Douglas Schweitzer

Two weeks ago I wrote a blog about a friend’s computer that was running bare because she didn’t want to spend the money for steep renewal fees. While the economy is improving, it will be some time before it's back in full swing again. Many people are holding on to their computers longer and are using them to help their job searches, too. If you’re in a situation where you can't or don't want to spend the money to renew your security software there are free alternatives - but there is a minor catch.

Companies like AVG, Avast and Avira to name a few, offer free antivirus software for personal or non-commercial use only. Recently, I also discovered another free security product by Comodo that offers a firewall and antivirus all wrapped up into one neat package. Having used this product myself and after installing it on family and friends’ machines, I have to say that I’ve encountered no problems whatsoever and there have been no infections on any of those machines. Combining the firewall and AV solution makes it easy for the average user to lock down his/her home PC and at a price anyone can afford, to boot.

Jordan Robertson’s Associated Press piece, “Phishing' drops; are scammers switching tactics?” at Physorg.com simply because lately I’ve heard less complaints from PC users about phishing encounters. As it turns out, a recent IBM security report determined that only 0.1% of all spam is made up phishing exploits. While that seems like a tiny amount, IBM Internet Security Systems division’s X-Force research team director Kris Lamb says, “That is a huge, precipitous decline in the amount of phishing.”

I agree with Lamb that security software is getting better at identifying and thwarting phishing sites, but I like to think that computer users as a whole have become more savvy and are better able to recognize phony web sites when they encounter them. Those in the know are less likely to just follow an emailed link to a site, and instead seek out and access sites themselves in an effort to get to legitimate ones. When it comes to security, like the SYMS clothing store’s tagline, “An educated consumer is our best customer,” I like to say, “An educated user is our best defense.”

I was my parents' third child. Growing up in a strongly Europe-influenced household instilled in me the benefits of being frugal. Back in the 1960s, I used to occasionally walk to elementary school, which was around two miles from home (at the time, Mom did not drive, Dad left for work early, and some days the bus took forever). I had to cross two major roads and while there were crossing guards, there were days when even they were not there and we kids were on our own. Over the years, I watched two fellow students get hit by cars and that was our reminder to never forget to cross at the green and not in-between. It seems that back then, on the whole, kids were not "sheltered" as much and we were trusted far more. One thing for sure, there were no video games or computers and we were outside an awful lot.

These days, kids are indoors too much. The sun can be shining and the weather perfect and yet you still find them inside playing video games. There have been numerous studies and articles reporting that sunshine is best for getting our required vitamin D. No doubt, there is danger in being out in the sun too much (depleted ozone has increased skin cancer occurrence) but we have some major advances in sunscreen technology; I just slather some on before I or the kids head out. What does all this have to do with security? Let me explain. After reading Mike Elgan's article "Why every child needs a GPS cell phone", I started thinking about my own children. I'm not as trusting, hands-off, or laissez-faire as my parents were when I was growing up. Mike is right...in my opinion, we were not a sickly as kids seem today. When you were outside you ate less and moved more and that meant better overall health; less obesity and less diabetes. I don't have any empirical data to prove that, just my personal observation and others I've talked to my age about our childhoods.

It was nice to hear that IE8 has made marked improvements in detecting malware -- by 17% since March. I read in Gregg Keizer’s Computerworld piece, “IE8 whips rivals in blocking malware sites,” that IE8 was able to spot a whopping 81% of sites infected with attack code. That all sounds well and good, but it’s not available for the Mac -- my computer of preference. Add to that the fact that Microsoft’s security team sponsored the testing and I feel a little uncomfortable. I don’t doubt the validity of the statistics; I don’t believe they’d taint the testing to skew the results. After all, they did have to get inspired when they feared their Microsoft users were jumping ship seeking out other browsers. Necessity has always been the mother of invention.

I was having a discussion recently about what a different experience it is to be entering the workforce nowadays compared to just twenty or so years ago. It used to be that employees starting a new job would meet with some sort of state of the art new technology. They’d be trained to use that equipment on the job and then go home every night to more tech-deprived surroundings. (In fact, I remember asking one of my first bosses if it would be OK to use the office photocopier to make a couple of photocopies for a non-work, personal project.)

So when I read Martha Irvine’s AP piece, “Young workers push employers for wider Web access” I completely understood. Because the office where I work is sometimes slow to evolve with current technology (partly due to efforts to maintain client security and confidentiality), I see the exact scenario when younger employees come on board. Let’s face it, they’re used to having all sorts of innovative tools, whether at home or at school, and coming to a work environment where they suddenly have to make do with slower connections or limited Web access just isn’t tenable. I’d go so far as to say that they consider the company old-fashioned and not competitive if it can’t (or won’t) maintain the latest equipment available.

No, I have not lost my mind or defected back to the Redmond fold. Since I'm still a diehard Mac fan, let me elaborate. I was talking with my kid brother today about our Macs. Ever since he converted to the Mac platform, he's had no downtime or malware or system lockups. (Right here, I will admit that my wife and kids' Vista machines have performed flawlessly from day one.)

But getting back to my conversation with my brother. He had asked me why there is so little Mac malware circulating. He was under the impression that Macs are impervious to malware. Simply not true.

Graphic: Diego AguirreMichael Jackson wasn't dead six hours when I already heard the first of several (bad) jokes about the superstar. In the same vein, fraudsters were already taking advantage of the public's curiosity within minutes of his death. These miscreants know that information seekers are more readily lured to bogus sites so that they'll be on top of the latest dirt. What they often forget is that lots of these sites were set up to transmit malicious code.

"Jackson's death unleashes barrage of online scams" by Jordan Robertson of the AP reminded me how easy it is to take advantage of people when they've been stunned. I think the surprise of Jackson's death has made people -- fans and non-fans alike -- hungry for details about why and how he died. Having details that others haven't heard yet makes people feel important when they relay the information -- so much so that they're more likely to take a chance and visit an untrusted site or download a bogus program (like a video player).

I haven't flown since last year, but I'm still intrigued by the prospect of getting a free body scan with a paid plane fare. Chris Strohm's "House to consider ban on airport body scans" (which I read at govexec.com), quotes a TSA spokesman who says that 99.6 percent of passengers chose to have the body scan over other screening options.

I'm pretty sure I'd rather have a scan too, even though "It basically looks at your body naked," according to Representative Jason Chaffetz (R-Utah). But because facial images are blurred and your body image is viewed in different location, there's some sense of remote separation. I'd rather experience that than some stranger physically patting me (or my wife and kids) down.

I was recently asked to look at a machine that was part of a SOHO network. The machine had reputable antivirus (AV) software and anti-spyware running and was experiencing random pop ups and sluggish behavior. First I noticed that the Win XP automatic updates option was turned off and secondly, the AV was not up to date ... two cardinal errors.

I got the machine patched and updated and ran an AV scan right after disconnecting it from the Internet. Thirty-two viruses came up in the form of Trojans, Rootkits and Spyware. After rebooting, the same pop ups and slow behavior continued. I ran the scan again, and only six incidents of malware showed up. Cleaned those and ran antispyware and picked up a few more. Even initiated a boot-time scan the next go around and picked up even more!

When I read Gregg Keizer's Computerworld piece, "Microsoft puts Mac users at risk with patch policy, says researcher" it initially left me on the fence. Just the other day Microsoft released patches for Windows versions of PowerPoint. It sounded good until we learned that patches for the same defect in PowerPoint editions for the Mac wouldn't be out until June.

On the one hand, I see the advantage to releasing a patch - just about any patch - as soon as it is available, just so that more users will be able to protect their systems ASAP. On the other hand, it made me uneasy that Microsoft has gone totally against what they've been adamantly preaching; that is, releasing data that hackers can use to infiltrate computers before patches have been released. To go against their own stated policy seemed self-serving and opportunistic.

I grew up the son of European parents. I used to think that’s why I was raised to limit waste as much as possible, but now I know lots of folks who were raised by or with parents and grandparents from the Great Depression era and they were ingrained with the same sensibilities. Shut the door, “close” the light, take care of your equipment and it will last longer. My dad was all over Europe during WWII (not by choice) and he constantly drummed into us how lucky we were to live in a free society, have three meals daily and a roof over our heads. My wife (also from Europe) continues the tradition of not being wasteful.

One trend that will likely see continued growth in the near to long term future is the green movement. The recession has forced companies to seek ways to cut costs and save money. I expect that the green movement will continue to flourish in the IT community and as Ellen Fanning points out in her article "The Top Green-IT Organizations find fertile ground for innovation" the goal is not only to help the environment but to save money. The beauty of green is that it's the gift that keeps on giving as future generations get to benefit as well. I know I'm imparting that thrifty mindset in my children at every opportunity.

Well, I don't know about other security professionals, but I'm not at all shocked that this year's PWN2OWN contest showed that both Windows PCs and Macs could be cracked. I do have to admit that 10 seconds was a bit of a shocker for the Mac Platform.

Look, I have put my faith in OS X since 2003, but I'm not one of those Mac zealots who think that Macs are infallible. There sure are less of us than our Windows using brethren. So, we're a smaller target simply because the user base is smaller. That's one of the reasons there haven't been as many Mac viruses. But the contest also showed that the recently launched IE8 could be hacked too (although I'm sure it took longer than 10 seconds). Those mere 10 seconds keep echoing in my head.