Category: Cyber Security

Windows 7 Search – a Blunder of Microsoft

The major factor that makes Microsoft win over Linux or Unix in OS wars, is its ease in usability. Windows has made operating computer an easy thing even for a non-techie. The reason why we still bear the vulnerabilities in Windows and Microsoft’s overwhelming patches without complaining, is definitely that you cannot get an alternative for an easily operatable OS as Windows.

However, after Windows XP, Microsoft seems to be kind of losing track somewhere. That certainly explains the failure of Vista, despite the success of its preceding version – XP. Windows 7 was released with much hype. In fact the methods used by Microsoft to shift users from Windows XP to Windows 7 seemed exotic. Still many of them, due to unbearable number of patches and vulnerabilities reported for XP, migrated to Windows 7 hoping for more security rather than improvised features.

However, after a few days you see the number of people who want to stick to XP increasing, rather than the number of people who want to shift. The reason behind this is that Microsoft has replaced many functional features in Win 7 with fancy ones. The search feature is one of them. Microsoft should have reconsidered before bluntly replacing a very friendly search box of Windows XP with the dysfunctional Win 7 search box.

Windows XP Search

Here is the list of differences between Win 7 and Win XP search:
Windows XP search feature was the best of all Windows versions. Firstly we will start with the 2 text boxes in Windows XP search (refer to the Win XP Search image given) – one for searching all or part of a file name and the other to search for a word or phrase in the file. This was replaced with a universal search box (refer to Windows 7 Search image below) which searches only the file names for the parameters given.

And what should you do to search for a word or phrase inside the file? Well thats a lengthy process where you will have to change the settings in folder options. However, after changing the settings, the search bar will start searching the contents in your files – every time, consuming lots of time and the PC process.

The date-modified criteria and the size criteria were retained in Windows 7. However, in Win 7 you cannot search for files modified between specific dates.

The More advanced options in XP with options – search system folders, search hidden files and folders, case sensitive, search tape backup were favorites of Win XP users. All these check boxes, drop down menus and radio buttons which used to help in customizing search, were replaced with nothing.

Windows 7 Search

Now Microsoft asks you to use syntaxes to narrow down your Win 7 search results. These include kind (for specifying type of file), genre, property, etc. If someone were to learn syntaxes to use Windows OS, can’t they learn syntaxes of Linux or Unix operations instead? At least they will get rid off vulnerabilities and additional work of updating Windows by doing so.

These operators often remind me the Google search operators. But Google itself is now trying to improve user-friendly interface with one-click links (refer to the Google Search image here), which will narrow the search results. We don’t understand why Microsoft, instead of improving interface, is trying to go fancy with looks and losing features.

Overall, several features were removed from Windows XP to trim down Windows 7 search box. Isn’t it the obese people that try to trim their excess fat. If a normal person becomes slim, he looks diseased. Were Windows XP search features obese? Definitely not.

If you have already shifted to Windows 7 or are forced to move to Windows 7, and are concerned about the deprived search features, you can use search software like Copernic. However, this will cost you extra, apart from the charges of an authentic license of Win 7. If you are planning to install any free software, it will be a riskier step. Thanks to the vulnerable operating systems of Microsoft.

Ultimately, if one would like to stick or shift back to Windows XP from Windows 7, the search feature will be one of the prominent reasons. Most of other changes made in Windows 7, along with the search feature, seemed to be made for the sake of change rather than for enhancing usability.

Most Dangerous Activities to Avoid Online

The Internet today is filled with huge amount of malware activities and one small mistake can make you fall prey to them. These mistakes often end up in infection of the PC or exploit online accounts (bank accounts, credit cards, etc.) of the user. The activities you need to avoid online are as follows:

Not dealing seriously with passwords
Everyone knows that passwords are important. Yet most of them fail to create or maintain them properly. It might be because of the ignorance on the importance or on how to maintain them properly. Whatever may be the reason, the most common blunders to avoid while dealing with passwords are:

  • Creating easy-to-crack passwords
    Hackers use ultra password cracking technologies. Not creating longer and complex passwords, is actually equal to helping the hackers crack in to your account.
  • Easy to guess password recovery options
    Many websites use security questions to help people recover their password in case they lose it. Using simple questions like birth date, pet’s name which are either easy to guess or are visible openly on your social networking account, is another major blunder to avoid while dealing with passwords online.
  • Using the same password for multiple online accounts
    Same passwords for all online accounts are as safe as the weakest passwords. If one password is cracked or stolen, the chances for hacker to procure other online accounts of the user are high.

Getting lured into fascinating or controversial news
Malware authors know that people naturally are more interested in fascinating news or controversial rumors, and plan new attacks that are targeted specifically towards this crowd. This is called SEO poisoning. It’s estimated that more than 10 percent of search results for Google’s highest-ranked web sites are malicious sites.

Failing to update Microsoft Windows OS / Java / Adobe Reader / Adobe Flash
Updates are provided for software in order to patch-up security vulnerabilities in them. Especially, Windows, Java, Adobe Reader, Adobe Flash remain the most exploited software applications due to their vulnerabilities. Failing to update these leaves the PC potentially vulnerable for malware attacks.

Opening an email attachment / Clicking on a link in an email – from someone you don’t know
According to a recent report released by Symantec, spam now accounts for 78.6% of all email traffic in US and 75.7% of all email traffic, globally. Opening email attachments from unknown user may deploy malware into your PC. A link on a spam email may direct you to a spoofed website.

Checking the “Remember Me” box in public PCs
This option saves cookies and login details of the user in the browser, until he signs-out manually. Thus, if the user checks back into the site later anytime, he doesn’t require to provide login details again, to access his account.

However, while using public PCs, enabling this option is equal to providing your login details to the any user of that PC, who can check back at any time and access your account.

Leaving Facebook privacy settings unchecked
Facebook is recently in the news for hacking of its CEO’s fan page. The most popular social networking site, Facebook, has many users who are not aware of its security features or privacy settings. Your personal information will be available for everyone to see if you leave privacy settings unchecked on Facebook.

Using BitTorrent sites to download copyrighted content
Downloading illegal software from BitTorrent sites can expose your computer to Trojans and Spyware.

Playing free online games
There are many malicious websites online that lure users by providing free online games. Don’t play online games on unreliable websites. Also be cautious when asked to download free games.

Connecting to unknown wireless networks
Many people log into unknown (private) wireless networks at public places like airports and hotels. These networks can be potentially harmful. Always be sure that you are logging into known (private) wireless networks only.

These are the most dangerous online activities. Proper awareness and efficient precautions are required to stay away from committing those mistakes and stay safe and secure online.


Emerging Malware Trends: Smartphone Malware

Ever since the mobile phones have included web browsing technologies, they were a major hit among users. The latest smartphones have even put mobile users a step ahead with exclusive features like online shopping, downloading, video streaming, social networking, mobile applications, email, and even document editing and sharing.

Recently, a report (by Conductor) said that smartphone ownership increased roughly 58% during the year 2010 (from 17% in 2009 to nearly 27% in 2010). The 2010 holiday shopping saw a 300% increase from mobile users (to 5 high-traffic e-commerce sites). It has even reached to the point that mobile email usage rises while web-based email declines (according to comScore). There are now more than 7 million mobile internet users in the UK according to Nielsen. That compares with more than 40 million in the US. Social networking is also big and growing at higher pace in mobile segment. According to comscore, nearly 58 million mobile subscribers accessed a social networking site at least monthly via mobile device as of December 2010.

Now you see the size of this segment of users, connected to Internet. No doubt it is attracting more and more marketers towards mobile marketing, but is it just marketers who are getting attracted?

We now see a new trend in malware, emerging – the smartphone malware. In fact it has already grown to a frightening level. Cyber criminals are now targeting smartphone users with new malware. After-all it is on operating systems that smartphones run on; and the more the features, the increased are the vulnerabilities. Moreover, you can’t deal with unwanted files and folders or afford installing a security solution easily in a smartphone, like in case of a computer. In the present scenario it is not easy prevent, check for or get rid of malware in your smartphones. You connect yourselves to Internet (which is a wild-west today) with these vulnerabilities, thereby increasing the chances of your mobile being affected.

A recent report from McAfee shows that mobile malware threats increased by 46% in 2010, from the year before. The Zeus genre Trojan Zitmo (Zeus In The Mobile) is on the stands for the smartphone users. This was created on basis of an old spyware commercial package but is very potent in terms of cyber crime activities. Android/Gemini, created for Google Android users, is another such malware inserted into legitimate mobile applications and games and is often spread to infect.

Many popular companies like Kaspersky, Symantec, McAfee, Eset have already evolved with mobile security solutions. Even the updates of virus definitions are available regularly. The installation is little complex to handle for non-tech savvy people. Must say that the security solutions for mobile segment are not as rapid in terms of evolution as it is in case of malware. Lack of awareness on malware and security solutions is the major weakness among smartphone users and helping attackers to exploit smartphones much easily.

So, if you think using smartphone for accessing Internet, emails and downloading applications is cool, beware of the threat lurking in and make it a point to install a suitable security solution. And if you are planning to buy one, you must consider the feasibility of installing a security solution in it.


Added IE9 Features and What They Mean for Users?

IE9 got released on 14 Mar’ 2011 at the South by Southwest Interactive Festival (SXSW) in Austin, Texas. Microsoft announces that IE9 as not only fastest, most standards-compliant version of IE yet, but also as one that can stand up and compete on features and looks with Mozilla Firefox, Google Chrome, Apple Safari, and the Opera browser. Few interesting features of IE9 stands as follows:


Stripped-down and sleek design: The new IE has eliminated most of the menus, buttons and even search fields. Even Google Chrome and Firefox are doing the same for their browsers. The increased size of Back button compared to the Forward one, resembles Firefox. The sleek design of IE9 definitely makes the browsing experience clutter-free and easier for the users.

OneBox search: The users can now search from the location bar itself. The best part of search is on-the-fly searching where you can see relevant list of Web results, bookmarks, and browsing history, while typing the keywords itself. Of course, this may seem similar to Chrome, but the “search suggestions” option which shares your search keywords with search services, is turned off by default.

Pinned sites: IE9 and Win 7 desktop have been tightly integrated. Using the new “Pinned sites” feature users can “Pin” their favorite sites on the Win 7 desktop task bar as they do for applications. The best part is that users can also see AeroSnap preview as well as site-specific JumpLists. A new trend in website coding is introduced here called as Pinned integration so that users can also get unread e-mail notifications and streaming media player controls for the pinned sites. Already major sites like CNN, Pandora, Facebook, Twitter, Huffington post, eBay, Groupon, etc., have integrated this in their site’s code.

Separate row tabs: When you choose Show Tabs on a Separate Row option, the tabs will move below the location bar.

New location for notifications: Notifications, like pop-up blocker or session recovery warnings, are moved to bottom of the page. This will not disturb the user while he is browsing by grabbing his focus away from the web page.


Using the whole PC: Microsoft claims that IE9 is the first to use hardware to accelerate all browser operations and this makes it much faster. IE9 comes with new Javascript engine Chakra, combined with GPU (graphics processing unit) acceleration, trying to make it the fastest browser in the market. On a side note, Robert O’Callahan of Mozilla wrote in his blog that Microsoft’s IE9 hardware claims are ridiculous.

Enhanced HTML5 support: The HTML5 support from IE9 has been moved to GPU instead of CPU, which makes it easier to run richer video, audio and graphics without affecting the systems performance.

More Web Standards Compliant: Microsoft has also announced that IE9 is the most standards compliant ever, with full support for industry standards such as HTML5, CSS3 and SVG1.1.

Tab Sandbox: The tab sandbox prevents a crashed individual tab from crashing the entire browser.

New Tab Page: A new tab page which contains list of all the user’s frequently visited sites is another major feature. The list is displayed in tiles, with a favicon and title of the web pages. This tab also contains list of recently closed tabs, previous browsing session and an activity meter through which you can track your browsing habits.

Add-on performance notification: This feature is unique for IE9 which tracks add-ons performance and reports the user if any of them is impacting the browser’s performance.


Do not track feature: When we talk about enhanced security in IE9, the do-not-track feature is the major one which lets users to opt out of sharing their browsing habits with websites. This is in compliant with Federal Trade Commission’s proposed “do not track” list. This feature can also be found in Firefox 4. However, “Which? Computing “reports that it found a flaw with anti-tracking feature working with the TPLs (tracking protection list), which didn’t seem to be critical.

ActiveX Filtering: IE9 gives complete control over ActiveX filtering for the users, allowing them to choose sites that they trust to access information to create interactive features when they surf the web.

Integration between SmartScreen Filter and Download Manager: This feature makes sure that users are downloading files from a trusted source and the files do not contain viruses or malware. The IE9’s SmartScreen filtering has fared well in a recent NSS labs testing.

Independent tabs: Each of the tabs function independent to each other. So, if a tab hangs due to any malfunctioning web page, you can still continue browsing on other tabs.

Independent pinned sites browser: The pinned sites are given their own browser session, independent of the desktop browser. This browser session will open without any browser helper objects (BHO) or add-on toolbars that runs in regular desktop browser, minimizing the risks of exploits.

With these added features, few unique and few copied from the competitors, Microsoft hopefully is trying to regain its lost browser market share.

Web Chicanery followed by Earthquake and Tsunami Disaster

Immediately after the massive earthquake and tsunami in Japan, experts noticed many Internet fraudsters exploiting the situation through black hat SEO techniques.

The experts said that the criminals immediately started customizing their malicious websites, including keywords related to tsunami and earthquake, to get on top of the search results using black hat seo methods. It has been found out that they were trying to deploy malware, scareware or fake antivirus programs into the visitors computers through these sites.

Apart from scareware deployments, there can also be fake/spoofed sites posing themselves to be Tsunami relief organizations and ask for donations. Sources say that this happens every time a disaster occurs. So be sure while visiting sites related to Tsunami and even donating funds online for the victims. The less tricky thing will be to donate through the sites suggested by Google in this list.

Linux Routers Targeted by Tsunami Malware

Ever thought Linux is invulnerable and robust against malware attacks? then its time to rethink. Security researchers at TrendMicro found malware that can exploit routers based on Linux and Unix platforms. The malware, though was said to be predominantly found in Latin America, has possibilities of spreading to other regions.

Potential of the threat
As per the source: the malware code, found to be ELF_TSUNAMI.R, has high damage potential though the distribution potential and overall risk are rated to be low. This code operates as an .ELF file through Linux IRC (Internet Relay Chat) backdoor program and performs brute force attacks via multiple login attempts onto the router or exploit the router. The attacker can also disable the firewall on the compromised router, leaving the network susceptible to more attacks.

How it works?
The attacker drops an .ELF file containing the ELF_TSUNAMI.R code into the router. This might be dropped by other malware or unknowingly downloaded by a user in the network, while visiting a malicious website. This creates a backdoor on the router through which the attacker can send and execute commands via an Internet Relay Chat (IRC) server.

The vulnerability in D-Link routers
Currently, D-Link routers are found to be existing with the remote authentication bypass vulnerability. Due to this vulnerability, the attacker can download the ‘config.xml’ file without requiring normal authentication requirements. This file contains complete configuration details of the device as well as usernames and passwords of the users listed in the device. When the attacker has the file, he can simply take over the admin privileges of the affected router and the subnet under it. The details of firmware versions with vulnerabilities can be found at


Latest Versions of Chrome and Firefox Released

Google had released latest version for Chrome (9.0.597.107) fixing around 19 bugs on Monday. And within no time Mozilla has also come up with latest version of Firefox (3.6.14).

Interestingly, these were released just before the Pwn2Own hacking contest (to be starting on March 9th). Even in 2010, Google released version, days before the contest. Apple also had released updates for Safari in 2010 in almost the same time-line. Google Chrome stood the only browser unhacked among Internet Explorer 8, Firefox 3.6 (which lead to release of 3.6.4) and Safari 4 in 2010 Pwn2Own contest.

Even this year, after the release of new version, Google stays strong on Chrome and even announced a direct bounty of $20,000 prize for hacking Chrome (on the first of the contest’s three days), apart from the regular contest reward.

On a side note, Mozilla Firefox version 4 has entered its final beta stage and is expected to release by the end of this month.

Top Blunders to Avoid While Dealing with Passwords

Your online accounts stay safer as long as your passwords are stronger and secure. However, creating stronger passwords is not enough in today’s scenario where id theft is most prevalent. Handling of passwords is equally important as of creating strong passwords. The following are few blunders made by consumers in 2010, reported in a study from Internet security firm Webroot.

  • Sharing or putting passwords in feasible reach of friends, acquaintances, etc. In 2010, 14% of the id thefts were committed by the people who were well-known to the victims.
  • Using same password in multiple sites or multiple accounts. Another recent research study from University of Cambridge, reported that the password reuse rate among the stolen login information from two different websites, and, with identical email addresses was around 31%. If a hacker manages to steal a user’s login info and password, there’s as much as a one-in-two chance that he can procure access to other secured accounts of the user.
  • Not using special characters in passwords, which makes it easy to crack through.
  • The answer to the security question (which people use when they forget their password) like birth date, pet’s name, is available openly in a social networking site.
  • Not using secure connections while accessing sensitive information in unfamiliar computers or WiFi at public places. Over 86% were reported doing this blunder.
  • Writing down the passwords and hiding them somewhere like a desk drawer.

These were few of the top mistakes committed by users while dealing with their passwords. If you find yourself committing in any of the above, its high time to correct it.