web analytics

Bill Bennett


Tag: security

PC Health Check 2.0: not as useful as it looks

While F-Secure’s Health Check 2.0 looks useful, it is nothing to get excited about.

Health Check is a Java program. It works with a browser to check a computer’s security then reports on risks.

On the plus side Health Check is free, quick and simple to use. The code loads directly from F-Secure’s Health Check web page and after the fuss of accepting terms and conditions it downloads in seconds.

Basic PC health check

Once leaded the software steps through four wizard stages. The first is automatic. It checks you have up-to-date anti-virus, anti-spyware and a firewall.

The ‘next’ button moves things to stage two which investigates back-up. Stage three checks key programs are up-to-date. The last stage is a summary screen linking to solutions to problems.

Even if everything is perfect, which it isn’t, PC Health Check 2.0 is of limited use.

Alternatives do the same job either as well or better. Secunia offers a free Online Software Inspector and the more complete downloadable Secunia Personal Software Inspector.

Sadly Health Check 2.0 is mainly a crude promotional device for F-Secure’s paid products.

Failed to find back-up

My computer failed the second stage back-up test. Health Check told me it didn’t find a back-up. This is wrong. There are three back-up applications on my computer. I back up regularly to an external disk and to a server.

When I clicked on the Health Check 2.0 ‘solve’ button to troubleshoot the ‘problem’ found by the software it told me I could protect my “valuable content” with F-Secure Online Backup. And gave a link to the F-Secure store.

I live in New Zealand. My computer has almost a terabyte of data. I’m theoretically on an unlimited broadband plan, but with shaped bandwidth for almost the entire working day. In other words, online back-up isn’t realistic. And yet PC Health Check tells me it is.

If the application gets this advice wrong – what use is the rest of its information?

When the program finishes, there’s the opportunity to register an email address with F-Secure. Now why would I want to do that?

For an alternative view see F-Secure refreshes online PC Health Check by Stephen Withers at iTWire. His found other shortcomings, but reached a similar conclusion.

Panda Cloud Antivirus is a hidden gem

Panda Cloud Antivirus is hard to beat for free PC security.

Unlike other security tools, Panda does its work in the cloud – it is software-as-a-service. Panda sends data about dangerous looking files to its servers for closer inspection.

Because your computer doesn’t do the hard work, Panda imposes almost no overhead.

When I benchmarked my PC there was no performance difference between the system running the software and having the software switched off. If there’s a network overhead, I couldn’t measure it.

Panda’s other big advantage is the malware checking database is always up-to-date. There are no signature files to download.

One issue I have with Panda is the program is so trouble-free, it is easy to forget. You barely notice it. I previously described Microsoft’s Security Essentials as “barely there” – Panda Cloud is even less noticeable.

Panda is better than other free anti-virus products at trapping malware. I previously ran it for a month without any issues and have run it for the past three or four days with no ill effects.

I’d say it is the most promising free anti-virus application on offer. At some point the developers will need to make some money. I’ll be interesting to see how. For now, this is possibly the best free choice.

Of course, you may prefer not to leave your computer’s protection in the hands of free software makers.

Bank robbers now online

Willie Sutton understood.

When asked why he robbed banks, Sutton said it is because “that’s where the money is”.

If Sutton were alive today, he’d be online. That’s where you’ll find today’s bank robbers.

Sutton’s heirs reached the same conclusion. Criminals cottoned-on to online early in the piece. They’ve been active almost as long as computers have used telephone lines to swap data.

The early computing underground grew out of phone phreaking – a murky, highly technical game where the aim was to use the world’s telephone lines without paying tolls.

Computer crime started in the 1960s

The first widely reported cases of computer crime Came in the 1960s. During the early days, electronic misdemeanours were usually inside jobs.

An explosion in online communications over the past 15 to 20 years has seen the problem grow in size and scale. Insiders remain a large part of computer crime, but these days the emphasis is more on external activity.

United States Department of Justice statistics show that reported online crime cases increased 43 percent between 1977 and 1999. The statistics also note that online crime is notoriously under reported. This means nobody knows for certain, but anecdotal evidence says that many companies are paying blackmailers and sweeping theft under the carpet in the hope that other online criminals don’t notice their vulnerabilities.

Some hope.

Online crime is everywhere

The tentacles of online crime reach everywhere. A 1998 report by Pricewaterhousecoopers (pwc) found 73 percent of US companies experienced a security breach in the previous year. Incidentally, matching this figure against reported online crime confirms companies only report a fraction of incidents.

The numbers have stayed at roughly the same level for the past decade. A survey conducted earlier this year Forrester Consulting on behalf of Veracode found two-thirds of UK companies reported a security breach in the past year. More recently Beverly Head at iTWire in Australia reported; “Small and medium Australian enterprises are particularly vulnerable to computer security breaches, with the average SME breach costing $37,661”.

Insiders give way to outsiders

The ten-year old pwc report found that authorized employees were responsible for 58 percent of the reported breaches in 1998.

In a later report by the same company, pwc technology risk specialist Mark Lobel noted in 1999 hackers accounted for only 14 percent of reported security breaches. By early 2000 hackers accounted for 50 percent of all online break-ins.

There’s a clear shift away from online crimes committed by disgruntled employees – other surveys have found a correlation between corporate restructuring and internal compromises of computer security – to crimes committed by outsiders.

In part this move away from insider jobs reflects better security rules, tighter control and more all round professionalism on the part of corporate IT departments. Like any effective local policing operation, the main upshot is that the criminals have moved elsewhere.

Yet companies are still in denial about the external threat. Last month SC Magazine reported Businesses skeptical about external hacking. Iain Thomson writes:

A global survey of IT managers from IDC and sponsored by Dimension Data has shown that the majority think that having the company hacked from the outside is highly unlikely.

Changing nature of bank robbers

The nature of internal security breaches is also changing. In the past employees would either vandalise their employer’s systems as an act of revenge or use them to steal money.

For example, in May 2000 network administrator Tim Lloyd was found guilty of sabotaging the company network he spent years of his life building. The cost to his employer, Omega Engineering, was more than US$12 million. Lloyd plotted the destruction as his standing in the company diminished. Then, three weeks after his sacking, the system ground to a halt after a software time bomb deleted almost all the company’s programs and data.

These days, external problems are more likely and are criminal money-raising exercises, not retribution.

Called to the dark side

There’s another force coming into play. The kids who were hackers back in the glory days of 1980s were mainly idealistic. They hacked for fun, the approval of their peers or just to show off their skills. Today these people are middle-aged They have mortgages, schools fees and other bills to pay. Many are successful. A minority are not. The temptation to go over to the dark side is strong.

In February 2000, Mark Rasch of Global Integrity Corporation appeared before an US senate appropriations subcommittee and told politicians that today’s employees are more likely to steal sensitive customer or market information before they head off and form and float their own dot.com company.

Underlining his point, Rasch said that theft of proprietary information and intellectual property increased by 15 percent since 1998. He also testified that unauthorized access by insiders has increased 28 percent and system penetration by external parties increased 32 percent from 1998. Both statistics support other data showing the threat is moving outside of companies.

ERP is risky

In his report for pwc, Lobel writes that trade-secret theft and information loss is three times higher in businesses employing electronic supply chains, ERP or e-commerce and that revenue loss is seven times more likely to hit e-commerce sites than non-e-commerce sites.

He writes;

About 60% of those who sell products or services on the Web report at least one or more security breaches a year, 22% experience information loss and 12% suffer data and trade-secret theft. More than half of those with non-transaction sites report one or more incidents. And the number of hits from outsiders is on the rise.

Reports from organizations as diverse as the Australian Federal Police, the Computer Security Institute, the FBI and the United Nations all confirm the rising menace of cyber crime. At the same time as online crime increases in value and number of attacks, it is also increasing in its scope.

Today the range of activities is wider and wilder than ever. For example the early part of the decade saw the rise of denial of service (DOS) attacks. These are events where e-commerce sites are effectively rendered unable to do transactions because a large amount of dummy traffic jams incoming data lines. A spate of DOS attacks in late 1999 and early 2000 took high-profile sites like Yahoo!, eBay and Amazon.com offline.

International crime

Another disturbing trend is the cross border nature of computer attacks. Five years ago almost all computer crime was local – that is criminals and their victims were in the same country. Today crimes are remote. The most visible hot spots are Eastern Europe and the ex-Soviet Union.

And then there’s China. Some experts suspect, with some justification the country’s government is either sponsoring or turning a blind eye to organised computer crime. And China isn’t the only suspect.

Authorities everywhere have finally caught up with the technology. They now recognise the potential to commit crimes using computers and other information technology tools is one of the greatest law enforcement problems of our times.

They could have reached that conclusion quicker if they remembered Willie Sutton – because online is where today’s money is found. And it’s where you find bank robbers.

AVG Anti-Virus Free 9.0: far too much trouble

It’s hard to tell if AVG Anti-VIrus Free 9.0 offers decent PC security. That’s because the application is so annoying, it imposes such an overhead that it had to be deleted before testing finished.

At times free is too high a price.

AVG Anti-Virus Free 9.0 is still only two weeks old. It arrived about the same time as Windows 7 and is compatible with Microsoft’s new operation system.

The program is available at AVG’s free web site – but I don’t recommend it.

It is only a small download at 869Kb. It takes seconds with broadband. The first file is a downloader which fetches and installs the rest of the software.

The process is easy enough. Yet the second screen you see is only the start of what becomes an annoying and shrill sales pitch designed to control your choices and trick you in to paying money. It appears AVG has learnt from the scam artists the software promises to protect you from.

Flakiness abounds

Your first choice is to select either free basic protection or a 30-day trial of the company’s comprehensive protection.

The implication is responsible people will choose the second option. Which means in 30 days AVG will ask you for money. Don’t worry – you’ll get plenty more opportunities to pay AVG if you choose not to do so at this point.

I thought I was downloading the free software – that’s what I clicked on at the AVG web site – so that’s what I proceeded with.

During the download AVG asks you to remove existing anti-virus software. This makes sense, anti-virus applications can conflict with each other and anyway, as each program imposes an overhead, the performance drop can multiply.

Annoyingly AVG doesn’t remove the other software. It halts and opens the Windows uninstaller so you can manually remove it. Even more annoyingly, the AVG installer closes itself at this point. You need to hunt around in your download folder to find it and start all over again – by now many megabytes have been wiped off your download cap.

Click, click, bloody click

There’s a lot of clicking throughout this process – some of it unnecessary. Then it asks if you wish to install the AVG Security Toolbar.

The software has also helpfully pre-selected the option to change your default search engine to Yahoo. This is spam – of a sort. In both cases I choose No.

It is tricky – if you click off the first box, the Yahoo box stays ticked but grayed out. This can only be designed to trick you into selecting the search engine choice.

At this point the installer had to close Firefox. Not wanting to be sent all the way back to the start like that horrible long snake at the end of a game of Snakes and Ladders, I clicked to close Firefox held my breath. Phew. The install resumes.

We are now 40 minutes into the process. Even at minimum wage rate this free anti-virus program has cost me the price of lunch and a clutch of grey hairs.


Suddenly the process is over. A box appears telling me the install has finished. But wait, what is this?

More stuff to click.

Do I agree to give anonymous information? Oh alright then. And now would I like to receive spam? (Sorry news and alerts). Please enter your email address. Are you kidding? No.

While AVG starts its first scan. I reload Firefox. In the meantime I notice the program has installed an icon on my Windows desktop. Did I ask for this? No I damn well did not. AVG asks tons of questions during the install – but doesn’t allow me to choose whether the icon despoils my desktop. At this point I’m starting to get angry.

Not responding

Meanwhile Firefox is failing to load. What’s going on here? There was a string of open tabs – none of them are visible. Windows tells me Firefox is “not responding”.

Eventually – more than an hour after the first download, Firefox opens. And what’s this? AVG has installed AVG Safe Search. Is this the toolbar I choose not to install? The name is different, so let’s assume it isn’t the same thing. I wasn’t warned or asked about it, but hey, let’s go with the flow for a moment.  So, Firefox opens at the home page – my tags are all lost.

AVG is now scanning my computer looking for viruses. I open up the scanner’s display and see what looks like a banner ad for the paid for software at the bottom of the screen.  Fair enough, the software was free and these people have to eat. I can accept advertising as the price to pay for free anti-virus.

It has to go

Before long my computer started crashing, randomly. And things went s l o w   l i ke  w a d i n g t h r o u g h m o l a s s e s. There could be only one explanation for this. I removed AVG, reinstalled Microsoft Security Essentials and performance returned to normal.

Of course, you mileage may vary. AVG Anti-Virus may rock your boat. But for me it has proved so disastrous I couldn’t even test its efficiency as an anti-virus tool. I give it zero stars out of five.