Define Internet Security

How do we define Internet security? Things have changed since the earliest days of computer viruses and spyware. Today, Internet security is a very broad topic.

First of all, there is a bigger list of threats. Here are some of them:

Viruses
Spyware
Trojans
Rootkits
Scareware (such as fake antivirus programs)
Worms
Back Doors
Keystroke Loggers
Adware
Phishing
Hackers
And several more
Many of these threats overlap and become part of each other. For example, Trojans deliver other malware like spyware and adware. Phishing can lead to rootkit infections and backdoors to hackers.

Some may only force you to view ads and do little harm otherwise. Others can turn your system into a “zombie computer” that becomes part of a “botnet” and is controlled by a “CC or command and control center”. This reminds of the Borg in the Star Trek movies. Remember “resistance is futile”? Yeah, that could be you.

Even a single threat like a specific virus sometimes gets reincarnated regularly. As soon as antivirus companies (AV companies) discover one and create a solution for it, the virus authors begin working on a variation that isn’t found by the solution, sometimes within hours. This means that the AV vendors are always behind the curve.

Corporate networks have the same problems that you do but on a much bigger scale. Their IT (Information Technology) departments work tirelessly to lock down the company networks so that only authorized traffic gets in or out and they steer clear of threats.

Generally, all of these categories and variations of threats are now just called “malware”. So, one way to define Internet security might be:

“Internet security is the attempt to protect computers and networks, while connected to the Internet, from malware and unauthorized access”

That’s just my definition, though. And to expand a little more, Internet security is a combination of human intervention and vigilance along with software security tools used at various points in a network and on computers.

As a side note, we want to protect them after they’re disconnected from the Internet as well because some malware has a delay action built in. Also, malware gets carried from computer to computer via flash drives and other storage devices.

So, to define Internet security might only take a sentence or two but it covers a whole lot of territory when you get into the details. Be sure to look around and get educated so that you can make sure you have a top Internet security solution too.

WhiteHat Security Complete Website Vulnerability Management

WhiteHat Sentinel runs assessments for the 24 Web Application Security Consortium (WASC) vulnerability classes such as Cross-Site Scripting, Directory Traversal, and SQL Injection. You can find explanations about these vulnerability classes in the Sentinel Glossary, located under the Resources tab.

The methods used by attackers to exploit vulnerabilities are constantly evolving; thus, part of the WhiteHat Sentinel Service includes ongoing refinement of testing patterns to ensure that Web applications are tested against the latest attack variations.

What is the difference between Threat and Severity?

Threat and Severity levels are standard ranking systems developed by the Payment Card Industry (PCI) Security Standards Council. Specifically, the severity level for a vulnerability measures the potential business impact if exploited,
and threat level indicates how easily it can be exploited.

How do I use the Web API?

The Sentinel Web API allows you to retrieve your own vulnerability, site, and and schedule information in XML format from WhiteHat. This data may then be integrated into your developer defect tracking systems or security information
management systems (SIMS). You can access the Web API instructions by logging on to Sentinel, clicking on the Resources tab, and selecting the API Reference link.

What are the hours of operation for Customer Support & Response Times?

Service Request Response Time: (Cases submitted/logged via the customer support portal during business hours: M-F, 6:00 AM – 7:00 PM PT

Standard Support – Next business day

Silver Support – 8 business hours

Gold Support – 1 hour – Critical (24×7), 4 hours – Serious

What is the difference between the executive summary and the full report?

The difference between the two reports is most apparent when comparing reports that include all sites. Both reports contain a graphical overview and vulnerability overview of vulnerabilities across all sites at once, as well as the WASC

vulnerability classifications and a Web security glossary.

The full report also includes per-site chapters with statistical graphs and vulnerability details for each site. This information is useful for developers to understand and fix the vulnerabilities in their custom code.

I ran a scan last night, but I have no vulnerabilities in my Findings page. Does that mean there are no vulnerabilities in my website?

Almost all Web applications have at least low-level vulnerabilities, so the complete lack of any findings on your interface after a scan has been completed usually means the vulnerabilities are being verified by human eyes. To prevent false positives, vulnerabilities only appear in your Findings page after they have been verified. The WhiteHat Operations team verifies vulnerabilities during normal business hours in Pacific Standard Time.

How can I make the scans go faster or slower?

Scan speeds can be increased by clicking on a site on the Sentinel interface, clicking the Settings submenu, and increasing the number of HTTP requests sent by the Sentinel scanner per second. By default, all scans are set at a medium speed, which is no more than four requests per second single threaded. The

Sentinel scanner requests will match the response times of the target website, so if your site contains pages that load slowly, this will effect the frequency of requests the scanner can make, which lengthens the overall scan time.

I just scheduled a scan to run until completion. How long is this scan going to take?

WhiteHat Sentinel scans run “low and slow”, meaning that scans are specifically designed to have no discernible effect on your website’s performance. The length of time it takes for a scheduled vulnerability assessment to complete depends on various factors, such as the number of pages to assess, the load time of each individual page, and the speed (number of requests per second) indicated in the site’s settings in Sentinel. Keep in mind that your first findings will not appear in your interface until after they have each been verified by a member of the Operations team.

Top Internet Security Software

How To Choose The Best

How does a web site go about choosing the top Internet security software? Well, there are oodles of magazines, rating sites, vendors, and testing shops that have their opinions. Plus, there are several operating systems, business versus home users, and various categories of testing that come into play.

Furthermore, the testing labs don’t test every product in every test they do. Sometimes they test the free version and sometimes the enterprise (big business) version. Sometimes vendors don’t want to be tested and ask to be left out. Other times, the lab’s rules will disqualify a product. All of this makes rating them very difficult.

In the end, there are just too many variables to look at, making it impossible to say something so general as, “Double Whammy Internet Security 2149 is the top Internet security software on the market”. So, what do we do???

Well, the target audience for this web site is the average, non-technical home user: grandmas, students, fantasy football addicts, etc. So, I’m coming from the perspective of a home user running Windows 7 (I hope you upgrade if you haven’t already but if you have XP, it’s OK) who wants to install something and then “fagetaboutit”. If that’s you then you’re in the right place.

The Big Three Testing Labs
What I do here is keep up with three of the large testing firms: AV-Test, AV-Comparatives, and Virus Bulletin. Yes, there are more of them but these three are sufficient for our purposes.

These guys do testing under various categories constantly, 24/7 under all kinds of situations that we may or may not ever see. If anyone is going to get close to what we all face every day on the Net, it’s them.

Now, they do different kinds of tests throughout the year such as, “Real-World Protection Tests”, “False Alarm Tests”, “Anti-Phishing Test” and so on. There’s no good way to boil all of these tests down into a single decision as to who is “best”. In my mind, the next best thing is to adjust a simple scoring method to the latest available tests from all three labs that most closely apply to our target audience, sprinkle some magical pixie dust on it and publish the “winners” as a constantly changing list on the home page.

Did you get all that? No? Well, don’t worry, here’s the bottom line:

I’ve applied the magic formula (full disclosure: it’s not really magic 🙂 to as many products as I could in a spreadsheet. I use the latest test available that fits our needs. So, if AV-Test comes out with a new test in July and that test would be applicable to our ratings, we just run the spreadsheet with the new ratings and see where the chips fall. So, the top Internet security software “winner” is always changing.

Even so, don’t put too much weight on any ratings, including those you find here. I would venture to say that if you chose any of the top three at any given time, you’d be as protected as you can reasonably expect to be. So, don’t get too wound up about it all. The really, really important point is to get something, install it and keep it updated (which it usually does itself).

History of Internet Security

By 2000, a new type of threat was infecting our beloved computing devices–spyware.

With the dotcom bubble bursting and spewing financial losses all over everyone (yuck), you’d think that spyware wouldn’t be such a big deal. But it was new. And new is always interesting. Oh, and it meant that more money would be made. Long live capitalism!

I could just regurgitate the “History of Spyware” articles on the Net but instead I’ll quote a Lavasoft support page. Lavasoft is a Swedish based company founded (by Germans) in 1999 and was one of the first companies in the history of Internet security to produce antispyware software. Theirs is named Ad-Aware. They are still one of the best around.

“Virtually everyone with a computer has now heard of spyware, but where and when did it rear its ugly head for the first time? Here is a little history…

The word ‘spyware’ was used for the first time publicly in October 1995. It popped up on Usenet (a distributed Internet discussion system in which users post e-mail like messages) in an article aimed at Microsoft’s business model. In the years that followed though, spyware often referred to ‘snoop equipment’ such as tiny, hidden cameras. It re-appeared in a news release for a personal firewall product in early 2000, marking the beginning of the modern usage of the word.

In 1999, Steve Gibson of Gibson Research detected advertising software on his computer and suspected it was actually stealing his confidential information. The so-called adware had been covertly installed and was difficult to remove, so he decided to counter-attack and develop the first ever anti-spyware program, OptOut.

That’s where Lavasoft picked up and Gibson left off. He went on to other projects and Lavasoft became a pioneer in the anti-spyware industry with its signature free, downloadable product Ad-Aware. Lavasoft’s paid products soon followed and it is now the anti-spyware provider for 300 million computer users worldwide today.”

Source: http://www.lavasoft.com/support/spywareeducationcenter/spyware_history.php

In the history of Internet security, spyware and its ugly little sister, adware, also fall under the malware heading if they have malicious intent.

It all started with pop up windows. Oh sure, they were novel and harmless at first. We stared in awe at our monitors at the shiny ads. But then another one popped up, then another, and another.

And then we started to wonder if these things were breeding. My monitor became a pop up petri dish! For those old enough to remember the most popular Star Trek episode of all time, “The Trouble With Tribbles”, was starting to feel very familiar. These annoying things persist today and all kinds of software has been made to block them.

Microsoft (who incidentally is part of the New World Order, I’m just not sure how yet) released the infamous Internet Explorer web browser. Then, in their infinite wisdom, they created the BHO, Browser Helper Object.

This fancy feature allowed other programs to do anything the browser could do such as install a virus or infect your PC with spyware. Usually a program did this by presenting you with a pop up window and tricked you into clicking on it. Then, BAM, now you need antispyware software.

Have you seen the pop ups that look like official Windows messages like this?

Yeah, you shouldn’t click on that–it’s spyware. It probably won’t be this obvious though.

Technically, in the history of Internet security, these early spyware threats were adware. They didn’t necessarily do bad things; they just try to sell you something most of the time.

But where there’s smoke, there’s fire and some unseemly types just couldn’t resist using pop ups to infect you with something nasty along the way. The history of Internet security is full of the good, the bad, and the ugly. Nowadays, we have drive by installs. All you have to do is VISIT a site to get infected. Great, huh? They just get better and better.

Spyware doesn’t usually replicate itself like a virus. It’s main purpose is to, well, spy on you. But it goes further than that. Spyware can and does the following:

change your home page
re-direct you to gambling or porn sites
change privacy and security settings
install dozens of bookmarks or shortcuts you didn’t ask for
logs the web sites you visit for the purpose of presenting targeted ads to you
uses up many of your system’s resources
steal your user and password info for banking and merchants
lots of other unwanted stuff

AVG Internet Security

At a Glance: AVG Internet Security 8.5 (2009) offers very good protection for your PC without most of the bloaty “extras” everyone seems to expect now. The new LinkScanner technology is designed to prevent visiting malicious web sites. The firewall is a bit weak and antivirus scans can be taxing to the system resources. But the product excels at finding spyware in places most packages don’t look and has a nice, clean user interface.

The Triple “E” Keys

Effective

Firewall: AVG Internet Security 2009 is a bit weak in the firewall area but still gets the job done. It’s hands off for the most part which is what you want anyway but sometimes you’ll be asked if you want to allow a program to access the Internet. This older style approach isn’t as easy as the automatic alternatives such as Norton’s.

During setup and any time later, you can choose between Standalone, Block All, and Allow All profiles. The Standalone profile leads you through a quick or thorough scan to assess programs. After that, you can, for the most part, forget about it.

Malware: Incredible. AVG Internet Security 2009 found 17 threats (all of them) including the one in the recycle bin on the first scan. It’s the best detection I’ve seen so far. But remember, all reviews are relative to the reviewer’s actual computer setup, actual threats introduced, and yes, the reviewer’s bias to some degree. Still, my experience was great.

I am very impressed at AVG’s ability to find malware in zipped and double zipped files. You can download them without complaint but as soon as you unzip them they are found and deleted or quarantined. The real time protection was good though it missed a couple of text files that should have been flagged. But the thorough scan found every trace of them.

A full scan took 1.5 hours which I hope implies that the scans are indeed very thorough and the results seem to bear that out. Since I run deep scans on my computers while I sleep anyway, I’ve never cared how long they take.

The newest component, LinkScanner, is designed to stop drive by malicious downloads and to display threat information when trying to visit dangerous sites. I’m not a fan of security suites doing this kind of thing. That might surprise you but the reason is that modern browsers already do this for you so it’s redundant. I don’t like wasting system resources on redundant tasks.

Email scanning and rootkit detection are included in the package.

AVG is probably the most popular free antivirus programs available. Of course, you’re encouraged to buy the entire Internet security suite as soon as you arrive at the web site but this marketing approach has always been profitable for software companies.

Score: Very Good

Easy

Install/Uninstall: Installation of AVG Internet Security 2009 is painless enough. There’s a question about installing a security toolbar. The toolbar is designed to assist the LinkScanner in protecting you from the boogie man when you’re browsing. Though admirable in the attempt to protect against malicious web sites, this toolbar is just another unneeded component in modern browsers that already do this. Also, it uses the Yahoo! search engine and I don’t care for that either. I’d recommend not installing it.
Uninstalling is a piece of cake with few decisions to make. There’s an uninstall survey you’re asked to take for “improving product quality”. You also have the option of removing user settings if you never plan to reinstall the package. One down side was that AVG left quite a few files lying around. I thought this was excessive but you could delete them manually.

Setup/Use: Again, easy to do. Setup is quick presents you with a nice user interface. AVG does use a lot of icons on the main screen but that didn’t bother me. Double clicking on any of the icons brings up advanced options or information. It’s all easy to understand and use. I like that one tab is devoted to scanning on demand and on a schedule. It’s easy to configure and launch a manual scan quickly.