Must Have Security Solutions (for free)

I get this question a lot! preety much all the time! "I have a New PC What should do to keep it Secure" or "What should I do to keep my PC Secure" So Here are a some must have security solutions that don't have any performance drag and memory use even when all of them are running at the same time oh and did i mention they are all free. Remember Security for PC is to give you good computing experience, being paranoid and installing many security solutions just causes system drag doesn't help!

Avira Antivir
Top Rated AntiVirus, over 30 million users, Free for Personal Use.
http://www.free-av.com/

Threat Fire
Fills in the gap where conventional AntiVirus fails! Ideal protection against 0-day attacks
http://www.threatfire.com/

Windows Defender
Kool Antispyware from Microsoft Free (Preinstalled in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

SpyBot S&D Resident or WinPatrol (AntiSpyware)
Both do little or more the same thing has good features a must have!
http://www.safer-networking.org/en/index.html
http://www.winpatrol.com/

Sunbelt Personal Firewall (Previously known as Kerio Personal Firewall)
Just like Windows Firewall this too doesn't slow your connection or speed but gives more features and options.
http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Comodo Memory Firewall
Buffer Overflow Protection for all the programs running on your Memory.
http://www.memoryfirewall.comodo.com/

Sandboxie (Run in a Sandbox) or BufferZone Free Protection (Run in a  Virtualized Environment)
Run Isolated to System, Restrict Access to System Processes and Environment or Run in a virtual Environment good where Sandboxing fails if the application requires System Services or if you think the sandbox is slowing the operations.
http://www.sandboxie.com/
http://www.trustware.com/virtualization/free.html

Happy & Safe Computing..

Goolag Scanner Released!

Is this Good or Bad ??? much to debate and surprise, think this would be a good thing. Yep! good thing for everyone who own's a website that's pretty much everyone i know, lol.. "how can this be a good thing ?" use this tool to audit your websites and fix stuff before that information is used to bring the site down.

Released by CULT OF THE DEAD COW (cDc), one of the world's largest hacker group, Goolag Scanner is a web auditing tool. Goolag Scanner enables everyone to audit his or her own website via Google. The scanner technology is based on "Google hacking," a form of vulnerability research developed by Johnny I Hack Stuff. You will be surprised what all could be found about a website via google.

Google Hacking Database [ http://johnny.ihackstuff.com/ghdb.php ]

Goolag Scanner [ http://www.goolag.org/download.html ]

This database has long helped Admin's to better secure their websites. similar books from publishers resulted in best sellers, hoping this scanner would run on similar tracks helping even the end user with little knowledge to better manage their websites.

Review: First off an interesting installation voice supported, I scanned a few of  my Websites and found no problems, Yappy!! (All those installations and customizations and tweaks did help lol..) The scanner scans for over a 1400 issues including starting from vulnerabilities, installations to error message listings, be warned if you select to run all the tests at once the extensive use of google can result google detecting your activity as that of a bot, not much of a problem you just need to prove Google that you are not a bot enter a few letters from a pic to unblock and continue but at the end of all this you rest assured that your website is safe from almost 1400+ hacks methods and vulnerabilities. or you know what to fix atleast. funny i expected this tool to have an update feature still in beta may be in future versions.

Change DNS ? for a Safer, Faster Online Experience

OpenDNS is the world's largest, Free DNS service provider. Millions use it to handle their DNS and Web-content filtering needs. And how Complex is this ? its dead easy! just change your DNS and you are done. Yes its that easy. Configure it to your PC, Router or use it with your existing DNS Servers. It also keeps you safe from all those Phishing Sites too.. Using Phishtank (www.phishtank.com), a free online community where one can submit, verify, track and share phishing data, Want more, you can also filter out adult sites and proxies among more than 40 categories, and provide the precision to block individual domains (content filtering), And its faster than your ISP's DNS servers too.. Great for Schools, Organizations, etc., or for Personal use.. Check out there HUGE list of Subscribers and testimonials..

Faster! Safer! What are you waiting for ? (https://www.opendns.com/start)

  208.67.222.222
  208.67.220.220

New Theme (*Garland)

Love this new theme took me a lot of time to fix it, My New Theme Rocks!!!

Iconix eMail ID!

just came across this software found it to be interesting, wud put out my review soon until then chk it out its free no harm done in being more secure! sadly only supports IE & FF hoping Opera support soon.

ICONIX: Tired of trying to figure out which email messages might be phishing or fraudulent spam? Iconix eMail ID lets you see what's real before you even open the message. Iconix eMail ID works with your email program and double checks the source of a message to make sure it's not a spoof. It then uses a simple visual indicator in your inbox - a gold lock with a checkmark to show that a message is real. E-mail from over 300 major senders is currently identified--companies such as eBay, PayPal, Citibank, Amazon.com, Expedia, MySpace, and the New York Times represent the top online sites for retail, travel, auctions, banking, e-cards, news/entertainment, and dating. Version 3.15.16 added support for Mozilla Firefox and Internet Explorer 7.0 beta 2.

http://www.download.com/Iconix-eMail-ID/3000-2382_4-10554745.html

"Computers are incredibly fast, accurate and stupid; humans are incredibly slow, inaccurate and brilliant; together they are powerful beyond imagination." -- Albert Einstein

SQL Injection Scanner

Finally found a sql injection scanner that would help u secure ur sql better by listing out its vulnerabilities. you can download a free trail or request a free security audit. the service scans for SQL Injections, Cross Site Scripting and other Web Vulnerabilities [ SQL Injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor´s browser.] other vulnerabilities it scans for:

• CRLF injection attacks
• Code execution attacks
• Directory traversal attacks
• File inclusion attacks
• Authentication attacks
• & More…

Resources:

Read whitepapers & articles about Web application security

• SQL injection : SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.
• Cross site scripting : Cross Site Scripting (also known as XSS or CSS) generally occurs when a dynamic web page gathers malicious data from a user and displays the input on the page without it being properly validated.
• CRLF Injection : A CRLF Injection occurs when a hacker manages to inject CRLF Commands into the system.
• Directory traversal : Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
• Authentication hacking : Authentication hacking is a term used when the attacker breaks into the system by proving to the application that he is a known and valid user, the attacker gains access to whatever privileges the administrator assigned that user.
• Google hacking : Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines.

A Must Audit for all Web Apps!
www.acunetix.com/sql-injection/

Symantec confirms vulnerability in antivirus software

Symantec confirmed Friday afternoon a vulnerability in its Antivirus Corporate Edition software that had been discovered by security firm eEye. According to the company, a successful exploit of the flaw could "potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system."

At this time, Symantec has only issued IDS signatures that will be able to detect attempts to exploit the vulnerability. Network Security Appliance 7100 signatures (SU 46), Gateway Security 3.0 signatures (SU 19) and Client Security 2.0 and 3.0 signatures (SU 22) have been made available via the software's live update feature.

The company recommends that customers adjust their software policies as long as the flaw is exposed to a potential exploit. Specifically, the firm said that companies should restrict access to administration or management systems to privileged users only, keep all operating systems and applications updated with the latest vendor patches and "run both firewall and antivirus applications, at a minimum to provide multiple points of detection and protection to both inbound and outbound threats."

Symantec also said that users should "be cautious visiting unknown or untrusted websites or following unknown URL links" and should not "open attachments or executables from unknown sources."

Symantec Anti Virus Software Flawed !!!

A flaw has been detected in Symantec's leading anti-virus software AGAIN!, by researchers from eEye Digital Security.

The anti-virus software, Symantec 10.x, which protects some of the world's largest corporations and US government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files, or implant malicious programs.

Symantec is investigating the issue, but could not immediately confirm the vulnerability. However, if confirmed, the threat to computer users would be severe because the security software is widely used, and because no action is required on the part of victims to bring on the attack.

Symantec says it has these anti-virus products installed on more than 200 million computers. Meanwhile, a spokesman for the company said that it is examining the reported flaw, but described the flaw as so new that the company does not have any details on the same.

Researchers at eEye Digital Security have said that the vulnerability is capable of being exploited by remote hackers to take complete control of the target machine, "without any user action". eEye Digital has published a note about the discovery on its Web site, but has pledged not to reveal details until after Symantec repairs the flaw, as this would help hackers attack Internet users. eEye Digital has posted a brief advisory to raise alarm about the bug, which can allow execution of malicious code with system-level access. The flaw carries a "high risk" rating because of its potential for serious damage.

Meanwhile, the flaw happens to come at a very awkward time for Symantec. John Thompson, chief executive, Symantec just recently campaigned to convince consumers to trust Symantec and not Microsoft for protecting their personal information, he he he lol…