaching the local services.  Individual users can log directly into Postini using their regular email address and passwords to verify whether filtered mail should be sent through to the user’s inbox.

Consumer Spam Solutions

Quite often,  consumer spam solutions are based on the same technology as the corporate solutions.  For instance, Symantec’s Norton Internet Security is a personal product that offers much of the same security features (including antispam protection) as Protection Suite but at a more consumer-friendly price.  Competing commercial products include Kaspersky Internet Security 2010 3-User and ZoneAlarm Security Suite.

However, it’s the free solutions that many will opt for since many are available for non-commercial use.

>>Continue Reading Article

28
Mar

Using Firefox and Modify Headers Plugin to View Blocked Video Streams

The Internet has grown immensely as a source for favorite television shows. Much of this growth is due to the underground BitTorrent scene, where users can download and share entire seasons of both current and classic television shows. However, downloading copyrighted material often violates several copyright infringement bills – most notably the US-based Digital Millennium Copyright Act (DMCA). For the non tech-saavy and for those who do not wish to break the law, there are several network-based websites where viewers can legally watch the latest television shows, such as ABC’s Full Episodes website. Also, single TV shows like The Daily Show and The Colbert Report stream clips or full episodes on demand.

"The Daily Show" Website Blocks Video Streaming in Canada

Unfortunately, many of these shows are only available in the USA and only in some cases are the same programs available in other countries via alternative webistes. Similarly, the BBC does not allow its streaming video to be accessed outside the U.K. Even cyberspace can’t escape complicated licensing schemes, it seems.

Typically the response has been to resort to BitTorrent but there is a faster and slightly (though not necessarily entirely) more legal alternative.

Pre-Requisites

Make sure Firefox Web Browser is installed (version 1.0 – 3.6 acceptable)

Installing Modify Headers Plug-in

Open a new FireFox window and surf to the following URL:

https://addons.mozilla.org/en-US/firefox/addon/967

Download the Modify Headers plug-in for Firefox

Click on Add to Firefox

tv03

Click on Accept and Install

Installing Modify Headers Plugin for Firefox

If a software installation window pops up then click on the Install Now button

Installing Modify Headers Plugin for Firefox

Wait for the plugin installation to complete. Click on the Restart Firefox button


Using the Modified Headers Plugin to View Geographically-Blocked Video

Surf to the web page with the blocked video

Confirguing Modify Headers Plugin for Firefox

On the menu, select Tools –> Modify Headers

Confirguing Modify Headers Plugin for Firefox

If you are running the Modify Headers plug-in for the first time, enter the following text in the two text boxes at the top of the pop-up window:

First text box: X-Forwarded-For
Second text box: 12.13.14.15

Leave the third text box blank. Click on the Add button

Confirguing Modify Headers Plugin for Firefox

Ensure that there is a green dot next to the new header (signaling it is active)
LEAVE THE MODIFY HEADERS WINDOW OPEN
(alternatively, you could click on the Configuration and make sure Always On is checked; this way, the plugin is always active)

Confirguing Modify Headers Plugin for Firefox

Refresh the Firefox window containing the blocked media. The video should (hopefully) start to play properly.

Regards to Andy Mason, who created the original YouTube tutorial.

How Well does it Work?

The Modify Headers plug in is one of many methods that can be used to view geographically-blocked video. Modifying headers does not mask a user’s actual geographical origin and defeating this hack is mostly up to the developers on the streaming media servers. No one workaround is perfect and readers are encouraged to post their experiences using this workaround on various streaming sites (don’t forget to include your country). The following tests were conducted in Canada -

  • The Daily Show – Works like a charm. This show was used to develop both the original YouTube tutorial (tested in the UK) and this blog post
  • Hulu – Sends a strange message advising to check internet stream. It is a different message than the typical geographic restriction, so it might be related to my firewall.
  • Pandora – Does not work. Redirects to the same restriction notice.
  • ABC Full Episodes – Works
  • CBS HD Videos – Does not work
21
Mar

Bombshell McGee’s Facebook Fail

Tiger Woods is likely breathing sigh of relief as Sandra Bullock’s failing marriage quickly overtakes his own drama in the hyperactive imaginations of star-chasers. Bullock was (in)famously married to reality TV star and biker icon Jesse James who was recently caught cheating on her with fetish model / tattoo aficionado / stripper Michelle “Bombshell” McGee.

The media circus, led by the paparazzi-as-journalists at TMZ, naturally combed through Bombshell McGee’s life and found that the model had recently posed in a Nazi-themed photo shoot. McGee also has the tattooed letter W and P on the back of her legs – letters which typically stand for “white power” in tattoo / prison circles.

Possibly sensing the long term business risks of the direction taken by her 15 minutes of fame, McGee quickly fired out a second-hand statement claiming that she is no white supremacist and that the photo shoot in question was merely meant to be provocative.

To McGee’s credit, Nazi-themed photography is not exactly uncommon in the “shocking” world of fetish. To McGee’s discredit, she wears her heart on her Facebook page as vividly as she wears it on her body.

Screen shot: Michelle "Bombshell" McGee's Facebook Page

Look closely at the favourite books section. Many people have read Mein Kampf but very few would list it among their favourite books (if not for the content then surely for the fact that Hitler’s diatribe was mostly rambling). Even more interesting was the second book in her list – The Turner Diaries is a 1978 war novel, written by former National Alliance leader William Pierce, depicting violent overthrow of the United States government and eventual “cleansing” of all Jews and non-whites. Referred to by the FBI as “The Bible of the racist right”, the book has sold over 500,000 copies, mostly via mail order and gun shows. Several high profile hate crimes were committed by extremists who openly cited the book as an inspiration, mostly notably Oklahoma bomber Timothy McVeigh. For one to not only read but commend the book is a blinking light signaling far right sympathies.

Michelle McGee defeated her own argument and provided a fine example of yet another Facebook security threat – user stupidity. Whatever security measures are put in place, Facebook is still a website viewable by virtually anyone so long as one person has access to the information. A Facebook “friend” can easily take a screen shot of or “Save as …” any page on the website, instantly creating the opportunity to make private content very, very public. Incidentally, Bombshell made all the information in the above screen shot completely public so even that level of “wizardry” wasn’t necessary.

There are entire websites dedicated to foolish Facebook behavior by less famous users. Facebook Fails posts reader submissions of awkward survey responses, bullying and general purpose drama by Facebook users who type before thinking. For your pleasure, some noteworthy entries from the Facebook Fails website -

Facebook Fail: Fake Tan

Facebook Fail: Salmonella

Facebook Fails: Avoiding Socialism

Facebook Fail: Back on the Market

Facebook Fail: Divorce

03
Mar

Lethal Lucia – The Facebook Spammers are Here

There I was minding my own business on Facebook when a friend request popped up.  Now how nice is that? Someone wants to be my friend.  After 2 years of social networking the requests start to slow down and navigating the site becomes a test of navigating through melodramatic status updates and covert invitations to Mafia Wars / Mobwars / Youville / Happy Aquarium / etc.

Lucia is not a bad looking gal...

Lucia Pahmeier … nope, doesn’t ring a bell.  She seems to be a good decade younger than me to boot, so it can’t be school or co-op.   Sometimes it’s good to take a chance, and being a male, my brain isn’t the only organ weighing in on the pros and cons.  Still, Lucia only has 2 friends?  I’m one the first people she thought to contact on the web?  Seems unlikely.  A few warning bells go off.

Lucia got something pierced … what, I wonder?  The alarm bells are very loud now.  The clincher is that Lucia is unable to put up any more pictures in facebook (what else do young ladies do on Facebook apart from spread sappy memes and play Farmville?)  but she leaves a link to pictures.  Riiiiiigggght.  Good chance that obvious link forwarding URL is heading to a porn site.  Part of what made MSN Messenger unusable was having to deal with 20+ friend requests per week from what amounted to she-bots promising hours of online sexual self-gratification if only you’d come visit an external website.  Facebook seemed to be somewhat resistant to such sly advertising though obviously someone could just create a profile and try to snag males seeking another “hot chick” for their Facebook stable.

Mystery Solved.  I shall not sign up.

And there you have it.

Facebook is now officially a spam target.

Lucia acquired about 50 friends before her friend request and profile disappeared.  This was no doubt due to complaints from real users but she won’t be the last of her kind.  Facebook’s social network is too rich for Porn / Viagra / etc sites not to try penetrating its secure layers.

The important part of this story is that I did not let Lucia become my friend and in turn have access to my personal details.  As mentioned in an earlier Facebook tutorial, advertisers are very eager to get get access to user demographics, which tend to be cleaner and more appropriate for marketing purposes than most other sources (and are of course free).  Think twice before you accept a friend request unless you absolutely know the person.   Also, don’t be afraid to send a private message for confirmation before accepting.

15
Dec

4 Ways to Protect your Facebook Data under the “Improved” Security

Facebook’s controversial new security measures were designed to increase user control over privacy; however, privacy advocates charge these changes were mostly an underhanded method to release large amounts of private data (mostly photos and fan data) to the public. Additionally, Facebook’s 350 million users must now go through a more convoluted process to protect their personal information from third party developers who lure users with their addictive games and surveys.

While the world’s leading social network recently backed down on enticing users with their deceptive “Recommended Settings”, there are still several areas where user data may be vulnerable to third party snooping. Here are 4 steps ever user should take to protect their personal information.

#4– Don’t let Friends Give Away your Private Information

Prevent friends from inadvertently giving away your personal details to an application on their profile.

How:

4-1

On the top menu toolbar, select Settings -> Privacy Settings

4-2

Select Applications and Websites

4-3

Click on the Edit Settings button, located beside the title “What your friends can share about you“

4-4

Uncheck every option under the title “What your friends can share about you through applications and websites ”. Click on the Save Changes button.

Why:

Unfortunately, Facebook users must worry about the bad habits of friends as well as themselves. This “feature” is touted as a virtue on the security settings page:

When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card.

However, virtually anyone can become a Facebook developer just by downloading the development guide, and it is safe to assume that not all of them are solely interested in enhancing your user experience. If you don’t specifically uncheck the items in the list above, they can be shared with third party sites by way of your friends’ applications – even if you have set the information to to viewable only by friends or yourself.

Note that all information you’ve specifically set to public can still be read and analyzed by third party applications and websites. But more on that later.
Continue reading ’4 Ways to Protect your Facebook Data under the “Improved” Security’

12
Dec

Facebook Creepers, Unite – New Site Policy Weakens Data Privacy

Pssst, want to check some photos of that hot chick/fella that won’t won’t have you as a friend even on Facebook? Thanks to the social networking site’s new privacy rules, you probably can for at least a while. Originally billed as a move to enhance user privacy, Facebook actually ends up exposing more user information in some cases:

  • Profile photographs now default to “friends of friends”, meaning anyone with a mutual friend may browse whatever you post (some people have complained that their profile photos and other photo albums were made completely public,)
  • The new “recommended settings” option usually amounts to sharing personal information with everyone – friend or not.
  • There is no more option to prevent Facebook apps (eg Mafia Wars, Farmville) from harvesting your personal information. Apps can also harvest your public information when installed on a friend’s account
  • Fan pages are now permanently public.
  • Sharing information with “everyone” now includes the rest of the web, not just everyone logged onto Facebook

It is easy enough to reverse most of this exposure using the profile security settings (set all photo albums to “only friends”) but it would have been nice of Facebook to mention their plans to default profile photos to public status.

To the company’s credit, friend lists are no longer published on user pages, meaning it is no longer possible for casual users to browse each others’ lists of contacts. However, this information is still available to application developers, and possible even search engines. The latter is noted because Facbook recently signed a deal with Microsoft to publish user content via the Bing search engine. Again, users can opt out of this arrangement through their privacy settings, but Facebook hasn’t gone out of its way to tell us how.

In the meantime, while Facebook users slowly realize their photos are in the public domain, you can sneak a peek at photos that weren’t meant for your eyes. Try to resist the temptation.

(h/t to Jeela for first alerting me)

29
Jan

Silentbanker – Online Fraud Just got a Whole Lot Smarter

The media often feeds public hysteria with scare stories about online banking fraud and other types of internet scams. While most are rooted in truth, the attacks are often simplistic and easily blocked via a combination of server security measures and user vigilance about sharing personal information. Moreover, financial institutions assure consumers that their latest security precautions and best use education will protect from the majority of devious attackers who wish do plunder bank accounts. But what if there were a trojan/virus/malware so sophisticated that it could steal your money in the middle of a transaction without the customer, bank or even the secure connection method detecting suspicious activity? Enter the Silentbanker.

What is a “Silent Banker”?

The Silentbanker is a sophisticated Trojan horse program that installs itself on a target computer and intercepts confidential information entered during online banking sessions. Stolen information can be then transmitted to the attacker or used to steal money from the victim’s account. There have been several flavours of Silentbanker, with the more recent versions using rootkit software to avoid detection by antivirus programs.

Once installed, Silentbanker can perform several man-in-the-middle attacks on infected computers

  • Cookies and authentication certificates can be certified before being encrypted, allowing the attacker to authenticate a login using stolen information. Both simple logins and two-factor authorization can be defeated. Even transaction authentication number (TAN) protection can be targeted
  • While processing a money transfer, silentbanker can intervene to change the destination account to the attacker’s account, causing the victim to transfer money to the attacker without any warning
  • The Trojan continually updates itself by downloading configuration files containing host names and authentication routines for hundreds of banks worldwide

Silentbanker can work over an SSL connection, making the browser’s verification that the victim is on a “secure” (https://) connection meaningless.

How to detect and Remove Silentbanker

Silentbanker can be manually removed but experts recommend this only be performed by seasoned computer users. As of writing, the following security programs claim to detect and automatically remove Silentbanker:

  • Norton Antivirus
  • Malwarebytes’ Anti-Malware

How to Protect against Silentbanker and Similar Attacks

The simplest and only 100% effective way to protect against Silentbanker and similar Trojans is to never bank online. This solution is infeasible for some (e.g. those who are a great distance from the nearest branch) and highly inconvenient for others. Moreover, cutting off the online banking channel would not protect the consumer from the myriad of other bank-related fraud schemes that have little or nothing to do with consumer internet usage.

However, there are still actions users can take to greatly reduce the chance of being targeted by Silentbanker and its future derivatives.

1) Use only trusted machines. If possible, use only one private computer to access online banking. This machine should be one the user can scan regularly and install the software mentioned in the other following suggestions. Public computers (kiosks, libraries, Internet cafes, etc) can be very risky depending on the administrators’ security policies. Corporate computers are usually protected by blanket security solutions but the IT department may not be quick enough at rolling out patches and updates.

2) Do not use Internet Explorer for secure web transactions. Silentbanker manifests as a BHO (browser helper object) that only works with IE. Despite the many security patches issued by Microsoft, IE remains susceptible to this type of attack. Alternative browsers include Firefox, Opera and Google Chrome.

3) Install anti-Malware / antivirus software and update it regularly. Please see the article “Challenges of Internet Security – Your Best Weapons” for more information.

4) Install a firewall. Also see the above article for more information.

5) Create a Windows restore point. Once you are sure your computer is free of Silentbanker and similar programs, create a system restore point

  • Click on the start button and select Start > All Programs > Accessories > System Tools > System Restore
  • Click on the radio button “Create a restore point”. Click on the Next button
  • Verify and record the date of the restore point (Windows usually stores several). Click on the Next button
  • Confirm the summary information. Click on the Next button

Windows will save all the systems settings and create a restore point. If your machine is infected in the future, enter the same System restore tool and select the “Restore” radio button. Select the date you recorded earlier and Windows will reverse any system changes back to that date, effectively erasing the infection

Two warnings related to #5:

a) Restoring the system to an earlier date will also reverse any software upgrades or installations performed since that date
b) Restoring the system can also restore other viruses and other malware. Windows prevents antivirus systems from cleaning data inside the system restore folder. It is recommended to either (1) BEFORE creating the new restore point, temporarily disable Windows’ restore feature so that the antivirus software can clean older restore data, or (2) Delete all the windows restore points before the “clean” one that was just created

21
Dec

Challenges of Internet Security – Your Best Weapons (Part 2)

(See also: Part 1)

Online computer hacking has evolved from harmless pranks to big business: gangs of data thieves operate from Russia and China with near impunity. Tens of thousands of stolen credit card numbers are offered for sale on a weekly basis with a single card number selling for as little as $0.40. Home computer users have been overwhelmed by a continuous stream of viruses, trojans, spam, spyware and adware that threaten to introduce unwanted data or steal sensitive data – all while slowing PC’s to a crawl.

A cottage industry has developed for computer “experts” who promise to clean and tune-up home computers for prices ranging between $35 and $100 per treatment. Many of these would-be entrepreneurs are using software tools (often free to download) that can be installed and operated by the average user.

In the second of a two part series, we will look at two more indispensable tools for securing your computer or home network. While this series is geared towards internet security, most of the tools described are useful even on machines with no internet access.

Weapon #3 – Spyware Remover

Definition

Spyware refers to software installed without the user’s direct and informed consent. Once installed, spyware can collect personal / behavioural information, change computer settings, redirect browser activity, deliver unwanted advertising or even download other malicious software. The main difference between spyware and a virus is that spyware does not self-replicate – rather, it is typically installed as part of a legitimate software package (e.g. ad-supported software) or acquired after visiting an infected website that forces the web browser to automate the spyware download. Some of the more infamous spyware includes Zango, HuntBar and Gator Software.

Spyware removal software works similar to antivirus software by scanning the computer for traces of known spyware then attempting to remove the spyware.

Benefits

Spyware consumes disk space, memory and other computer resources in addition to being a nuisance to the user. Removing spyware regains these resources and improves computer performance.

Costs and Risks

Spyware removal software also uses a lot of system resources and must be updated regularly to keep up with advancing spyware technologies. Many so-called Spyware removal tools have proven to be fakes which themselves install spyware (e.g. Spyshredder, Pest Trap, MacSweeper).

Recommended Software

Lavasoft is considered by many to be the original anti-spyware company. Their flagship product, Ad-Aware, comes in several flavours ranging from a freeware disk scanner to a commercial version that scans in real-time and integrates antivirus protection. Spybot – Search and Destroy is another popular tool while the tech-saavy have shown increasing interest in the heuristic methods of Malwarebytes’ Anti-Malware.

Weapon #4 – Registry / Disk Cleaner

Definition

Registry cleaners attempt to scan and repair Windows’ system registry by removing outdated entries and fixing invalid references. Registry software is particularly useful for removing orphaned entries caused by uninstalling software. Some packages also defragment the registry for improved performance. Disk Cleaners can remove traces of internet activity, program history and windows temporary files.

Benefits

Fixing registry errors can correct system problems that cause Windows to malfunction or stop working. Removing temporary internet files (e.g. cached files, cookies) not only saves disk space but improves security by removing traces of web site activity and any accompanying passwords.

Costs and Risks

Fixing registry errors incorrectly can also cause Windows to malfunction or stop working (good packages allow the user to make a registry backup before making changes). Some users find the removal of web browsing history to be inconvenient.

Recommended Software

Webroot’s Window Washer is the most popular commercial disk cleaner and is constantly updated with plug-ins to remove program traces from the latest software. CCleaner is a freeware alternative that lacks WW’s government-strength disk erasing but adds basic registry cleaning. Registry Mechanic comprehensively cleans, repairs and optimizes the Windows registry.

30
Nov

Challenges of Internet Security – Your Best Weapons (Part 1)

Online computer hacking has evolved from harmless pranks to big business: gangs of data thieves operate from Russia and China with near impunity. Tens of thousands of stolen credit card numbers are offered for sale on a weekly basis with a single card number selling for as little as $0.40. Home computer users have been overwhelmed by a continuous stream of viruses, trojans, spam, spyware and adware that threaten to introduce unwanted data or steal sensitive data – all while slowing PC’s to a crawl.

A cottage industry has developed for computer “experts” who promise to clean and tune-up home computers for prices ranging between $35 and $100 per treatment. Many of these would-be entrepreneurs are using software tools (often free to download) that can be installed and operated by the average user.

In the first of a two part series, we will look at two indispensable tools for securing your computer or home network. While this series is geared towards internet security, most of the tools described are useful even on machines with no internet access.

Disclaimers

  1. Neither the author of this article nor the original host websites (Blink7, Cynics Unlimited) are directly affiliated with the authors of any of the software mentioned. All software recommendations are based on available test results, personal experience and feedback from users who have sought technical assistance from the author. No compensation was received for any mention or endorsement of software products.
  2. Of course none of the following tools can guarantee a 100% safe computer. Hackers, virus-creators and unscrupulous advertising companies are always developing new ways to get around existing security measures and attack/survey the contents of our machines. True network security “experts” are few in number and not all are working for the good guys. Still, there are several classes of consumer-based tools and software packages that will improve the defenses of the average user. Despite some of the annoyances related to installing extra software to “monitor” user activity, consumers should welcome the opportunity to reduce possible instances of data loss, identity theft and other privacy intrusions.

Weapon #1 – Antivirus Tool

Definition:

Strictly speaking, a computer virus is a tiny software program than can replicate itself and transmit from computer to computer via executable code. Targeted transport programs range from the standard .exe file to a macro program embedded in a Microsoft word file. Computers can be infected via local networks, Internet transmission and removable media (including floppy disks, USB keys and burned CD’s). In every day conversation, viruses are classified together with worms, malware, trojans and adware as self-installing, unwanted software capable of delivering a payload to an infected machine. The payload could be innocuous (a simple message), irritating (pop up advertisements) or downright dangerous (deleting files, formatting hard drives). Regardless of payload, these all consume disk space and sap computer resources during execution.

Antivirus software detects and attempts to eliminate viruses by scanning the computer’s memory and files for “signatures” of known viruses. Most antivirus tools have a database of known signatures (sometimes known as virus definitions) that must be updated continually. Files infected with a virus can sometimes be cured but in other cases need to be quarantined or deleted. Some antivirus programs remain active in memory to prevent infections by known viruses and equivalents.

Benefits:

Viruses and similar programs consume resources and cause havoc, period. Antivirus software can prevent small inconveniences like having to reload windows and larger inconveniences such as data loss. Most major packages are easy to install, require minimal configuration and automatically update virus definitions (internet connection required).

Costs and Risks:

Antivirus software can also use computer sources, especially if running continuously in the background. Not all antivirus software is equal and some packages have even proven to be viruses themselves. No single antivirus program performs all types of scans but it is generally not recommended to run more than one package on a single machine. Antivirus programs cannot actively monitor internet traffic and provide only minimal protection against non-viral threats (eg adware embedded inside user-installed software).

Recommended Software:

Choosing an antirvirus programs has taken on nearly religious connotations but the two leading free programs are produced by AVG and Avast. Norton Antivirus and Kaspersky Antivirus dominate the commercial market, though BitDefender Antivirus provides a slightly cheaper and higher-rated alternative.

Weapon #2 – Personal Firewall

Definition:

Similar to the heavy wall used to prevent a fire from spreading throughout a building, network firewalls apply a series of user-defined policies to prevent the movement of malicious or unwanted data into an individual computer or an entire network. Some firewalls can also be configured to prevent certain data from being transmitted away from local machines. Firewalls regulate network traffic flow through the use of “zones” – computers within a trust zone may be able to communicate freely but computers within a less trustworthy zone (usually called the Internet zone) may only be allowed to communicate with trusted-zone computers in certain instances. Data packets containing information not approved by the firewall’s policy are altered or discarded.

The typical consumer-level firewall is software-based and combines network layer filtering with application-layer filtering. Network layer filtering policies filter traffic based on packet-specific attributes such as IP address (source and destination), port and transportation protocol. Application layer filtering policies evaluate traffic by learning the user’s applications (such as a web browser or FTP program) so it can prevent misuse of standard data ports or attempts to sneak data through the wrong port.

Benefits:

A firewall can be the single most useful tool in preventing all types of threats. A properly configured firewall can stop a virus from entering a local network, prevent websites from automatically installing malicious software and stop local spyware from transmitting local data to an outside source. Firewall software can indirectly alert a user to potentially harmful programs when requesting a policy decision on whether to allow a previously-unseen program to connect to the internet.

Costs and Risks:

Even the best firewall is only as good as its policy and few people have the expertise to set up a bullet-proof network system. Recent firewall programs, such as ZoneAlarm, have improved user friendliness by automatically configuring settings for well-known software programs and requesting user decisions via pop-up windows when a previously-unknown program attempts to access the network or perform other low-level operations. Some users may become annoyed by the constant questions and simply turn the firewall off. Other users may inadvertently allow access to a malicious program or prevent necessary access for a legitimate program, putting the local computer at risk. A poor policy is just as dangerous as no policy at all.

Recommended Software:

Matousec’s comprehensive firewall tests resulted in a second place rating for Comodo Internet Security 3.5 (Nov 2008). This highly-configurable firewall is available for free and contains no functionality limitations. Some users have complained about Comodo’s tendency to ask many detailed questions they cannot answer. Changing program settings can alleviate this problem, though the commercial firewall Online Armour 3.x may be a more novice-friendly alternative. ZoneAlarm Pro is another popular program that receives generally high ratings on security tests.

P2P and Bit Torrent users may wish to consider adding Peer Guardian 2 to supplement their preferred firewall program. Peer Guardian blocks all internet communication with IP’s found within several blacklists (P2P, spyware, government, ads). If you’re trading MP3’s on Limewire, chances are you don’t want Media Sentry to know about it.

23
May

Wii Fit Gets Your Behind off the Couch

Wii Fit Box ArtWii Fit was finally released to the Canadian public on the morning of May 21. The frenzy nearly rivaled the original Wii release, as online stores sold out of pre-orders and police were present at some of the larger department stores to prevent scuffles between eager consumers. My significant other arrived at Best Buy right at the 10:00am opening to discover people already exiting the store with the game. By the time she got inline to pay (approximately 10:15am) there were only 6 units left. Apparently, the store was full of cops, nerds and pushy mothers – the latter two representing the target market for Nintendo’s exercise-driven video game.

Wii Fit’s initial fitness evaluations are similar to those of a real gym – users initially stand on the balance board while the squeaky-voiced, online characterization of the board measures weight and BMI. If your BMI is well above the prescribed 22 then the character makes an audible and condescending gasp. Assuming you’re not totally gutted by that point, Wii Fit presents a menu with several categories of activities:

  • Yoga (includes deep breathing, tree and shoulder stand)
  • Strength (includes rowing squat, single arm stand and jackknife challenge)
  • Balance Games (includes ski jump, slalom and tightrope walking)
  • Aerobic (includes jogging, step aerobics and rhythm boxing)

Each of the categories provides a few initial games, leaving the rest to be “unlocked” via the Fit Credits earned for each minute of physical activity. Some of the activities require the user to mimic the actions of a gender-selectable trainer while others are contests similar to the training section of Wii Sports. The objective is to perform several of the activities daily, accumulating Fit Credits until new activities can be added. Difficulty for each activity can be increased when the default settings become too easy.

Wii Fit Screen ShotThe real question is: does Wii Fit work? I’ve only had the game for a couple days but the aerobic activities will break a sweat after a few minute. Some of the strength training exercises are quite difficult on the upper body, except perhaps to someone who trains with the Cirque du Soleil. Truthfully, all the tools and metrics required to systematically get in shape are present if you’re willing to put in the time. Wii Fit allows you to set goals and track your progress from week to week. High scores for many activities are maintained so you can compete with your mates. Miis are supported and certain games allow two to play at once.

For regular exercisers, Wii Fit is a convenient addendum unlikely to cause mass membership cancellations at the local gym (my personal trainer sneered I’d be disowned for even entertaining the thought). For one, a context-free BMI measurement is at best imperfect, being hugely biased against muscular or voluptuous builds. Moreover, there are obvious limits to any exercise program requiring movement only within a 4 foot radius. Regardless, for those whose physical regimen consists of walking up the driveway to their cars and lifting Big Macs, Wii Fit would be a nice start on the path to better health.




Further Research

Twitter

Archives

Categories