Malware, hackers, spam, identity thieves and more – which antivirus package should you invest in to prevent them playing havoc with your life? We test 10 of the best antivirus apps available

Antivirus isn’t something you can get away without any more, and if you think you can’t be infected, chances are there’s a virus writer somewhere ready and willing to prove you wrong. You probably won’t even know about it when it happens.

In the old days, malware tended to make a big song and dance about its presence, but the rules have changed. Now written with an eye towards online crime and cold hard cash, the average virus has learned to stay low and spread via almost any vector. The wrong website. A lost USB stick. A Facebook message.

You never know where they could strike, and even if you’re up to speed on what they’re doing now, sooner or later they’ll find a new trick.

For these antivirus reviews, we’ve taken 10 of the best programs around and put them through their paces, not just to see how good they are at stomping viruses, but how much of your valuable resources they soak up.

We’ve all banished an antivirus tool for slowing things down or getting too obnoxious at some point – a modern tool should be expected to keep quiet until it has something important to say, and definitely not get in the way of the applications you’re using or the games you want to play.

Finally, while most of these versions are available as suites, it’s primarily their antivirus capabilities that we’re looking at here. Each offers multiple versions at different price points, typically a pure antivirus tool and an Internet Security Suite edition that bolts on a firewall and often parental controls.

There’s frequently a third edition too, focusing on features like backup and data security. The core engines are always the same, however, so don’t feel you’re missing out on anything if you don’t need them.

Microsoft Security Essentials
Price: Free (Unlimited PCs)
Info: www.microsoft.com

You need antivirus, but do you need to pay for antivirus? There are plenty of free tools out there to choose from, including variants of many packages reviewed here (although we’re looking at the commercial editions in the interests of fairness, the actual scanning engines are usually similar, if not identical), but Microsoft’s is one of the few that’s entirely free.

There are no upgrades on offer, no souped-up edition to try and upsell you to, and no irritating pop-ups to remind you that it’s there. This makes it something of a stripped-down package – there’s no firewall, not many options, no web filtering and no gaming mode.

It has all the basics though, including scheduled scans and real-time threat detection, the ability to mark certain files as safe and automatic scanning of all files you download from the internet.

On our test PC, it was by far the slowest antivirus package, taking 25 minutes for its first scan and 12 on a subsequent run, but clawed some time back when it came to reboots, barely affecting how long it took Windows to start up in the morning. It also had one of the lowest CPU utilisation scores on test, making it a good one to have running in the background.

As far as actual scanning goes, we had no complaints. Like most of the tools on test, it was a clean sweep, picking up all the malware on the PC and not falling for any of the false positives. It may be a free tool, but Microsoft has a vested interest in keeping Windows virus-free.

If all you want is a scanner and not any fancy features, it’s more than up to the job of sitting in the background and protecting your PC, out of sight and out of mind.

Rating: 4/5

Webroot Internet Security Complete
Price: £50 (three PCs)
Info: www.webroot.com

Webroot performed reasonably well across the board. It missed one virus from our loadout, but that’s only noticeable because the majority caught them all. Every package will have its blind spots – viruses that it didn’t quite update in time to catch and the one that gets away – so a single miss is nothing to be ashamed of.

It earned a perfect score on false positives however, and proved one of the least system-intensive programs of the lot – it adds barely 20 seconds extra on bootup, has a tiny average memory footprint, and a very respectable scan time and average CPU load.

It was one of the slower programs in the test during the initial scan, but the time drops considerably on subsequent checks. There’s a dedicated gaming mode, with the handy option to choose how long it stays on. Beyond that, there aren’t many options to play with, and not much stood out.

The Internet Security Complete Pack takes the standard set of antivirus and firewall features and bolts on some handy extras, including protecting your passwords, providing secure form-filling and hanging onto your credit card details.

You also get some free web space, the amount depending on the version – 10GB in the Complete Edition, 2GB in Security Essentials – for file-sharing and backup, which is a handy throw-in, especially because it allows for automatic syncing. Put any files you need to keep into a special Magic Briefcase folder, and they’ll be accessible on any PC that has Internet Security Complete on it.

This should really be a free downloadable app though to beat DropBox and friends.

Rating: 3/5

McAfee Internet Security 2011
Price: £40 (one PC)
Info: www.mcafee.com

The antivirus world’s other heavy hitter doesn’t put in quite as good a performance as this year’s Norton, but still serves up a very respectable performance across the board.

It suffered from the one of the longest boot-up times and the absolute highest CPU load during scans, but compensated by being by far the least memory-hungry program on test. You might not want to play games while it’s running – and there’s no gaming mode provided – but for most apps it’ll be just fine.

In other areas, Internet Security proved a mid-level package. Its initial scan took a lengthy 17 minutes, which dropped down to just four minutes on a subsequent runthrough – roughly the same as Norton.

It caught 100 per cent of the malware on our test system without falling prey to any false positives, and on a purely aesthetic level, it features a much better interface that makes it easy to access exactly the features you want.

As with all major internet security suites, a capable software firewall is built in, and can be activated and then generally ignored until it spots something you should know about.

Bonus features on offer here include parental controls, file shredding, antispam and a gigabyte of free space (the Norton equivalent is only available in the 360 edition).

The upgraded version, Total Protection, offers all these features, plus an encrypted vault to store files, home network defense and a more advanced version of McAfee’s SiteAdvisor for spotting bad links. For most however, Internet Security will be all you need, and while it may not have come out the winner this year, it remains a strong performer.

AVG Internet Security 2011
Price: £38 (one PC)
Info: www.avg.com

AVG is best known for its free antivirus, but this commercial version offers more than a few reasons to upgrade, including identity protection and a built-in firewall.

Still, install it and you could be forgiven for thinking it’s still trying to upsell you on a later version, because it’s more than a little eager to make sure you know everything it’s doing. It adds a Gadget to the Windows Sidebar, its firewall is very noticeable, and it can feel like the smart kid at the front of the class going “Sir! Sir! I know, sir!”

Still, it performs well enough for a pat on the head. In tests, it was easily the fastest of the tools here on first scan, and an excellent performer on subsequent scans. It demands fairly high CPU usage, but barely affected rebooting times at all.

On the all-important virus test, it was a clean sweep for both actual malware and false-positives. The only real weaknesses are the Link Scanner, which protects you from malicious sites and sending out dodgy links via Facebook, but only in internet Explorer and Firefox, and it’s not always clear exactly what its options will do for you – the Identity Protection component being particularly vague.

AVG is a strong contender, although for personal use, it must be noted that if it’s only the antivirus side of the package that you’re interested in, you can still download it for free. (For professional/corporate use, you need to pay up for the full package.)

The main things you miss out on if you opt for the free version are the firewall, anti-spam (which you probably won’t use since it’s clientside only), IM conversation scanning, and the Identity Protection component.

Rating: 4/5

Norton Internet Security 2011
Price: £50 (three PCs)
Info: www.symantec.com

Like McAfee, Norton is one of the kings of the antivirus world and this latest version of its Internet Security suite doesn’t let the side down at all.

Where previous versions could be annoyingly ‘in your face’, the 2011 suite feels more quietly confident, from its new interface showing current trouble hotspots around the world to the easy-to-use tools it provides for scanning and cleaning.

In tests, Norton’s antivirus put on one of the best performances. It had no difficulty with the viruses we sent it to find and didn’t fall for any of the false positives we set up for it. Norton has long had a reputation for being a heavy package, but this time out, it’s a good lodger.

A very long initial scan soon gave way to one of the fastest second scans, with a solid CPU and memory footprint.

Bonus features on top of the core antivirus scanning in the Internet Security 2011 edition include parental controls, firewalling and tools for identity theft protection. The next level up, Norton 360, adds online backup/PC tuning, although nothing extra that you really need for online security.

One complaint we do have, however, is that while Symantec offers a 30-day trial of Norton products, there’s a bit of a catch – they’re what the company calls ‘opt-out demos’. In short, you have to give it your credit card number and if you don’t actively cancel before the end of your trial period, you’ll automatically be billed for a whole year’s worth of protection.

Hopefully this doesn’t catch on with other companies, because it’s not the friendliest way of road-testing alternative suites.

Rating: 4/5

VIPRE Antivirus Premium
Price: £50 (unlimited PCs)
Info: www.vipre.com

VIPRE offers a few interesting features, one of which is its ‘lifetime’ subscription option. Unfortunately this costs £60, and isn’t a great deal considering the all-home licence you get in the regular edition. Also, the ‘lifetime’ is that of your PC, not yourself.

Since you’re going to upgrade and almost certainly have more than one machine around, in most cases you’re going to be better off with the regular yearly subscription, spread out between your computers.

In tests, it proved to be a mid-range performer. It was one of the worst tools for slowing down boot-times, although not quite the slowest, and one of the slowest at actually scanning the drive after its first look around. Its CPU utilisation is reasonable though, and while there’s no dedicated gaming mode, it never got in the way of actually playing games.

It may take time to do its job, but you probably won’t be inconvenienced while it does it in the background. Its performance against our test system was a clean sweep, catching all of the viruses put in front of it, and not falling for any of the false positives hiding among them.

In testing, no major problems reared their heads at all, save that it can be very chatty – always keeping you in the loop, whether you have a reason to care or not.

VIPRE Antivirus is available in two versions – Premium and regular. The main differences are that only the Premium edition features a firewall and intrusion prevention, with a few other features thrown in – notably ad blocking, web filtering. The antivirus component itself appear to be the same decent performer.

Rating: 3/5

PC Tools Internet Security 2011
Price: £50 (three PCs)
Info: www.pctools.com

The first thing that stood out about PC Tools was that it had by far the biggest effect on our test machine’s boot times, increasing them by a good half a minute. In three different tests, it spiked a 38-second boot time to a whopping 2:10, 1:49 and 1:40 – quite a difference.

Luckily, that was the only major negative we encountered while using it. Its memory usage and CPU load were average, and its actual scanning was surprisingly fast. The first long initial scan took around half an hour, but dropped down to a mere 46 seconds for its follow-up run.

As with most tools here, it caught everything that was waiting for it on the drive, and didn’t clock up any false positives against its record while doing so.

Its feature set is a strong one, with one of the more reactive firewalls we saw in these products immediately kicking in. Unlike many, there are a few handy shortcuts you can use, including telling it what kind of network you’re on, and having the firewall settings auto-configured to match – very handy if you just want to get started.

In a similar vein, a gaming mode is both present and automated, kicking in whenever you go into full-screen mode. Additional web security filters include spam filtering for Outlook and Thunderbird via toolbars, and plenty of online protection tools to watch out for any potentially dodgy websites and dangerous downloads.

It’s one of the cheaper antivirus solutions out there as well, at only £40 for a three-user license per year. It’s a pity about that initial sloth, but there’s little to complain about elsewhere in this strong internet security suite.

Rating: 3/5

Kaspersky Pure
Price: £50 (one PC)
Info: www.kaspersky.com

Kaspersky currently offers three different security products, in escalating level of price: regular Kaspersky Antivirus, Kaspersky Internet Security and this one, Kaspersky Pure. Both Antivirus and Pure are excellent performers, and caught all the malware in our test sweep without falling prey to any traps.

The regular Antivirus proved marginally faster, while soaking up equally marginal extra system resources, and is a little cheaper, but Pure offers a few extra toys to play with. Whichever version you look at, it’s going to be an excellent product.

Internet Security bolts on extra parental controls and tune-up utilities. Pure adds backup to the mix and beefs up the firewall component, with more emphasis on the security of your home network. The most interesting feature Kaspersky Internet Security/ Pure includes is the ability to run applications in a sandbox, without you having to go to the trouble of setting up dedicated virtual machines.

Any app you have installed can be locked away in one, identified by a radioactive green glow around its window. A shared folder handles any data-swapping. You still shouldn’t use this to test programs you know are dodgy – or run them at all – but it’s a good extra to have when browsing the web or trying out new applications.

Kaspersky’s protection is a strong offering across the board, with a more informative control panel than most, but one that provides easy configuration options. It’s a little more power for only small amount extra, but you won’t be disappointed with the other editions if you don’t need the extras.

Rating: 4/5

BitDefender Total Security 2011
Price: £50 (one PC)
Info: www.bitdefender.com

BitDefender Total Security is another very solid product, with no particular specialities that push it above the herd, but no major weaknesses either. It caught all the malware, it didn’t fall for any traps, and it did it very effectively indeed, with quick scans and reasonable CPU and memory loads.

It has a dedicated gaming mode for keeping resources under control, and is one of the few products that does a proper scan of your PC before even installing, just to make sure it’s safe.

The interface is somewhat unusual, initially looking like there aren’t many features, before revealing that they’re tucked away to help prioritise the ones that you actually use. Don’t need laptop mode? Flick a switch and it’ll never be shown again. Not a gamer? Say goodbye to the gaming mode.

Alternatively, if you want everything up front, you can just as easily switch into a more advanced user mode mode with all the options. One excellent touch is that before you use the software, it offers to actually guide you through, with one tutorial for existing BitDefender users and another for complete newcomers.

In terms of features, it’s the standard loadout: firewall, parental controls, and a few extras for tuning up your PC and backing up files. The slightly cut down Internet Security 2011 edition loses the last couple of features, which is fine if you already have space to store your things, and costs slightly less.

There’s also a pure antivirus edition, which is one of the cheaper on the market. This misses out on the firewall and parental controls, but otherwise still offers everything you could need to stop malware in its tracks.

Rating: 3/5

Titanium Internet Security 2011
Price: £40 (one PC)
Info: http://uk.trendmicro.com

Trend Micro’s offering was by far the worst at picking up viruses in this year’s test, failing to fix a dismal 23 per cent of the viruses planted on our test PC compared to most of the others’ 100 per cent scores and Webroot’s only slightly shaky 97.1.

In its favour, it didn’t throw up any false positives, but nor did any of the other tools. We might just have caught it on a bad day, but we can’t say it was a great start for this package. It’s a cloud-based virus scanner however, so new emerging threats should be protected against very quickly.

In terms of raw performance, there’s little to praise except for the fact that boot-up time after installing Trend was almost identical to before it, with a variance of just six seconds – the only other package even close to that was Microsoft itself, at 10 seconds.

In scanning, it used fewer resources than most, but not dramatically so. It took over 10 minutes to complete its secondary scan, where most – although not all – of its competitors ripped right through our test rig. Still, it wasn’t the slowest performer by any means, beating both VIPRE and Microsoft by a good couple of minutes.

As far as extra features go, you get the standard firewall, a client-side spam blocker, plus some very handy extras: built in parental controls that both block kids from naughty sites and serve up reports, and a Data Theft Prevention tool that takes in your most important passwords and personal details and watches out for them slipping into the wrong hands.

All good stuff, let down by its initial performance. Hopefully next year it’ll be better prepared.

Rating: 2/5

Best antivirus: verdict

The most surprising thing about this antivirus test is how little difference there is between most security suites at the moment. If you buy antivirus, you’ll get that. Anything with ‘Security’ in the name is going to double that up with a firewall.

All are incredibly easy to use, and the majority scored a clean sweep in our tests. That makes it harder to recommend individual packages, but the good news is that as long as you stick with the known names, you’re unlikely to buy a dud.

Whether it’s a bonus feature you like, or simply added performance you crave, you can purchase in confidence. Just make sure you invest in one of them, because the criminals writing viruses will always have another trick up their sleeves…

Editor’s choice: Norton Internet Security 2011

It’s a close fight, but Norton’s excellent performance and revamped interface make it our pick of this year’s crop. It’s easy enough for anyone to use, but with lots of excellent bonus features to dip into if you need a bit more power.

Unsurprisingly catching everything we threw at it, it’s a security suite you can be completely comfortable using as your digital guard-dog.

Performance award: Kaspersky Pure

With excellent scanning and a grab bag of genuinely useful security extras, it’s hard to fault Kaspersky’s high-end suite. You can get slightly faster and more system-friendly tools if you want everything more automated, although Pure won’t give you trouble, but this is the one to go with if you want to squeeze as much power out of your choice of protection as possible.

Value award: Microsoft Security Essentials

You can’t get better value than free, and Microsoft Security Essentials is more than good enough – as long as you know what you’re doing. You may miss a few of the extra features, and have to sort out your firewall separately, but it’ll keep you safe from most of the threats you’re likely to download without the obnoxious extras. No licenses, no adverts, just free protection.

Following initial revelations last week, NASDAQ has today confirmed reports that one of its systems has been accessed by outsiders. More »

It’s only a proof of concept, but it’s scary nonetheless. It’s a Trojan for Android phones that looks for credit-card numbers, either typed or spoken, and relays them back to its controller.

Software released for Android devices has to request permissions for each system function it accesses—with apps commonly requesting access to the network, phone call functionality, internal and external storage devices, and miscellaneous hardware functions such as the backlight, LED, or microphone. These requests are grouped into categories and presented to the user at the point of installation—helping to minimise the chance of a Trojan slipping by.

Soundminer takes a novel approach to these restrictions, by only requesting access to ‘Phone calls,’ to read phone state and identity, ‘Your personal information,’ to read contact data, and ‘Hardware controls’ to record audio—none of which will ring alarm bells if the app is marketed as a voice recording tool.

Research paper here. YouTube . Another blog post. Research paper; section 7.2 describes some defenses, but I’m not really impressed by any of them.

The end result is that all the ISP subscriber data they received via the court orders was published for everyone to view and download, the data included names, addresses and other private and very useful information for fraudsters or other malicious individuals.

It’s still all being investigated by the information commissioner but the failure highlighted breaches in the way some companies send data to legal firms (may be just the way they send data external) as in no encryption / protection and the fact that businesses should be ensuring that any data they hold is secure everywhere, including when they provide it to others and how that recipient secures and manages it.

Businesses need to understand the risks relating to data lifecycles and the location should never matter, the data owner is the ISP and they must ensure that it’s use, distribution and storage anywhere is secure.

Maybe there are some that still think that if they hand something to someone else it is no longer their responsibility, but that does not wash.

Other more interesting facts relate to the handling of a crisis by ACS:Law, in that they didnt handle it well, they reacted and focused on getting things working, the oversight or could we say undersight was that the term “working” didn’t seem to include anything to do with legal, regulatory or even thought for anyone but themselves.

Crisis Management and business continuity are there to ensure the business manages a crisis and ensures the business can continue to operate as it should, it would appear that never happened and only IT Disaster Recovery happened based on the attack.

Lets all hope that the companies that hold our data and provide our services learn from this situation and ensure that legal, regulatory and best practice is included in their crisis management, business continuity and IT Disaster Recovery plans and processes.

As an old UK television advert used to say:

“lets not make a drama out of a crisis”

The other day I was talking to Hugh Thompson, adjunct professor of software security at Columbia University and founder of consultancy People Security, about his research related to online privacy and he mentioned how easy it can be to hijack someone’s e-mail account. So, I challenged him to try to steal mine.

Over the course of an hour, I watched as he mined the Internet for information about me that could be used to reset passwords on Web-based e-mail services, plucking tidbits from a variety of search and other sites to create quite a surprising dossier. I decided to share the experience (with a few omissions) in the hopes that other people will test how easily they could be stalked online so they can better protect their e-mail and other Web accounts.

Access to an e-mail account opens up access to all sorts of other information that could be used to steal someone’s identity and drain bank accounts, open up credit cards, and even take out loans in their name.

It’s not just personal information at stake in e-mail accounts. Use of weak password-reset security questions is believed to have allowed someone to access the Yahoo e-mail account of a Twitter employee last year and then use that to access the person’s Google Docs account where there was sensitive corporate information.

In agreeing to the project, Thompson had already done some homework and had a list of specific security questions that the major Web-based e-mail providers use. The questions include a mix of preference questions, like what is your favorite book, musician, town, and restaurant. Easy questions as they may seem on the surface, they are subject to change as peoples’ tastes change. For instance, you are likely to have a different favorite movie every couple of months or at least likely to forget what your original answer was. These aren’t always easy for a stalker to find either, unless the target happens to be a blogger who shares a lot of personal information. It’s the same for the category I’ll call “firsts,” such as what was your first pet’s name, teacher’s name or job.

Then there are the fact-based questions that are easier to find from public databases, such as the hospital you were born at, the street you grew up on or the town, your first phone number, high school you attended, last four digits of your Social Security number, mother’s birthplace and grandfather’s occupation.

Finally, there are the questions that people don’t usually remember or tend to have handy so they are less likely to choose them. These include what is your primary frequent flier number or library card number.

Armed with a list of common questions from Gmail, Yahoo, Live Mail and AOL, Thompson knew what information to look for. Using a Web-based conferencing system, I was able to watch his screen as he traversed the Internet. His first stop was Google where he typed in my first and last name. (All Thompson knew about me at the onset was my first and last name and that I work at CNET.)

Thompson went straight to my LinkedIn profile where he learned where I went to college and details of my past work experience. He then searched for me on a people search engine called Pipl.com and came across references for city, state, age, middle name, address and phone numbers. He found additional addresses on 123people.com.

On Intelius.com, another site that offers some basic information for free but charges for additional data, he came across other people with the same last name who were supposedly associated with me and their ages. (Most but not all of the information uncovered in this experiment was accurate.) By comparing information on the various sites and cross checking purported relatives and addresses, Thompson was able to guess which state I grew up in and what cities I have lived in.

Then Thompson called in the big guns–Ancestry.com. The site, which is designed for people creating family trees and doing genealogy research, pulls data from a host of public databases and provides more information than the free searches on the other sites but charges a subscription, of course. There is also a 14-day trial offer.

On Ancestry.com he had to guess at the birth year after learning my age on a different site but not knowing the exact date and took an educated guess at the city of residence too. Voila! Up came a birth date, a bunch of previous addresses, and even at least one phone number.

Someone could easily take the address information to figure out answers to some of the preferential security questions by using Google Street View to zoom in on bars, restaurants, and other hangouts in the immediate vicinity, said Thompson, who also is chair of the RSA Conference. “The longer you lived at an address, the more interesting those searches are,” he said.

Then he used Ancestry.com to search on one of the names linked to me and that he suspected was my mother because of the associated ages. “Your mother is the most interesting relative for us to look up because her name typically tells us what your maiden name is, but it also is a gateway to find out who her parents were,” Thompson said. “If we know their names then we know what your mother’s maiden name was.”

A common address between mother and subject also indicates the childhood home address. “That’s valuable for password reset questions that ask what street you grew up on,” he said. “Then you can search the addresses for the schools that are nearby and then go on Classmates.com and bring up teachers by year at that school.”

Thompson then went back to Google to see if I had a resume online, but that proved to be a dead end. Resumes have a wealth of personal information, including e-mail addresses, phone numbers, addresses and college. Outdated resumes are even more valuable, according to Thompson.

Satisfied with the amount of biographical information he had accumulated on me, Thompson then decided to see what e-mail addresses he could find. Since e-mail services allow you to reset your password by sending a message to your alternate e-mail address, getting the earliest e-mail address for someone is key because that is the one most likely to offer up security questions. If it’s a school e-mail address, that is even better because those security questions are likely to be the least secure, he said. The idea is to follow the trail of e-mail addresses as far back as possible. Corporate e-mail addresses, meanwhile, aren’t much help because they typically reset passwords internally through the corporate IT department.

Since I was in school before e-mail was popular (now you know I’m no spring chicken!) there was no school e-mail address for me. If there had been one, Thompson said he would have searched for the school on Classmates.com and checked for the domain there and guessed what my e-mail address would have been. He also could have looked for public records associated with possible student loans to get an e-mail address that way, he said.

Thompson guessed that I would have a Gmail address and that as an early adopter it would follow a particular, simple format. But when he tried to reset the password, the system offered to have password reset information sent to my alternate e-mail address or phone number. Gmail provided enough of the other e-mail address to figure it out and a few letters of the cell phone that could be compared against phone numbers uncovered on the people search sites. He then would have had to hack my cell phone or otherwise get physical access to it in order to get to the text message and choose the password he wants in order to hijack my account.

Thompson and I ran out of time, but I went ahead and finished the process and tried to reset the password on my alternate e-mail account. I struck gold–from an attacker’s point of view–in that it did ask security questions instead of referring me on to yet another e-mail address. But two of the three questions it asked (which I must have created) were unlikely to appear in any public databases and were not based on preferences. I’d share them with you, but then I’d have to kill you. (Just kidding. See below for some suggestions.)

The third security question asked was (yikes!) my mother’s maiden name, which Thompson had not yet uncovered but would have eventually if we had had more time.

I compared the accurate information uncovered by Thompson with the list of about 30 or so security questions that the e-mail providers offer as default questions and found that about eight of them would have easily been answered and another four probably could have been.

Because of the time constraint and the fact that I write about computer security issues and am thus more likely to be more security-conscious, Thompson did not hijack my e-mail account. But the experiment was fascinating, nonetheless. It showed how easily a stranger can dig up all sorts of information on someone. And it showed just how easy to guess many of the password-reset security questions are.

Thompson recommends that people conduct this experiment on their own identity to see what the results are and how secure their e-mail accounts are. And I would suggest the same. Then, either choose the safest default questions or, better yet, create your own, if that is an option.

When selecting a question option, think of an event in your life or a fond memory that is not going to be found on a public document and which you won’t likely forget. Choose something that you haven’t exposed to the public in a blog, Facebook posting or other online site. And think about specifics related to that memory, like a person, place or thing. Avoid referencing anything that can change over time such as a preference or feeling. Then set the question based on that.

When I realized the amount of information Thompson had amassed on me in a relatively short period of time, I was shocked and a little nervous. It’s fine for someone I trust to be trawling the Internet for details of my personal life, but if he could do this so could someone else.

Original article can be found on cnet.com

These facilities vary by service but allow the service user to see who is accessing their accounts and from what IP Address (sometimes providing geographical location information linked to the IP Address) and what devices made the access (web browser, mobile, etc)

In some of the cases it provides a list, while others provide a button against each item to “disconnect” or “deauthorise” the device.

For obvious reasons the need to access services from more devices and in some cases from multiple channels at the same time is increases, whether you are accessing from your mobile device and get home and continue on your computer or you simply forget to log out from one device and then access from another.

As this growth continues the risk increases, is it you or is it a fraudster accessing your services. You the customer knows which devices you have and which services you access from “your” devices.

This makes it difficult for Internet services to make security decisions on your behalf, or makes it fraught with mistakes.

So what they are also doing (in some cases) is registering devices and computers, asking you to name the device on first access, this information (the name or description provided) is then shown on the list.

In addition to this some even send an email to the account holder when new devices are registered. Asking the holder to alert them if it was not them registering the device (as in an unauthorized person)

My belief is that this is a really good approach, proving key information to the user to make a decision around unauthorized access and at the same time allow them to make automated fraud decisions.

Let’s see how this progresses, potentially becoming common across all services, though the implementations will vary.

Watch this space…..

Subject: Here you have (or “Just for you”)

Body: This is The Document I told you about, you can find it

Here. [link]

Please check it and reply as soon as possible.

Cheers,

As you may have guessed, the URL doesn’t actually take you to a PDF, but instead to an executable with the extension .scr. While the domain linked to in these infected e-mails is no longer live, infected computers can still be spreading virus messages. When the virus is run, it installs itself as CSRSS.EXE in the Windows directory, then e-mails the contents of your address book. It also spreads through mapped drives, remote machines, and removable media. The virus then attempts to download files and delete security software, including virus protection?

This means that you may not be able to trust your Antivirus product to protect you, so in the short term (until your antivirus software is able to prevent the worm):

• Never click on links or download files from email messages.
• Be careful using USB memory sticks (as it can infect via removable media)
• Dont trust the email sender, in fact the worm will be sending email from an infected computer, not the person you know
• In simple terms if you see an email with the subject Here you have or Just for you – be on alert
• Keep your Antivirus software up to date, because they will be updating their detection engines and virus lists to stop this new threat
• Keep your computer patched (e.g. Windows Update)

Use your computer safely, think before clicking links and downloading software.

The hacker, known as Iraq Resistance, responded to inquiries sent to an e-mail address associated with the “Here you have” worm, which during a brief period early Thursday accounted for about 10 percent of the spam on the Internet. He (or she) revealed no details about his identity, but said, “The creation of this is just a tool to reach my voice to people maybe… or maybe other things.”

He said he had not expected the worm to spread as broadly as it had, and noted that he could have done much more damage to victims. “I could smash all those infected but I wouldn’t,” said the hacker. “I hope all people understand that I am not negative person!” In other parts of the message, he was critical of the U.S. war in Iraq.

On Sunday, Iraq Resistance posted a video echoing these sentiments and complaining, through a computer-generated voice, that his actions were not as bad as those of Terry Jones. Jones is the pastor at a small Florida church who received worldwide attention this week for threatening to burn copies of the Koran.

Security experts agree that the worm could have caused more damage. However, it did include some very malicious components, such as password logging software and a backdoor program that could have been used to allow its creator to control infected machines. But because the software was not terribly sophisticated, it was quickly shut down as Web servers that it used to infect machines and issue new commands were taken offline last week.

“Here you have” spread when victims clicked on a Web link and then allowed a malicious script to run on their computer.It is the more-successful follow-up to an August worm that included the e-mail address that Iraq Resistance used to communicate with the IDG News Service.

According to Cisco, the worm accounted for between 6 percent and 14 percent of the world’s spam for a few hours Thursday. It primarily gummed up corporate e-mail networks in the U.S.

It is the first worm in years to have such a widespread and noisy effect, hearkening back to the days of the Anna Kournikova worm. Nowadays, most malware writers don’t want to draw attention to their activities, because they generally want to keep their malicious software hidden away on victims’ computers as long as possible.

Disney, Proctor and Gamble, Wells Fargo and the U.S. National Aeronautics and Space Administration (NASA) are among the organizations reported to have been hit by the worm.

SecureWorks Researcher Joe Stewart believes that Iraq Defense is a Libyan hacker who is trying to gain followers for a cyber jihad hacking group called Brigades of Tariq ibn Ziyad.

Tariq ibn Ziyad was the eighth century commander who conquered much of Spain on behalf of the Umayyad Caliphate. Iraq Resistance’s YouTube video has a Spanish theme too. It shows a map of Andalucia, and Iraq Resistance lists his location as “Spain” in his YouTube profile.

In his e-mails, Iraq Resistance did not answer questions about his identity, saying that he was worried about his safety. “I think this information is enough for you and having more looks like [an] investigation,” he said. “I don’t see myself that criminal.”

Story from Computerworld

The problem I always have (like most of us I imagine) is that I have a worry that my cloud provider may accidentally lose all my files or emails.

So that’s why I have the following to help me to at least have a backup:

• I use Picasa so that I can keep a copy of my Photos and Videos both locally and in the cloud, it works great and synchronizes new or updated photos well.
• For Gmail, I use a free tool called GMail-Backup which can download to a directory all my emails, then only download the updated or changed emails (New ones).

The end result is that I have all my photos, videos and emails on a hard disk locally and in the cloud. Maybe its paranoid, but I moved to the cloud as I lost things when a hard disk died a few years ago, now I have the other worry. This may not be for everyone, but something to thing about as your cloud storage grows and your dependency on Google or some other 3rd party increases.