COMPUT3R, M0B!L3 H4CKIN 71P5 & 7R1CK5

A reader asks: My antivirus software says it has "real time" protection. Since it's always monitoring for virus activity, do I ever need to run a full virus scan on my whole system?

Well, the quick answer is yes. You still need to run a full virus scan about once a week.

Now, I'll give you the long answer with full explanations!

Most antivirus software provides two different functions. One of them is real time virus protection. That type of protection means the system listens for virus type activity at all times. If it detects something, it will identify the issue and remove the virus.

The second type of protection is the full system scan. Those types of scans will actually inspect every file on your system for an infection. If it finds an infected file, it will handle the virus appropriately.

Many people think that since the system has real time protection, there's no need for the full system scan. Since the system will detect virus activity, there's no point in scanning every file, right? Wrong!

Real time virus checking and full scanning work very differently and use different types of virus definitions. The real time scanner will find many types of attacks happening at the time, but they will not find everything. Real time protection looks for certain actions. If the action is not defined by the real time scanner, the antivirus software will not find the attack.

On the other hand, the real time virus scanner does not look for actions. It scans the files looking for certain codes that identify infected files. Many times, running the full system scan will detect viruses that have not triggered the real time scanning. That's why it's important to run a full system scan quite often.

For all of the computers here in the WorldStart office, we run a full system scan once a week. That ensures that any threats will be found within a reasonable amount of time.

On top of that, there are some antivirus programs that do full system scans whenever the system is not in use. That type of scanning is by far the best. What that means is, the antivirus software does the real time scanning and it also checks files for viruses when the system is idle. When you start using your computer, the full scan stops and it then continues when you're done. That type of scanning ensures that a full system scan is being done constantly and on a regular basis. Until next time, stay safe out there, my friends!

I have written several different articles about securing your wireless connections. Having an insecure wireless network is like getting a megaphone and announcing your social security number to your whole neighborhood. When your wireless network is not encrypted, anyone within range can gain access to your data fairly easily.

A few days ago, some bad news came through the line. It seems like one method of wireless encryption has been broken. A hacker has been able to break the encryption and gain access to data, even when the security is turned on. The encryption type that has been broken is called WPA-TKIP. It's one of the most common types of wireless network encryption, which means many wireless networks could be at risk.

Luckily, I'm sharing this information with you well before anyone can get to your data. It seems as if the hacker who has broken the wireless security is the only one so far. In a week or so, he will tell the rest of the world how he did it. After that, others will be able to use his technique and hack wireless connections around the world.

So, how can you protect yourself? Allow me to explain!

Many wireless routers come with different types of security. The three main types are called WEP, WPA and WPA2. WEP and WPA are now vulnerable to attack. WEP has been known as a weak system for some time and WPA was just hacked a few days ago. On the other hand, WPA2 has not been affected. That means if you change your wireless security to WPA2, you'll be safe.

If you want to check and see what security you have on your wireless connection, you'll need the manual for your wireless router. Look in the manual for directions on how to set up the wireless security. Once you find that information, look to see which method you're currently using. If you're using WEP or WPA, you should change to WPA2. If you're not using any at all, please activate WPA2!

While most routers support WPA2, some do not. If your router doesn't support WPA2, you should continue to use WPA. Yes, it has been hacked, but it's far better than using nothing at all. Until next time, stay safe out there, my friends!

Please listen up! You don't want to miss this important announcement!

Last Thursday (October 23, 2008), Microsoft released a critical Windows security patch, which is something they haven’t done since April 2007. And of course, it quickly started raising eyebrows in the technology community. The security patch fixes a vulnerability that allows a remote program to be run in Windows without any authentication. A worm that uses the hole in the Windows security to take over a computer has already been released on the Internet.

According to security experts, the worm, named “Gimmiv,” locates the security hole on a computer and executes a program that steals passwords. The code for the worm was released on a popular hacking Web site, which leads many to believe that the exploit will be modified and different versions of Gimmiv will be released on the Web.

On Friday (October 24, 2008), Symantec and McAfee, Inc. stated that they had only seen a small amount of attacks based on the exploit. However, Symantec said they discovered a 25 percent increase in network scans for computers that contain the vulnerability, which suggests the amount of attacks on this security hole may increase.

Windows 2000, XP, Vista and Server 2003 are all affected by this new vulnerability and it's recommended that users of those operating systems turn on their Automatic Updates so that they can receive the security patch. (To do that, go to Start, Control Panel, Security Center, Automatic Updates). Stay safe out there!

Did you know that when you send an e-mail, it's not secure? I'm sure you've heard people say you should never send personal information, such as credit card numbers, social security numbers and sensitive files through e-mail, but do you know why? Well, today, I'm going to explain all of that and give you options for sending e-mails that are safe for sensitive data. Here we go!

Let's first talk about why it's not safe to send a regular e-mail with sensitive data. When you send an e-mail, the information inside is sent just as you see it. The actual text you type is sent across the Internet. When something goes across the Internet, it doesn't just go from point A to point B. It actually goes through an average of six to 10 computers before it reaches its destination. Most of the time, the e-mail will be delivered without anyone seeing it, but there's always the chance a bad person could intercept the e-mail and read the contents. Since the e-mail isn't scrambled or encrypted, it's very easy to read and your information could be stolen.

Now that you understand the troubles of unencrypted e-mails, let's discuss e-mail encryption. When an e-mail is encrypted, it's scrambled using a special "secret key." The key can be used to descramble the e-mail and it's only known by the computer receiving the message. E-mail encryption is great! It secures e-mail so that no one can read it. It's nearly impossible to steal and it makes it so that very sensitive data can be sent in an e-mail with no worries. There is one problem though: if encrypting e-mail was simple, everyone would be doing it. Unfortunately, there are a couple requirements when it comes to e-mail encryption.

1.) You must be using an e-mail client, such as Outlook Express, MS Outlook, Thunderbird, etc. No Web based e-mail programs support e-mail encryption.

2.) In order to send an encrypted e-mail to someone, the person you're sending it to needs to have already shared their key with you. (Don't worry, I'll explain that more if you keep reading!)

Now, I understand that number 2 may have thrown you off a bit, so here's how it works. Like I said earlier, e-mail is encrypted with a special key that only the recipient can unscramble. That means, in order to send an encrypted e-mail, the person you're sending the e-mail to needs to have an encryption key installed. That's why hardly anyone encrypts their e-mail. To have truly safe e-mail communication, both people sending and receiving the e-mail need to have an encryption key.

So, how can you get a key and how do you use it?

Well, here's the good news: getting an e-mail encryption key is free and easy! If you get a key, people can then send you encrypted e-mails if they're sending the e-mail using Outlook Express, Outlook or Thunderbird. Here's how to do it:

1.) First, head on over to this Web site.

2.) Once you're there, choose the option to get your free certificate.

3.) Fill out the form to get your certificate. Also, make sure you use the correct e-mail address and choose the high-grade size.

4.) An e-mail will then be sent to you. That e-mail will have directions on how to use the certificate. Click on the button to install the certificate.

5.) After the certificate is installed, you'll have the ability to digitally sign e-mails. That means you can send e-mails to people and they'll know for sure it's coming from you. After you send someone a signed e-mail, they can then send encrypted e-mails to you as well.

Okay, I'm almost done! The last part of this is how to actually sign and encrypt the e-mail. In Outlook Express, when you write a new e-mail, you should see a button that says Sign. Just click on that button and then send your e-mail like normal. If you have a signature from the person you're sending to, just press Encrypt and the e-mail will be protected.

Now, I know some of you are saying, "What do I do? I want to encrypt an e-mail to someone who doesn't have a certificate." Well, there's a way to do that too, but you'll have to wait until tomorrow. In tomorrow's newsletter, I'll show you a free download to use with Outlook Express or Outlook that will allow you to send encrypted e-mails to anyone. So, until tomorrow, stay safe out there, my friends!

I often find myself saying, "Please keep your computer up to date!" Well, today is another one of those days, but it may be too late for some of you.

As you may or may not recall, back in October 2008, Microsoft released an emergency security patch to protect computers from a worm that could exploit the Windows Server service. That service, while it sounds like it would only be on servers, actually runs on every computer that has Windows 2000, XP, Vista, 2003 Server and 2008 Server.

At the time, many newspapers made a big deal out of the patch, because it was released at a time when Microsoft doesn't usually release patches. Those "out of cycle" updates are generally more important, because Microsoft feels the need to release them immediately, instead of at the beginning of the month.

Well, even though the patch was released to fix a major issue with Windows, many people did not install it. Now, the worm, called "Downadup," has infected over 2.5 million computers worldwide. The worm works by infecting Web sites, making them hosts for the virus. After a Web site is infected, the site can give the worm to any computer that visits.

At this time, the worm continues to spread, so please, please, please update your computer! There are several ways to make sure your computer is up to date. The best way is to open Internet Explorer (not Firefox) and go to http://windowsupdate.microsoft.com. That Web site will scan your system and tell you which updates you need. You should install all of the critical updates.

After you've done your updates, you should also download the Malicious Software Removal Tool. That's a quick tool Microsoft releases monthly to remove known viruses, worms and spyware from Windows computers. To get this month's version of the Malicious Software Removal Tool, go here. Until next time, stay safe out there, my friends!

Do you share a computer with other users and want some extra security on your folders? There are two ways to password protect a folder built into Windows XP (for other Windows flavors, there are some freeware/shareware programs out there).

#1: If you have a log in password for your account, this can be used to protect folders from other users. Your hard drive must be formatted using NTFS (which it probably is unless you're dual booting with another operating system). Here's what to do...

Right-click the folder that you want to make private and choose "Properties" (or Alt+Double-click). Go to the "Sharing" tab and check the "Make this folder private" box.

Click Apply . If you do not have a password on your account, a box will pop up asking if you want to assign a password. This must be done if you want to make the folder private, so click Yes . You will need to use your password to log on to your computer from then on.

Type in a password then confirm it. Click the "Create Password" button then close the Password window.

Click OK in the Properties dialog box.

Now anyone else logged on to your computer can't access that file without knowing your password.

#2: If the Folder is Zipped you can give it a unique password.

Just double-click the zipped folder. In the top menu select File then click "Add a Password".

Type a password into the Password box. Then again in the "Confirm Password" box.

Now, you are the only person who can access files in this folder. The folder can be opened allowing the files to be seen, but you are the only one who can access them.

Don't you feel more secure now?