Back to the school, an antivirus is next to nothing

One of the most damaging behavior I have noticed among computer users, especially home users, is that their lack of interest to keep an anti virus software installed on their systems. People believes that as their systems are working fine without any problems, there is no virus infections and they don't need an anti virus. Some believes that computer viruses are spread only through the internet and he is safe as he rarely goes online.

These careless behavior leads to severe data loss in the form of an unrecoverable system failure which ends up in a clean format and re-installation of the entire system. Even though many home computers does not have anything valuable to be kept secured, it will certainly contain information about bank and credit card details, personal photos and home videos etc which when reaches black hands, may prove dangerous.

It is therefor very critical to install an anti virus program on your computer, even if you are using it as a home computer or you are not connecting to the internet. For home users, freeware programs like AVG Free Edition (http://free.avg.com) or Avast Home Edition(http://www.avast.com) will work. Remember to keep the virus definitions updated daily and if not possible, at least once in a week. If you are running a home business, you might want to buy and install a commercial antivirus which comes with more features and added security.

The following is the top ten list of commercial anti virus software as reported by TopTen Reviews.

1. BitDefender Antivirus
2. Kaspersky Antivirus
3. ESET NOD32
4. AVG Antivirus
5. Vipre
6. F-Secure
7. Trend Micro
8. McAfee Virus Scan
9. Norton Antivirus
10. CA Antivirus

(Source : http://anti-virus-software-review.toptenreviews.com/)

Bluetooth security in mobile phones

Almost all latest versions of mobile phones, hand held devices, PDAs and laptop computers are equipped with bluetooth data connectivity facility. It is now the most common, simplest and cheapest means of transfer of files between various devices. As buletooth is so common, threats associated with this technology is also increasing. In this article, I am discussing about the threats that an unguarded or poorly configured bluetooth system brings to a mobile phone or PDA user.

Major mobile phone makers provides secure data communication between two devices which are connected using a common password. The initial setup of this connection is called pairing and it is done on the basis of a password which must be entered on both the devices for pairing to be established. There is also a provision that searches for active bluetooth devices near a mobile phone (usually within 10 meters) and a file can be send to the devices detected by the search. In this case, the user of the other phone must give explicit permission to receive files. This is the safe side but it is not so in all cases.

There are programs called bluetooth hackers that works on mobiles with Symbian operating system. I tested two of such programs and they worked great. Both the programs requires a one time pairing or authentication by the victim and once it is done, the device is virtually under the control of the hacking software on the other device. It is possible to make calls, send messages, read SMS and phone book, emulate key sequence etc on the victims phone. The call and data charges will be collected from the victims account. The most critical part is that someone can send a threatening SMS to a celebrity or political leader using this software from your mobile phone and you may not be even aware of this. While considering the fact that according to rules in most countries, sending such SMS will invite severe fine or imprisonment. Personal privacy is another factor. You don't want anyone to read all your messages and contacts without your knowledge, do you? But with programs like this, its next to kidding only! Think what amount of damage you can do with your phone and what are the crimes that can involve your phone; all these can be done by an evil mind by hacking into your mobile device through bluetooth and you are the culprit in front of the law of justice! Strange right?

So what is the way out? First always make sure you buy mobile phones from genuine sources and always stick to popular brands. Some chineese phones comes with bluetooth option without even a provision for a password pairing and they simply accepts all connections if bluetooth is turned on! All popular mobile phone makes use password pairing and always asks for your confirmation to initiate a communication. Next thing is that you turn on bluetooth only when you need it. Do not keep it turned on all the time to receive all the garbage on the streets as you are an easy target for a wandering hacker. Always turn on the option that hides your device from searches made by other devices and disable this option only when in need. Never accept anything from a stranger over your bluetooth connection as this could be a mobile phone virus, copyrighted content or he may be simply trying to hack your phone. If you really need to do so, never pair with the other device instead ask him to search for your device and send the file. You accept the connection for this time only. Another simple but somewhat effective method is to change the bluetooth name of your device occasionally as this would cause some confusion for a hacker at least living nearby. Install a good antivirus and firewall software on your mobile phone so that you can prevent remote installation of malicious programs and data loss. Last but not the least, always handle your phone by yourself. You just can't make sure that others will use your bluetooth technology for legal purpose!

I know, you wanted to know the name of the program that hacks bluetooth. Right? I'm sorry, my lips are sealed.

On-Screen Keyboard : Safer way to type in public

Key loggers are computer programs which are designed to record all the key strokes that occurs in the system on which it is installed. Most of such programs works in the background without any active windows and it is quite difficult to identify their presence. These programs intercepts and records each and every key stroke and saves them in a log before sending the key strokes to the program to which it is intended. Key logger programs can then send these log files, which are plain text files in most cases to any email address over the internet. Any person who has access to the administative area of the key logger program can also view the log. The recepient can then watch your usernames, passwords and even credit card numbers. This is a severe security issue while accessing internet through public computers like internet cafes. Although most antivirus programs can detect and remove key loggers, these programs may also be installed by the system administrators to keep an eye on what is being typed by the users and in this case, he will disable antivirus protection on key logger programs. The result will be the same- some one else will read everything you typed without your knowledge or consent. This technology can lead to serious crimes like hacking into email addresses, sending unwanted or dangerous emails using your own email account, stealing credit card information etc.

Microsoft Windows comes with a handy tool to counter this to a great extent and this small program is called On-Screen Keyboard. This program can be used to enter critical data like usernames and passwords, credit card numbers etc to websites and other programs. On-Screen Keyboard has an interface which looks exactly like your ordinary physical keyboard with the same key combination. What you need to do is to click with your mouse where you want to type and activate On-Screen Keyboard. It can be done in Windows XP by going to Start > All Programs > Accesseries > Accessibility > On-Screen Keyboard or by running osk.exe using the Run window (Start > Run). Now you can click on the characters you like to key in instead of touching the key board and they will be displayed on the screen as if you are using your physical key board. It supports all the functions like alt, tab, caps lock, shift, function keys etc.

This method bypasses ordinary key loggers as you are not even touching your key board to key in sensitive data. It is advisible that you use this method while typing all sensitive data like usernames, passwords, personal telephone numbers, credit card number etc from any public terminal.

Even though this is not 100% fail safe, it works perfectly as a first line of defense and in most cases, works great.