July Computer Security News: Vista, MySpace & Suites

Here is your weekly summary of security alerts, fixes and threats you need to know, to play safe on the Internet.

Thinking of Vista? Better Read This!

If you are using Windows Vista or planning to make the jump soon, you had better know that the operating system is spying on you. Some 20 or more programs, features and services are busy collecting data about you and your work habits.

All this information goes, you guessed it, straight to Microsoft. If you read the Privacy Statement or End User License Agreement (EULA), you would have a clearer idea of the record data harvest that Vista is pulling in. Microsoft does not deny or hide it. In fact, you consented to it merely by using the features.

They claim they do not use the info to identify you. But they could very easily do so. Among the data received is your IP address, of course, which is all they really need to find you. Or a law enforcement agency could demand that Microsoft turn over the data.

And just what does dear old Mother Microsoft do with all that data? A close reading of the many user agreements reveals it: absolutely any old thing they want or feel like.

Among the services and programs that harvest your data and send it on to Microsoft are: Windows Update, Digital Certificates, Windows Media Player, The Malicious Software Removal Tool, Internet Explorer 7, and Windows Defender. The company says if you do not like it, just stop using the services or features.

That is not really practical in the case of Windows Update. Thanks to Microsoft’s sloppy code, we all have to update our operating systems once a week. And you thought the Windows XP Genuine Advantage Notification Program was a pain…

What is a happy Internaut to do, other than turning off these programs? In many cases you can find alternatives from other companies (hint hint: Firefox). Also, you should have a good firewall installed on your pc. It should alert you when Vista tries to phone home. Just say no.

MySpace.com Attack – Again – Update Windows Now

Hackers are using MySpace.com accounts again to mount attacks on unsuspecting surfers. The criminals succeeded in installing fake navigation buttons on some user profile pages. When you click on them, you are taken to malicious computers that then try to infect your computer.

The attack seems to have been installed on perhaps a few dozen pages. Most were soon removed by the administrators of the site.

There are two parts to the attack. First, botnet software is installed on your computer, turning it into a zombie that can infect other machines. Second, the malware presents you with a fake MySpace.com login page, to try and get your user name and password.

The important point here is that this attack uses several known flaws in Internet Explorer that have been previously fixed. If you update your Windows once a week, you are not at risk, even if you use MySpace.com

Updating Windows regularly is one of the best things you can do to stay safe on the Internet. Do not neglect it.

Are Security Suites a Good Idea?

I always recommend that you have anti-virus and anti- spyware programs running on your computer, as well as a firewall, among other programs. Many companies publish great programs that will accomplish these tasks.

The trend in the last few years has been for publishers to branch out and cover all three bases. For example, a publisher that makes well-known anti-virus software comes out with a firewall and anti-spyware programs. And the maker of a great firewall issues an anti-virus program, and pushes it hard at you.

Getting all your security programs from one vendor is what we mean by a security suite, or collection of software. So, is it a good idea?

In a word, generally no it is not, for at least two reasons. First, companies often specialize in one area, say anti- spyware programs. Their programs may work great. But when they branch out to other areas, the results may not be as good.

Second, if you get all your defensive programs from one vendor, there may be similarities in the structure and organization of the programs. If a hacker succeeds in learning how to circumvent the anti-virus software, he may quickly gain control of other programs from the same vendor.

And you do not want to be at the mercy of one company for all your security needs. What if they raise their prices? Or worse yet, go out of business? It is far better to pick and choose the best programs from among many publishers.