Social Icons

Monday, June 13, 2011

MAKE incognito YOUR DEFAULT SETTING

1.    We all know how to browse hidden ie Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Commonly it is known as "incognito" or "privacy browsing".......an avid user of chrome ....I always had to open the browser and then select "New Incognito Window" to work...but not till today....a simple amendment in the target setting of properties of chrome shortcut will always make you open the incognito window......simply append "--incognito" at the end of the link address as shown below : 

C:\Users\???????\AppData\Local\Google\Chrome\Application\chrome.exe --incognito

2.    More clearly ...right click on the chrome shortcut on the task bar or on the desk top and click properties.In the target text box append "--incognito" to what is already there defining the location of the chrome browser....

3.     Thats it......

FLIRT BOTS


1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN


1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

BULLET PROOF HOSTING


1. Bulletproof hosting refers to a technique wherein web hosting firms permit their customers appreciable leniency in the kinds of material they may upload and distribute. 

2. Many service providers have "Terms of Service" that do not allow certain materials to be uploaded/distributed, or the service to be used in a particular way, and may suspend a hosting account, after a few complaints, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) based filtering. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

3. Bullet Proof Hosting allows people who want to promote their product, service on their web site by sending Commercial and Bulk Emails. As well known, Email Marketing has emerged as one of the most effective and economical marketing tool. It gives you the power to broadcast your message to millions of prospects across the world and it works!

4. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.Case in point is the case of "McColo ISP takedown in November 2008".McColo was one of the leading players in the so-called "bulletproof hosting" market — ISPs that will allow servers to remain online regardless of complaints.

INSPIRED FROM INDIA : CHINAs ATTEMPT ON TAKING ON CORRUPTION

1.    In recent last few months,a lot has been happening in India in form of anshans,demonstrations,dharna's to bring back the black money freezing in swizz banks and to reduce corruption...so far so good...the spark happened and is now gradually bowing to the Government which ensure and loves STATUS QUO.....atleast thier wasy of working confirms this....instead of supporting the movement...they took the key persons involved head on and now in another about a week or so we will be back to STATUS QUO...

2.    But China's esurient Internet users are taking a leaf from India's anti-corruption drama by opening websites so citizens can confess, sometimes in pitiless detail, to buying off officials.Several Chinese confess-a-bribe websites, including "I Made a Bribe" (www.ibribery.com), have been inspired by an Indian website "I paid a bribe" (ipaidabribe.com)......china ranks 78th in the corruption list whereas we list at the 87th rank...m sure it is much worse.....apna nahee to kisi aur ka to bhala hoga........jai ho INDIAAAAAAAAAA

3.     Thanks http://www.reuters.com

Monday, May 16, 2011

McMurdo station & more DATA CENTRE Locations

1.    We all keep reading on issues like heating when we discuss data centres......now with the problems that datacenters have with cooling, the Antarctic is perhaps the ideal site for such a facility....i thought that was a joke before i first read about this and saw the pics on site at here

2.     The station's datacentre is dedicated to supporting scientific work and running the station - with 64 servers and more than 2PB of storage connected to hundreds of desktops by a gigabit Ethernet network.McMurdo Station is the telecoms hub for science projects, field camps and operations in western Antarctica funded by the National Science Foundation (NSF).To provide these services, it has a central telephone exchange and a wide spectrum of network, radio-frequency and satellite-communication systems.At the South Pole, every day up to 100GB of science data is transferred from the station to the US via satellite-communication links in support of multiple NSF-funded science projects.

3.    Thanks DIGIT.

Wednesday, April 27, 2011

HOW DO U FIND IF YOUR PC IS HACKED?- PART 6

FIND COMMAND

1.   Most of the commands I have discussed so far spew a lot of output on the screen, which could be hard for a human to look through to find a specific item of interest. But, Windows comes to the rescue. Users can search through the output of a command using the built-in find and findstr commands in Windows. The find command looks for simple strings, while findstr supports regular expressions, a more complex way to specify search patterns. Because the regular expressions supported by findstr go beyond the scope of this tip article, let's focus on the find command. By default, find is case sensitive - use the /i option to make it case insensitive.

2.    The find command also has the ability to count. Invoked with the /c command,it'll count the number of lines of its output that include a given string.Users often want to count the number of lines in the output of a command to determine how many processes are running, how many startup items are present  or a variety of other interesting tidbits on a machine. To count the lines of output, users could simply pipe their output through find /c /v "". This command will count (/c) the number of lines that do not have (/v) a blank line ("") in them. By counting the number of non-blank lines, the command is,in effect, counting the number of lines.

3.  Now, with the find command, users can look through the output of each of the commands I've discussed so far to find interesting tidbits. For example , to look at information every second about cmd.exe processes running on a machine, type:

C:\> wmic process list brief /every:1 | find "cmd.exe"

Or, to see which autostart programs are associated with the registry hive H KLM, run:

C:\> wmic startup list brief | find /i "hklm"

To count the number of files open on a machine on which openfiles accounting is activated, type:

C:\> openfiles /query /v | find /c /v ""

Whenever counting items in this way, remember to subtract the number of lines associated with column headers. And, as a final example, to see with one-second accuracy when TCP port 2222 starts being used on a machine, along with the process ID using the port, run:

C:\> netstat -nao 1 | find "2222"


THANKS www.amazingit.blogspot.com

HOW DO U FIND IF YOUR PC IS HACKED?- PART 5


NETSTAT COMMAND

1.  The Windows netstat command shows network activity, focusing on TCP and UDP by default. Because malware often communicates across the network, users can look for unusual and unexpected connections in the output of netstat, run as follows:

C:\> netstat –nao

2.  The -n option tells netstat to display numbers in its output, not the names of machines and protocols, and instead shows IP addresses and TCP or UDP port numbers. The -a indicates to display all connections and listening ports. The -o option tells netstat to show the processID number of each program interacting with a TCP or UDP port. If, instead of TCP and UDP, you are in interested in ICMP, netstat can be run as follows:

C:\> netstat -s -p icmp

3.   This indicates that the command will return statistics (-s) of the ICMP protocol. Although not as detailed as the TCP and UDP output, users can see if a machine is sending frequent and unexpected ICMP traffic on the network. Some backdoors and other malware communicate using the payload of ICMP Echo messages, the familiar and innocuous-looking ping packets seen on most networks periodically.

4.  Like WMIC, the netstat command also lets us run it every N seconds. But, instead of using the WMIC syntax of "/every:[N]", users simply follow their netstat invocation with a space and an integer. Thus, to list the TCP and UDP ports in use on a machine every 2 seconds, users can run:

C:\> netstat -na 2

HOW DO U FIND IF YOUR PC IS HACKED?- PART 4


OPENFILES COMMAND

1.  Many Windows administrators are unfamiliar with the powerful openfiles command built into Windows. As its name implies, this command shows all files that are opened on the box, indicating the process name interacting with each file. It's built into modern versions of Windows, from XP Pro to Vista. Like the popular ls of command for Linux and Unix, it'll show administrators all open files on the machine, giving the process name and full path for each file. Unlike lsof, however, it doesn't provide many more details, such as process ID number, user number and other information.


2.  Considering the volume of information it gathers, it's no surprise that the openfiles command is a performance hog. Thus, the accounting associated with
openfiles is off by default, meaning users can't pull any data from this command until it is turned on. This function can be activated by running:

C:\> openfiles /local on

3.  Users will need to reboot, and when the system comes back, they will be able to run the openfiles command as follows:

C:\> openfiles /query /v

4.  This command will show verbose output, which includes the user account that each process with an open file is running under. To get an idea of what malware has been installed, or what an attacker may be doing on a machine,users should look for unusual or unexpected files, especially those associated with unexpected local users on the machine.

5.   When finished with the openfiles command, its accounting functionality can be shut off and the system returned to normal performance by running the following command and rebooting:

C:\> openfiles /local off

HOW DO U FIND IF YOUR PC IS HACKED?- PART 3

1.  While WMIC is a relatively new command, let's not lose site of some useful older commands. One of my favourites is the venerable "net" command. Administrators can use this to display all kinds of useful information. For example, the "net user" command shows all user accounts defined locally on the machine. The "net localgroup" command shows groups, "net localgroup administrators" shows membership of the administrators group and the "net start" command shows running services.

2.  Attackers frequently add users to a system or put their own accounts in the administrators groups, so it's always a good idea to check the output of these commands to see if an attacker has manipulated the accounts on a machine. Also, some attackers create their own evil services on a machine, so users should be on the lookout for them.

More here.....

HOW DO U FIND IF YOUR PC IS HACKED?- PART 2

1.    WMIC stands for Windows Management Instrumentation Command-line It lets administrative users access all kinds of detailed information about a Windows machine, including detailed attributes of thousands of settings and objects. WMIC is built into Windows XP Professional, Windows 2003 and Windows Vista.

C:\> wmic process

2.    When you run this command, the output may not be an easy to understand format but the same can be formatted in several different ways, but two of the most useful for analysing a system for compromise are the "list full" option, which shows a huge amount of detail for each area of the machine a user is interested in, and the "list brief" output, which provides one line of output per report item in the list of entities, such as running processes, autostart programs and available shares. For example, we can look at a summary of every running process on a machine by running:

C:\> wmic process list brief

3.   That command will show the name, process ID and priority of each running process, as well as other less-interesting attributes.

C:\> wmic process list full

4.   This command shows all kinds of details, including the full path of the executable associated with the process and its command-line invocation. When
investigating a machine for infection, an administrator should look at each process to determine whether it has a legitimate use on the machine, researching unexpected or unknown processes using a search engine.

5.   Beyond the process alias, users could substitute startup to get a list of all auto-start programs on a machine, including programs that start when the system boots up or a user logs on, which could be defined by an auto-start registry key or folder:

C:\> wmic startup list full

6.   A lot of malware automatically runs on a machine by adding an auto-start entry alongside the legitimate ones which may belong to antivirus tools and various system tray programs. Users can look at other settings on a machine with WMIC by replacing "startup" with "QFE" (an abbreviation which stands for Quick Fix Engineering) to see the patch level of a system, with "share" to see a list of Windows file shares made available on the machine and with "useraccount" to see detailed user account settings.

7.   A handy option within WMIC is the ability to run an information-gathering command on a repeated basis by using the syntax "/every:[N]" after the rest of the WMIC command. The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:

C:\> wmic process list brief /every:1

Hitting CTRL+C will stop the cycle.

More good examples here

HOW DO U FIND IF YOUR PC IS HACKED?- PART 1

1.   We all keep ourselves worried over issues pertaining to our PC security including issues like if or not it is a zombie or if the same is already a compromised one etc. But how would you find the answer to these......call an expert and pay from your pocket? NO....the answer is MS it self...yesss!!....Microsoft Windows has a series of commands with the help of which a normal PC user would be able to find out the answers.....

2.   Following are the list of commands which would be used

WMIC Command
            - C:\> wmic process
            - C:\> wmic process list brief
- C:\> wmic process list full
- C:\> wmic startup list full
- C:\> wmic QFE list full
- C:\> wmic process list brief /every:1

The net Command
-         net localgroup
-         net localgroup administrators

Openfiles Command
          - C:\> openfiles /local on

Netstat Command
-         C:\> netstat –nao
-         C:\> netstat -s -p icmp
-         C:\> netstat -na 2

Find Command

For more details on these commands...click here....

Tuesday, April 05, 2011

Beware of 'Radioactive' Emails

1. Japan has been struck with the worst ever crisis in all aspects of human lives,infrastructure damage,economy slowdown and sadly the list goes on.....now to add to worries this is being exploited by criminals seeking access to your personal online information.

2.  Spam emails titled, “Japan Nuclear Radiation Leakage and Vulnerability Analysis,”claiming to have a detailed reports on the nuclear radiation being emitted from the Fukushima-1 nuclear power plant are being circulated across under the false origin from Office of Nuclear Security and Incident Response with the U.S. Nuclear Regulatory Commission.The alleged nuclear report is included in a Microsoft Excel file attached to the email.

3.   Now anyone actually wanting to know what course of events took place might be allured to open the Excel file, but the file is corrupted. Opening it exposes users to a bug that allows a hacker to remotely exploit an Adobe Flash vulnerability and execute malicious code on the victim’s computer.Rest can be easily then taken control by the back end criminal.....
4.   Now aren't we seeing a number of cases coming up in form of hacker trying to remotely exploit an Adobe Flash vulnerability
.......too many have come up in past 2-3 years.......infact the case of SHADOWS IN THE CLOUD & TRACKING GHOSTNET were largely based on this......so whats the message.....BEWARE...keep yourself updated of such spams.....keep your antivirus updated

Monday, April 04, 2011

Revenge : YouTube Style

1. Now this one is really good....we already know that IT has revolutionized our lives in so many aspects...all aspects like banking,office work,exchanging mails,,,blogging.....making a social networking identity....keeping updates etc etc...but how many thought out the way to take REVENGE in such a effective manner that the culprit bows down...and pleads GUILTY....GUILTY..... 

2. An original lift from http://www.securitynewsdaily.com is putup below for details.....


“A computer thief in Boston learnt the hard way that performing an embarrassing victory dance is not the best way to celebrate your crime.
After his MacBook Air laptop was stolen two months ago, Bentley University freshman Mark Bao took digital revenge, accessing a cloud server on which his computer’s data was stored to identify the culprit who’d taken his computer, Gawker reported.
According to messages posted on Bao’s Twitter account, Bao used the backup server Backblaze to download the thief’s Safari Web browsing history and Facebook profile.
The sweet revenge, however, came when Bao found a video the thief had made of himself dancing to the Travis Porter song “Make it Rain.” Bao uploaded the video to YouTube with the title “Don’t steal computers belonging to people who know how to use computers.”
The video, posted on March 19, quickly became a viral hit, and has been viewed more than 376,000 times. “Come on, if you’re about to record a video of yourself dancing on a stolen laptop, at least be good at dancing!” Bao wrote on Twitter on March 19.
From here, the story of savvy techie versus celebrating crook takes an unexpected turn. Embarrassed that his dancing routine was made public and open to ridicule, the thief returned Bao’s laptop to the police and wrote an email to Bao expressing his regret and asking for the video to be taken down.
In an email the thief wrote to Bao, which Bao then posted on Reddit.com, the crook said, “I know I am in no position for asking you for favors but Can [sic] you please put down the videos that you have put up of me. I know what I did was wrong and if I was a different person fine leave it up but I do have two Professional jobs that iif [sic] something like that gets leak I can get in more [sic] trouble and be more embarrass [sic] as well.”


3. So what does the episode mean…we should all start taking backups in cloud…or do we start using Backblaze or….or….or what?....the best way to keep out from this …is to KEEP A CLOSE TAG OF YOU LAPTOP……    Thanks http://www.securitynewsdaily.com

Sunday, April 03, 2011

The weak password problem : Now solved????

1.    We are part of the first phase of IT revolution across the globe where every thing is happening....methods to secure...methods to hack....stronger and powerful servers....patching vulnerabilities....fighting malware....analysing stuxnets genre...and what not....every thing is happening.....now the following text (org from http://lanl.arxiv.org/abs/1103.6219) opens another dimension to make the passwords secure.....

"Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies."

2.    Thanks http://lanl.arxiv.org

Tuesday, March 15, 2011

How to Disable/Enable Use of USB Storage Devices in Windows

 1.         How often in office and home, we desire to lock our USB drives from not being used by the regular circle around to avoid any compromise on data.I m sure its many a time....either we resort to keeping the 3 level regular strong password option or try out some third party USB Blocker option or more simply leave to GOD and trust.But their is a way out from this...and a real easy one to atleast defy the circle with a small trick....it goes this way.....

2.         The situation to block the USB will fall in either of the categories :

(a)        USB storage device is not installed in system
(b)        USB storage device is already installed in system

CASE -1 : USB STORAGE DEVICE IS NOT INSTALLED IN SYSTEM

- Type %windir%\inf in Explorer address bar or RUN dialog box and press Enter. It'll open "inf" folder.

-  Now look for following 2 files:
usbstor.inf
usbstor.pnf

3. Now to change their user permissions setting Right-click on each file and select "Properties". Goto "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.


 NOTE : - In Windows Vista, click on "Edit" button after selecting the user or group in "Group or user names" list and then again select the same user or group in new dialog box. Now you can click on "Deny" checkbox.

4. That's it. Now users will not be able to install any USB storage device in system.


CASE 2 : IF THE USB STORAGE DEVICE IS ALREADY INSTALLED IN SYSTEM

5.    Type regedit in the run taskbar and reach at :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor


6. In right-side pane, change value of "Start" to 4

7. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3.

Sunday, March 13, 2011

QUALITIES OF A GOOD ANTIVIRUS

1.   Each Antivirus software in the web market today claims as the First and the topmost rated antivirus amongst all.Each has a claim that says "We check what others don't".A large percentage of typical user have actually got no way to check out who is the actual one...Who is the BEST? They then generally select the one that is based on the recommendations of their social circle and the convincing factor generated by the site of the product or simply put...it can ba random selection at last. In fact in my quest to search the best one amongst all....the number of QRs that one needs to check for one antivirus is a long one.Few of the qualities that should not be missed at all are briefly enumerated below.

WEST COAST LABS ANTI-VIRUS : The West Coast Labs Checkmark certification for antivirus effectiveness. WCL stands as a global leader in research, testing and certification for information security products and services. They have market-leading technology and testing facility in the UK, USA and india.Their services are being used by the leading global brands to create market advantage and by large business enterprises for obtaining crucial technical insight into product performance.WCL provides an authoritative and independent service, delivering sound, meaningful technical information on which critical business decisions can be made.More at http://www.westcoastlabs.org/


ICSA CERTIFIED : The ICSA is an independent organization that has a set criteria for certifying antivirus software.


AV COMPARATIVES : Anti-Virus Comparative test conducted in 2010. Overall scores are presented as Advanced + (A+), Advanced (A), Standard, and Tested.


SCOPE OF PROTECTION : Does the product protect from every threat? This rating evaluates the breadth and depth of security from the software. While most security solutions tout “multi-layered” protection, “360 degree” defense and/or even “100%” security, some are certainly more thorough than others. The best antivirus solutions will include traditional protection from viruses, worms, Trojans and spyware, but should also include defense from keyloggers, phishing scams, email-borne threats and rootkits. While antivirus programs are by no means full-blown internet security suites, they should protect from as many threats on as many fronts as they can.


EFFECTIVENESS : How effective is the application at protecting your computer from harmful viruses and other malware? This rating combines various tests and certifications to determine how well the software performs. Antivirus is specifically designed to protect your computer, so if it doesn’t do that well, what good is it? All the features, bells and whistles, or sleek interface can’t make up for poor performance. We look at results from the industry-standard security software testers and professional security organizations to find the most effective software available and evaluate overall effectiveness. In general, our highest ranked programs are also the most effective.


HACKERS : Anyone trying to take control of your computer for malicious purposes.


PHISHING : These criminal scams attempt to obtain your identifying information by disguising as legitmate sources (like your bank, eBay, or facebook).


ACTIVEX : Several Microsoft programs use ActiveX controls for good, but these components can also be taken advantage of.


USER PROFILES : The software includes distinctive interfaces or features for particular users (often beginners or advanced users).


SELF-DEFENSE : The software monitors itself and the computer, effectively protecting from intrusions or unauthorized changes.


SCHEDULING : The ability to schedule specific scans to occur at a specific time or interval.


HISTORY/REPORT LOGGING : The software keeps a record of the performed tasks and results for future reference or reporting.


SILENT / GAMER MODE : The 'gamer' mode allows you to use the computer in full-screen mode (for games, presentations, or videos) without interruptions from the security software.


LAPTOP / BATTERY SAVING MODE : The software can be set to delay scans or intensive processes for later in order to increase battery life.


LINK SCANNER : An integrated web tool that monitors web links and prevents/warns users from clicking on malicious sites.


BOOTABLE RESCUE CD :In the event of a complete system crash, you can use the bootable rescue disc to preempt the OS and clean the system.


FREE VIRUS SCAN ONLINE : The security manufacturer offers a free virus scan online (often with incentive to purchase their products for removal capabilities).


AUTOMATIC DEFINITION UPDATES : The program automatically updates virus definitions or DAT files. A virus definition is basically the formula that the software uses to determine if a file is infected by a specific virus.


MANUAL DEFINITION UPDATES : You can manually check for virus definition updates.


SCHEDULED UPDATES : Updates can be scheduled to run at a specific time or interval.


PULSE/PUSH UPDATES : Small, regular updates are initiated by the manufacturer as needed to deliver important updates.


ROLLBACK : The ability to revert to a previously working state if the most recent update causes a problem.


MANUAL SCANNING : Manual Scanning is the ability to start a scan of your hard drive at any time.


QUICK & DEEP SCAN : Manual and/or scheduled scans can either be quick (scan most important areas) or deep (full scan of computer).


OPTIMIZED SCANNING : The software is configured to scan efficiently, only scanning areas and files that have changed since the last scan.


SCAN INDIVIDUAL FILE(S) : The software can scan an individual file for viruses. This is often available by right-clicking on the file and choosing to scan.


EXCLUDE FILES : The software allows the user to designate certain files, folders, or drives NOT to include in the virus scan.


SCAN COMPRESSED FILES : Scans zipped (.zip) or other compressed files that are usually obtained through emails or downloaded from the web.


QUARANTINES INFECTED FILES : If a file is suspected of being infected with a virus, it moves the file to a "quarantine" area where you cannot accidentally access it.


AUTO-CLEAN INFECTED FILES : The anti-virus program will automatically clean or fix files that are infected.


SCAN USB (AND OTHER EXTERNAL DRIVES) : The software is capable of scanning external drives for viruses.


PASSWORD PROTECT SETTINGS : Prevents the Anti-Virus settings from being modified by other users.


ADJUSTABLE SECURITY LEVELS : Security can be customized and set to a particular level of potency.


VULNERABILITIES : Microsoft and third-part software vendors are constantly providing security patches or other updates. Some software takes a proactive approach and helps you stay on top of the most recent updates.


COOKIES : Though not typically malicious, cookies are little chunks of code stored on your computer from web sites.


SCRIPTS : Script Blocking technology monitors Java and VBS scripts and alerts users of virus-like behavior. They stop these viruses before they can infect a system without needing virus definitions.


SPAM : Spam is unwanted email, whether it's annoying advertisements or a link to a virus.


AUTO USB DETECT : Most antivirus software can scan USB drives, but some automatically detect when an external drive is plugged in and will block malware from automatically running.


VIRUS SIGNATURES: Traditional virus detection is based on identifying malware by matching it with known viruses.


BLACKLISTING : Setting a file or website on the "blacklist" means that it should never be allowed.


WHITELISTING : Setting a file or website on the "whitelist" means that you trust it and don't need the security software to scan/block it.


HEURISTICS : Proactive virus blocking is possible with behavioral analysis, file emulation, and/or generic signature detection.


REAL-TIME : Real-time protection means that the software protects you from viruses automatically, while the data is being accessed.


SECURITY NETWORK : This security approach involves the software manufacturer gathering anonymous information about your system in order to benefit everyone. If a virus is found on your computer, they can quickly find the cause and update definitions for all users.


ON-ACCESS SCANNING : Your files are scanned when you receive them and when you try to access them.


ON-DEMAND SCANNING : You can determine which files and when to scan for viruses. It's like manual scanning but you can be more specific and scan a file at a particular time. Simply right-click on the filename.


ADWARE : Though not always harmful, these annoying programs cause advertisements to display on your computer without your permission.


EASE OF INSTALLATION : How easy is the product to download, install, and setup? This rating is determined by install speed and simplicity. Security software shouldn’t be a chore to install, and should have you protected as soon as possible. From download to install, to the first scan; implementing antivirus software should be quick and easy.


EASE OF USE : How usable is the product? The Ease of Use rating reflects how easy the product is to use, run, and maintain. Antivirus software is complex stuff, but shouldn’t require a degree in computer security. The best security programs have all the features security experts want, but are just as easily used by a beginner. Everyday computer users want a security solution that they can install and forget about; software that doesn’t require constant maintenance or have annoying interruptions. The best antivirus software is flexible enough to do exactly what you want to (even if that means running by itself).


FEATURES : Does the software include additional benefits? Whether for added security or simple convenience, more features usually means better software. A well-rounded feature set takes a security solution from good to great. More than bells and whistles, added features provide security, usability and performance benefits.


UPDATES : Are timely updates delivered effectively? This rating is based on the frequency and versatility of virus database updates. Security software is only as good as its latest update. Viruses are being identified and added to signature databases all the time, so it’s important that your virus definition list updates accordingly. Modern antivirus software are equipped with automatic updates that perform regularly enough that you get faster updates that don’t slow down your system. The best security providers even “push” updates to you as soon as they’re available.


HELP & SUPPORT : Does the product offer additional support and helpful resources? This rating is based on the quantity and usefulness of additional product support. The best software doesn’t require reading an in-depth manual to use, but still has one available. For specific questions, troubleshooting, and additional help, the best antivirus manufacturers provide superior product support online and off. Additional support for software may come in the form of assistance over the 24x7 phone, email, live chat, or through a number of additional resources (knowledgebase, FAQs, tutorials).


BACKDOOR : A special type of trojan (often called remote access trojan or RAT), they essentially give control of your computer to a hacker.


THREAT DETECTION includes : Virus,Worm,Trojan,Spyware,Malware,Rootkit.


BROWSER EXPLOITS : malicious code that takes advantage of an internet browser vulnerability to make the browser do something you don't want (freeze, crash, change settings, etc.)


OS EXPLOITS : Malware that is designed to take advantage of a vulnerability in the Windows Operating System.


KEYLOGGERS : A virus designed to track and monitor user keystrokes, often used to steal passwords, credit card numbers, etc.


INBOUND EMAIL PROTECTION : The anti-virus software scans files received through incoming emails on a POP3 account.


OUTBOUND EMAIL PROTECTION : The software scans outbound email attachments so you don't spread viruses to others.


INSTANT MESSAGING PROTECTION : The anti-virus software scans files received through instant messaging (MSN Messenger, AIM, Yahoo Messenger).


P2P/FILE SHARING PROTECTION : The software protects from malicious files downloaded and/or accessed from peer-to-peer file sharing programs.


REGISTRY STARTUP PROTECTION : The software provides protection before the OS loads, or has the ability to scan registry files.


DIALERS : Malicious program that takes control of your computer and uses it to dial expensive phone numbers.


SUPPORTED CONFIGURATIONS : Does it incl compatibility with Windows 7 (32 bit),Windows 7 (64 bit),Windows Vista (32 bit),Windows Vista (64 bit),Windows XP (32 bit),Windows XP (64 bit)


2.   Thanks http://www.toptenreviews.com/ and for those who want a pdf click here to access http://www.scribd.com/doc/50645603/Qualities-of-a-Good-Antivirus

Powered By Blogger