Google adds privacy protection
Google modifies its data retention so that it would make harder the specific computers used in searches to be identified.
Google,s servers log information every time someone searches the web and keeps data such as the keywords used,Internet Protocol Address and information web cookies.
As the new policy of Google,announced on wednesday,the last eight bits from the ip address and cookie data will be annonymized after a period between 18 and 24 months unless legally required to retain the data for longer.But the logs will still continue on a indefinite term.
“Logs anonymization does not guarantee that the government will not be able to identify a specific computer or user, but it does add another layer of privacy protection to our users’ data,” the company said.
But there are other opposite points of view:
“I don’t think the Google proposal is adequate. This period is too long and it’s not in fact data destruction, it’s more data de-identification, and that should be happening in 18 to 24 hours, not months,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “I’m not persuaded that this isn’t still a ticking time bomb for Google’s search engine.”
Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said Google should never be archiving the IP address and cookies on servers. “Google should not be in the spy business,” he said. “By logging IP addresses and search strings they are running the largest intelligence operation in the world.”
“For most average consumers that is pretty much anonymous,” because many people connect to the Internet through large companies that dynamically assign IP addresses, making it even harder to determine exactly which person conducted a search, said Ari Schwartz, deputy director for the Center for Democracy and Technology. “It is a risk, but it is better than what we have today.”
Kevin Bankston, staff attorney at the Electronic Frontier Foundation, said he would like to see Google scrub the entire IP address within six months, but praised Google for making this “positive first step.”
“We hope other online service providers will heed this example and work to minimize the amount of data they keep about their customers,” Bankston said.
Google,s rivals like Yahoo and Microsoft did not disclose any information about their retention policies
AOL saves personally-identifiable search data for up to 30 days in a way that’s visible to the user and uses an encryption hashing technique to obscure it thereafter, said AOL spokesman Andrew Weinstein.
Anyhow,what I wonder after such news,do we have privacy?I think we just like to believe so,so do like me,be paranoid and never trust any kind of software,learn a lot about software privacy and buy privacy protection software,but never completely trust even those ones,you know the word,the route to hell is paved with good intentions…
Source:http://news.zdnet.com/
Trend Micro acquired HijackThis
Trend Micro,one of the most well known antivirus and security software companies,has recently acquired HijackThis,a very useful and popular software tool,used for threat analytics and malware removal.
The company plans to announce the acquisition only on march 19-th,but a new version of HijackThis 2.00 beta,is already available for download on their site.So what was supposed to remain a secret was revealed to general public.
The new version won,t add nothing new,except minor fixes and updates.
Speculations were stopped by Merijn,s explanation posted three days ago:
As some of you might have seen several IT news websites are offering Trend Micro HijackThis 2.00 beta. An official statement will be posted on their website soon, but since this is a public beta of theirs I figured it’d be best if I answered the question I’m going to get asked a lot, right now.
This is not fake, I sold HijackThis to TrendMicro. Their product incorporates all changes, updates and fixes that I was planning on adding in the v1.99.2 release. I made sure of that and I hope no one will be disappointed with it.
He also explains the reason why he sold the program:
I sold HijackThis because I had been sitting on an unfinished update for over a year and I still could not make enough time to finish it. My uni classes are taking up a lot of time and I want to set my goals a bit wider than just the antispyware business (though I still love it). Sitting on an unfinished product until it becomes obsolete is not useful, so I decided to transfer the responsibility to TrendMicro (who have also taken care of my CWShredder) so they can give it proper attention and support.
To those worried about log analysis, we have good news,nothing has changed at all. Security forums from all over the world still accept HijackThis logs.
Source:http://www.2-spyware.com/news/
Microsoft shows possible IE7 phishing hole
Microsoft is investigating a possible vulnerability in Internet Explorer 7 that could help cybercrooks to launch phishing scams, the company said Wednesday.
An attacker can use an error message displayed by the latest Microsoft browser to send Web surfers to malicious Web sites that will display with the address of a trusted site, such as a bank, Aviv Raff, a developer in Israel, wrote on his Web site. Raff included an example where the error message directs the Web surfer to a site of his choice.
Microsoft is looking into the issue, a representative said. “Microsoft is not aware of any attacks attempting to use the reported vulnerability,” the representative said in an e-mailed statement. “Microsoft will continue to investigate… to help provide additional guidance for customers as necessary.”
The vulnerability relates to the message IE displays when Web page loading is aborted, Raff wrote. An attacker can rig the message by creating a malicious link. The message will offer a link to retry loading the page; hitting it brings up the attacker’s page, but showing an arbitrary Web address, he wrote.
IE 7 runs on Windows Xp and Windows Vista.
Source:http://news.zdnet.com/
Norton 360 ALL In One Internet Security,success or failure?
Symantec,s latest security suite was made especially for pc owners that don,t want to interact too much with their security software.This is a good news for novice and less experienced software users,but the most experienced ones will certainly be dissapointed because of this reason.
This hands-off security suite is competing with McAfee Total Protection and Microsoft Live One Care.
The good Point is that it has all the needed security features - antivirus,antispyware,firewall,automatic updating,pc tune-up,backup,restore,transaction security,antiphishing.A good news is that now the product is not bloated,it doesn,t consume so many resources of the computer.
The cons are:the lack of abilities for fine-tuning firewall settings and wireless security tools.
This software works with Windows Xp Home Edition,Windows Xp Professional Edition and Windows Vista.
The per-item purchase price is US$79.99 for installation on up to three computers. Additional storage space is available for back ups at $29.99 for 5 GB, $49.99 for 10 GB and $79.99 for 25 GB.
Source:http://www.topix.net/tech/spyware
McAfee is guarding on the Internet threats
McAfee,s SiteAdvisor Tool is a free and very useful tool especially designed for protecting home computer users that are using the Internet.
The tool shows the risky sites and categorizes them on three parts:green-which means they are safe;yellow-sites require caution,because although they pass all the tests,they contain an annoying quantity of pop-ups;red-the sites contain spyware,adware and viruses,the risk is maximum.The colours have the same symbolistics as the lights from the streets for the auto drivers.
In the free version of SiteAdvisor, users are steered away from the riskiest sites. A paid version of SiteAdvisor disables all interactions with dangerous sites.The tool is vailable to be donwloaded at www.mcafee.com.
Romania and Russia counter the most dangerous sites,sites that can contain adware,spyware and viruses. About 5.6 percent of sites in the Romania domain (.ro) are risky, as are 4.5 percent in Russia (.ru).But the .tk domains overbeats on risk everything.These domains of the tiny island of Tokelau are suspicious in proportion of 10.1%.
The least risky country domains are Finland (.fi, 0.10 percent), Norway (.no, 0.16 percent), Sweden (.se, 0.21 percent), Iceland (.is, 0.19 percent) and Ireland (.ie, 0.11 percent).
.gov was the only domain with no risky sites out of the 265 top-level domains tested.
The kinds of functionality offered by SiteAdvisor will eventually “be folded into a larger tool for the enterprise,” according to Natalie Lambert, an analyst with industry watcher Forrester Research.
She said that, while it might add some additional protection against phishing sites, SiteAdvisor as a standalone was intended primarily for consumers and wouldn’t be that useful for businesses.
Andrew Jaquith, an analyst with The Yankee Group, offered a different take. “The SiteAdvisor tool is extremely useful for employees to know what risk is involved in their Web surfing,” he said. He noted that employees have been known to go to sites on company time that are not business-related.
“I do find the study to be a bit of ‘fun facts’ to know,” he said. Since few people notice domains, he said it might have been better to have this kind of information broken down by type of site, such as entertainment, adult, games, or “get rich quick” sites.
Source:http://www.topix.net/tech/spyware
Verizon Service Combats Web Threats
Verizon Business is a company based in Basking Ridge, N.J.,and is a unit of Verizon Communications. The company launched its Managed Web Content Service yesterday, offering large businesses abilities.They offer a way to detect Web-based threats such as spyware and phishing before they affect computer networks. In addition, Verizon is offering to monitor Internet use by employees.
“We are bringing this to market to address the threats that businesses face,” said Cindy Bellefeuille, Verizon Business’ director of security product management, in an interview with eWEEK.
Companies can control employee Web surfing down to the most granular level, she said. For example, she explained, an enterprise can prevent workers from visiting sports sites during football season
The intent of users inadvertently threatening their networks with extracurricular Web surfing is nothing new. A research released by FaceTime Communications in January found 39 percent of users that believe they should be allowed to “install the applications they need on their work computers,” independent of IT oversight or policy, and 53 percent of users “tend to disregard” company policies that govern internet usage, specifically IM and peer-to-peer file sharing. The same study meanwhile found 80 percent of IT managers work at locations that experienced greynet have conducted related virtual attacks between August 2006 and January 2007.
“This really provides a tool for that area,” Bellefeuille said.
The new service includes an anti-virus service that scans Web traffic to identify known viruses and detect characteristics of potential threats. In addition, a spyware service denies access to Web sites that exhibit potential threats from spyware, malware and phishing.
The question that I argue here is, could it be possible that, in exchange of a better electronic security, this company ( and maybe others ) controled and spied a much part of one human life, that part which is geographically located to the working place?How would anyone of you feel if you were controled by your boss, in the name of good working security? I tell you, I would feel very bad, like a slave or robot, although this guardianship was invented from a positive so called social point o view. But there is a saying, that the road to hell is paved with good intentions, so people watch out of securing the security, it might be a spyware security, as I understood that security is against spyware, or was I wrong?
Source: http://www.topix.net/tech/spyware
