Do You Really Need to Safely Remove USB Sticks?

You’ve probably heard that you always need to use the Safely Remove Hardware icon before unplugging a USB device. However, there’s also a good chance that you’ve unplugged a USB device without using this option and everything worked fine.

Windows itself tells you that you don’t need to use the Safely Remove Hardware option if you use certain settings – the default settings – but the advice Windows provides is misleading.

Quick Removal vs. Better Performance

Windows allows you to optimize your USB device for quick removal or improved performance. By default, Windows optimizes USB devices for quick removal. You can access this setting from the device manager – open the Start menu, type Device Manager, and press Enter to launch it.

Expand the Disk drives section in the Device Manager, right-click your device, and select Properties.

Select the Policies tab in the Properties window.  You’ll notice that Windows says you can disconnect your USB device safely without using the Safely Remove Hardware notification icon, so this means you can unplug your USB device without ever safely removing it, right? Not so fast.

Data Corruption Danger

The Windows dialog shown above is misleading. If you unplug your USB device while data is being written to it – for example, while you’re moving files to it or while you’re saving a file to it – this can result in data corruption. No matter which option you use, you should ensure that your USB device isn’t in-use before unplugging it – some USB sticks may have lights on them that blink while they’re being used.

However, even if the USB device doesn’t appear to be in-use, it may still be in-use. A program in the background may be writing to the drive – so data corruption could result if you unplugged the drive. If your USB stick doesn’t appear to be in-use, you can probably unplug it without any data corruption occurring – however, to be safe, it’s still a good idea to use the Safely Remove Hardware option. When you eject a device, Windows will tell you when it’s safe to remove – ensuring all programs are done with it.

Write Caching

If you select the Better Performance option, Windows will cache data instead of writing it to the USB device immediately. This will improve your device’s performance – however, data corruption is much more likely to occur if you unplug the USB device without using the Safely Remove Hardware option. If caching is enabled, Windows won’t write the data to your USB device immediately – even if the data appears to have been written to the device and all file progress dialogs are closed, the data may just be cached on your system.

When you eject a device, Windows will flush the write cache to the disk, ensuring all necessary changes are made before notifying you when it’s safe to remove the drive.

While the Quick Removal option decreases USB performance, it’s the default to minimize the chances of data corruption in day-to-day use – many people may forget to use – or never use – the Safely Remove Hardware option when unplugging USB devices.

Safely Removing Hardware

Ultimately, no matter which option you use, you should use the Safely Remove Hardware icon and eject your device before unplugging it. You can also right-click it in the Computer window and select Eject. Windows will tell you when it’s safe to remove the device, eliminating any changes of data corruption.

__________________________________________________________________

This advice doesn’t just apply to Windows – if you’re using Linux, you should use the Eject option in your file manager before unplugging a USB device, too. The same goes for Mac OS X.

Read More

Why Is the Localhost IP 127.0.0.1?

Geeks the world over know their local host as 127.0.0.1, but why is that specific address, of all available addresses, reserved for the local host? Read on to delve into the history of local hosts.

Image by GMPhoenix; available as wallpaper here.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-drive grouping of Q&A web sites.

The Question

SuperUser reader Roee Adler, curious about the default localhost IP, posed the following question to the community:

I wondered what is the origin of the decision to make localhost‘s IP address 127.0.0.1. What is the “meaning” of 127? what is the “meaning” of 0.0.1?

What is the meaning, indeed? While it’s possible to live out your entire geeky existence not knowing the answer to those questions, we’re ready to dig in.

The Answers

Several contributors pitched in to answer Roee’s question, each one of their contributions helps shed more light on how 127.0.0.1 is the place we all call home. John T writes:

127 is the last network number in a class A network with a subnet mask of 255.0.0.0. 127.0.0.1 is the first assignable address in the subnet. 127.0.0.0 cannot be used because that would be the wire number. But using any other numbers for the host portion should work fine and revert to using127.0.0.1. You can try it yourself by pinging 127.1.1.1 if you’d like. Why they waited until the last network number to implement this? I don’t think it’s documented.

Hyperslug does some archive sleuthing by digging through old memorandums on the subject:

Earliest mention I can find regarding 127′s assignment as loopback is November 1986 RFC 990 authored by Reynolds and Postel: The address zero is to be interpreted as meaning “this”, as in “this network”. For example, the address 0.0.0.37 could be interpreted as meaning host 37 on this network. … The class A network number 127 is assigned the “loopback” function, that is, a datagram sent by a higher level protocol to a network 127 address should loop back inside the host. No datagram “sent” to a network 127 address should ever appear on any network anywhere. Even as early as September 1981 RFC 790, 0 and 127 were already reserved: 000.rrr.rrr.rrr Reserved [JBP] ... 127.rrr.rrr.rrr Reserved [JBP] 0 and 127 were the only reserved Class A networks by 1981. 0 was used for pointing to a specific host, so that left 127 for loopback. I know this doesn’t answer the question, but this is as far back as I could dig. It might have made more sense to choose 1.0.0.0 for loopback but that was already given to BBN Packet Radio Network.

While we all know and love 127.0.0.1 as the localhost, it’s worth noting that it won’t be the localhost forever. 127.0.0.1 is how the localhost is designated in IPv4 communications and, as IPv6 slowly takes over, it will be designated by a much more intuitive number: 0:0:0:0:0:0:0:1.
__________________________________________________________________

Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion threads here.

Read More

What’s a Browser Cookie?

We’ve recently been hearing about tracking cookies and laws in the European Union forcing websites to explain their use of cookies to their visitors. If you’re wondering what cookies are and what all the fuss is about, you’re not alone.

Cookies are an important browser feature – if you disable cookies, you’ll find yourself unable to log into websites. While cookies have important, good uses, they also have more questionable uses.

What’s a Browser Cookie?

Cookies are small pieces of information websites store on your computer. Cookies only contain bits of text, not anything else. The text can be a user ID, session ID, or any other text. For example, web pages can be configurable – a web page could have a Hide link that hides a certain element on the page. The page can save this setting on your computer with a cookie. When you load the page in the future, the page can examine the cookie and automatically hide the element.

If you clear your cookies, you’ll be logged out of all websites and websites won’t remember any settings you’ve changed on them.

Cookies are very common – you probably have hundreds or even thousands stored in your browser right now.

How Cookies Work

Your web browser stores and manages cookies. You can find a list of websites storing cookies and view the cookies themselves – although it’s usually not interesting to look at the content of the cookies – in your browser’s settings. If you use multiple web browsers on your computer, each browser has its own set of cookies.

Websites are only allowed to look at their own cookies – for example, when you visit How-To Geek, we can’t examine cookies from other websites. This prevents malicious websites from snooping and stealing your login sessions.

Good Uses for Cookies

As we’ve seen, cookies have a number of very important uses. The web wouldn’t be what it is without them today.

• Cookies store your login state. Without them, you wouldn’t be able to log into websites. Websites use cookies to remember and identify you.
• Cookies store preferences on websites. You couldn’t change settings and have them persist between page loads without cookies.
• Cookies allow websites to provide personalized content. For example, if you’re shopping on Amazon, Amazon can remember the products you’ve browsed and recommend similar products – even if you’re not logged in.

“Bad” Uses for Cookies

However, cookies can also be used for more questionable purposes. Advertising and tracking networks use tracking cookies to track you across the web. When you visit website that uses scripts from an advertising network, that network can set a cookie in your browser. When you visit another website that uses tracking scripts from the same network, the advertising network can check the value of your cookie – it knows the same person visited both websites. In this way, the advertising networks track you across the web.

This information is used to target ads to you – for example, if you search for car insurance and later visit a news website, you may see advertisements for car insurance on the news website. The advertisements may not be related to the website you’re currently on, but they will be related to the websites you were visiting before. Depending on the advertising network, you may be able to opt out of this – as with the Google Ads Preferences page, which also shows the advertising categories you’ve been assigned by Google based on the websites you’ve been tracked across.

Tracking networks can also use the data for other purposes – for example, selling aggregated browsing data to others.

Managing Your Browser’s Cookies

You can manage your browser’s cookies from its settings window. Each browser’s Clear Private Data tool will also delete cookies. For information on viewing and clearing your browser’s cookies.

__________________________________________________________________

One problem with clearing cookies is that it will log you out of sites you use. If you want to stay logged into the websites you use but block other websites from using cookies, check out our guide to blocking all cookies except for the sites you use. Bear in mind that some websites won’t work properly if you disable cookies for them.

Read More

How Antivirus Software Works

Antivirus programs are powerful pieces of software that are essential on Windows computers. If you’ve ever wondered how antivirus programs detect viruses, what they’re doing on your computer, and whether you need to perform regular system scans yourself, read on.

An antivirus program is an essential part of a multi-layered security strategy – even if you’re a smart computer user, the constant stream of vulnerabilities for browsers, plug-ins, and the Windows operating system itself make antivirus protection important.

On-Access Scanning

Antivirus software runs in the background on your computer, checking every file you open. This is generally known as on-access scanning, background scanning, resident scanning, real-time protection, or something else, depending on your antivirus program.

When you double-click an EXE file, it may seem like the program launches immediately – but it doesn’t. Your antivirus software checks the program first, comparing it to known viruses, worms, and other types of malware. Your antivirus software also does “heuristic” checking, checking programs for types of bad behavior that may indicate a new, unknown virus.

Antivirus programs also scan other types of files that can contain viruses. For example, a .zip archive file may contain compressed viruses, or a Word document can contain a malicious macro. Files are scanned whenever they’re used – for example, if you download an EXE file, it will be scanned immediately, before you even open it.

It’s possible to use an antivirus without on-access scanning, but this generally isn’t a good idea – viruses that exploit security holes in programs wouldn’t be caught by the scanner. After a virus has infected your system, it’s much harder to remove. (It’s also hard to be sure that the malware has ever been completely removed.)

Full System Scans

Because of the on-access scanning, it isn’t usually necessary to run full-system scans. If you download a virus to your computer, your antivirus program will notice immediately – you don’t have to manually initiate a scan first.

Full-system scans can be useful for some things, however. A full system scan is helpful when you’ve just installed an antivirus program – it ensures there are no viruses lying dormant on your computer. Most antivirus programs set up scheduled full system scans, often once a week. This ensures that the latest virus definition files are used to scan your system for dormant viruses.

These full disk scans can also be helpful when repairing a computer. If you want to repair an already-infected computer, inserting its hard drive in another computer and performing a full-system scan for viruses (if not doing a complete reinstall of Windows) is useful. However, you don’t usually have to run full system scans yourself when an antivirus program is already protecting you – it’s always scanning in the background and doing its own, regular, full-system scans.

Virus Definitions

Your antivirus software relies on virus definitions to detect malware. That’s why it automatically downloads new, updated definition files – once a day or even more often. The definition files contain signatures for viruses and other malware that have been encountered in the wild. When an antivirus program scans a file and notices that the file matches a known piece of malware, the antivirus program stops the file from running, putting it into “quarantine.” Depending on your antivirus program’s settings, the antivirus program may automatically delete the file or you may be able to allow the file to run anyway, if you’re confident that it’s a false-positive.

Antivirus companies have to continually keep up-to-date with the latest pieces of malware, releasing definition updates that ensure the malware is caught by their programs. Antivirus labs use a variety of tools to disassemble viruses, run them in sandboxes, and release timely updates that ensure users are protected from the new piece of malware.

Heuristics

Antivirus programs also employ heuristics. Heuristics allow an antivirus program to identify new or modified types of malware, even without virus definition files. For example, if an antivirus program notices that a program running on your system is trying to open every EXE file on your system, infecting it by writing a copy of the original program into it, the antivirus program can detect this program as a new, unknown type of virus.

No antivirus program is perfect. Heuristics can’t be too aggressive or they’ll flag legitimate software as viruses.

False Positives

Because of the large amount of software out there, it’s possible that antivirus programs may occasionally say a file is a virus when it’s actually a completely safe file. This is known as a “false positive.” Occasionally, antivirus companies even make mistakes such as identifying Windows system files, popular third-party programs, or their own antivirus program files as viruses. These false positives can damage users’ systems – such mistakes generally end up in the news, as when Microsoft Security Essentials identified Google Chrome as a virus, AVG damaged 64-bit versions of Windows 7, or Sophos identified itself as malware.

Heuristics can also increase the rate of false positives. An antivirus may notice that a program is behaving similarly to a malicious program and identify it as a virus.

Despite this, false positives are fairly rare in normal use. If your antivirus says a file is malicious, you should generally believe it. If you’re not sure whether a file is actually a virus, you can try uploading it to VirusTotal (which is now owned by Google). VirusTotal scans the file with a variety of different antivirus products and tells you what each one says about it.

Detection Rates

Different antivirus programs have different detection rates, which both virus definitions and heuristics are involved in. Some antivirus companies may have more effective heuristics and release more virus definitions than their competitors, resulting in a higher detection rate.

Some organizations do regular tests of antivirus programs in comparison to each other, comparing their detection rates in real-world use. AV-Comparitives regularly releases studies that compare the current state of antivirus detection rates. The detection rates tend to fluctuate over time – there’s no one best product that’s consistently on top. If you’re really looking to see just how effective an antivirus program is and which are the best out there, detection rate studies are the place to look.

Testing an Antivirus Program

If you ever want to test whether an antivirus program is working properly, you can use the EICAR test file. The EICAR file is a standard way to test antivirus programs – it isn’t actually dangerous, but antivirus programs behave as if it’s dangerous, identifying it as a virus. This allows you to test antivirus program responses without using a live virus.

__________________________________________________________________

Antivirus programs are complicated pieces of software, and thick books could be written about this subject – but hopefully this article brought you up to speed with the basics.

Read More

6 Ways Windows 8 Is More Secure Than Windows 7

Whatever you think of it, Windows 8 isn’t just a new interface slapped on top of Windows 7. Windows 8 has seen a lot of security improvements, including an integrated antivirus, an application reputation system, and protection from boot-time rootkits.

There are also quite a few low-level security improvements under the hood. Microsoft hasn’t spelled out all of them, but Windows 8 manages memory in a more secure way and includes features that make security vulnerabilities harder to exploit.

Integrated Antivirus

Windows 8 finally includes an integrated antivirus program. it’s named Windows Defender, but the interface will be immediately familiar to anyone that’s ever used Microsoft Security Essentials – this is Microsoft Security Essentials with a new name. You can easily install any other antivirus you prefer and Windows Defender will be automatically disabled if another antivirus is running, but the integrated antivirus is a capable product. Best of all, this ensures that all Windows users will finally have antivirus protection out-of-the-box.

Early Launch Anti-Malware

In Windows 8, antivirus products can start earlier in the boot-up process to scan the system’s drivers for malware. This helps protect against rootkits that start before the antivirus program and hide from it. Windows Defender starts earlier in the boot process out-of-the-box, and third-party antivirus vendors can also add the Early-Launch Anti-Malware (ELAM) feature to their products.

SmartScreen Filter

Previously used only in Internet Explorer, the SmartScreen filter is now implemented at the operating system-level. It will be used to scan EXE files you download from Internet Explorer, Mozilla Firefox, Google Chrome, and other programs. When you download and double-click an EXE file, Windows will scan the file and send its signature to Microsoft’s servers. If the application is known-good, such as the installer for iTunes, Photoshop, or another popular program, Windows will allow it to run. If it’s known-bad, perhaps if it contains malware, Windows will prevent it from running. If it’s new and Windows doesn’t know what it is, Windows will warn you and allow you to bypass the warning.

This feature should help less-experienced users from downloading and running malicious programs from the Internet. Even new pieces of malware will be detected by the SmartScreen filter as an unknown new program that should be approached with caution

Secure Boot

On new Windows 8 computers that use the UEFI firmware instead of the old-style BIOS, Secure Boot guarantees that only specially signed and approved software can run at boot. On current computers, malware could install a malicious boot loader that loads before the Windows boot loader, starting a boot-level rootkit (or “bootkit”) before Windows even launches. The rootkit could then hide itself from Windows and antivirus software, pulling the strings in the background.

On Intel x86 PCs, you’ll be able to add your own security keys to the UEFI firmware, so you could even have your system boot only secure Linux boot loaders that you’ve signed. 

Memory Management Improvements

Microsoft has made a lot of under-the-hood improvements to the way Windows 8 manages memory. When a security hole is found, these improvements can make the security hole harder or even impossible to exploit. Some types of exploits that function on earlier versions of Windows wouldn’t function at all on Windows 8.

Microsoft hasn’t spelled out all of these improvements, but they have mentioned a few:

• ASLR (Address Space Layout Randomization) has been extended to more parts of Windows, randomly moving data and code around in memory to make it harder to exploit.
• Mitigations that were once applied to Windows applications are now also applied to the Windows kernel.
• The Windows heap, where Windows applications receive their memory from, includes additional checks to defend against exploit techniques.
• Internet Explorer 10 includes improvements that make 75% of the security vulnerabilities reported over the last two years more difficult to exploit.

New Apps Are Sandboxed

Apps for Windows 8’s new Modern interface (formerly known as Metro) are sandboxed and restricted in what they can do on your computer.

On the Windows desktop, applications had full access to your system. If you downloaded and ran a Windows game, it could install drivers on your system, read files from everywhere on your hard drive, and install malware on your computer. Even if programs run with limited credentials thanks to UAC, they typically install with Administrator privileges and can do anything they want during installation.

Windows 8 apps function more like web pages and mobile apps on other popular mobile platforms. When you install an app from the Windows Store, that app has limited access to your system. It can’t run in the background and monitor all your keystrokes, logging your credit card number and online banking passwords like applications on the traditional Windows desktop can. it doesn’t have access to every file on your system.

Apps for Windows 8’s new Modern interface are also available only available through the Windows Store, which is more controversial. However, users can’t install malicious Modern apps from outside the store. They’d have to go through the Windows Store, where Microsoft has the ability to pull them if they’re discovered to be malicious.

__________________________________________________________________

Windows 8 is definitely more secure than Windows 7. An integrated antivirus and application reputation system, along with a tamed app ecosystem that replaces the wild-west nature of previous versions of Windows, will probably make the most difference for inexperienced users that may not have ran an antivirus or knew which applications were safe to install on previous versions of Windows. Low-level improvements to the way Windows manages memory will help everyone, even power users.

Read More

How to Test Your Antivirus, Firewall, Browser, and Software Security

So you have an antivirus guarding your system, your firewall is up, your browser plug-ins are all up-to-date, and you’re not missing any security patches. But how can be sure your defenses are actually working as well as you think they are?

These tools can also be particularly useful if you’re trying to quickly determine how secure someone else’s PC is. They can show you just how much vulnerable software the PC has installed.

Test Your Antivirus

No, we’re not going to recommend downloading a virus to test your antivirus program – that’s a recipe for disaster. If you ever want to test your antivirus software, you can use the EICAR test file. The EICAR test file isn’t an actual virus – it’s just a text file containing a string of harmless code that prints the text “EICAR-STANDARD-ANTIVIRUS-TEST-FILE!” if you run it in DOS. However, antivirus programs are all trained to recognize the EICAR file as a virus and respond to it just as they would respond to an actual virus.

You can use the EICAR file to test your real-time antivirus scanner and ensure it’s going to catch new viruses, but it can also be used to test other types of antivirus protection. For example, if you’re running antivirus software on a Linux mail server and you want to test that it’s working properly, you can email the EICAR file through the mail server and ensure it’s caught and quarantined.

Note: it’s important to test and make sure all your defenses are correctly configured and working properly, but this can’t guarantee your anti-virus will catch every new virus. Since there are new viruses every day, it pays to still be vigilant about what you download.

You can download an EICAR test file from the EICAR website. However, you could also create your own EICAR test file by opening a text editor (such as Notepad), copy-pasting the following text into the file, and then saving it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Your antivirus program should react as though you had just created an actual virus.

Port Scan Your Firewall

If you’re behind a router, the router’s network address translation (NAT) feature effectively acts as a firewall, preventing other computers on the Internet from connecting to your computer. To ensure that your computer’s software is sheltered from the Internet – either with a NAT router or through a software firewall if your computer is connected directly to the Internet – you can use the ShieldsUP! test website. It will perform a port scan of your IP address, determining whether ports are open or closed at your address. You want ports to be closed to protect potentially vulnerable services from the wild west environment of the open Internet.

Check Browser Plug-ins

Browser plug-ins are now the most common attack vector – that’s software like like Java, Flash, and Adobe’s PDF reader. You should ensure that you always have the latest, most up-to-date versions of all your browser plug-ins if you want to stay safe online.

Mozilla’s Plugin Check website is particularly good for this. It’s made by Mozilla, but it doesn’t just work in Firefox. It also works in Chrome, Safari, Opera, and Internet Explorer.

If you have any out-of-date plug-ins, you should update them to the latest, secure versions. If you have Java installed at all, you should just uninstall it now – or at least disable its browser plug-in. Java is subject to a constant flood of zero-day vulnerabilities and seems to spend most of its time vulnerable to attack.

Scan For Vulnerable Software

On operating systems with central software repositories (like Linux) or app stores (like iOS, Android, and Windows 8’s Modern environment), it’s easy to tell that all your applications are up-to-date with the latest released security patches. It’s all handled through a single tool that updates them automatically. The Windows desktop doesn’t have this luxury.

Secunia, an IT security company, develops a free application named Secunia Personal Software Inspector to help with this. When installed, Secunia PSI scans the software installed on your computer and identifies any out-of-date, potentially vulnerable programs on your computer. It doesn’t know about every piece of software ever created for Windows, but it does help identify software you should update.

__________________________________________________________________

Of course, this doesn’t cover everything. There’s no way to ensure your antivirus will catch every virus ever created  — it won’t because no antivirus is perfect. There’s no way to ensure you won’t fall prey to phishing or another social-engineering attack. But these tools will help you test some of your most important defenses and ensure they’re ready for an assault.

Read More

How to Optimize Mozilla Firefox for Maximum Privacy

Firefox includes powerful features to prevent you from being tracked online, but they aren’t on by default. We’ll show you how to take control of your privacy online with Firefox’s options.

Firefox also has some features that send personal data to Mozilla and Google, but these features aren’t mandatory. Mozilla and Google use the data to improve Firefox, provide you with search suggestions and block malicious web pages.

Do Not Track

Firefox can send a do-not-track request whenever you connect to a website, asking the website not to track you. It’s disabled by default, so you’ll have to enable it yourself.

Click the Firefox menu, select Options and click the Privacy icon.

Click the “Tell websites I do not want to be tracked” check box at the top of the privacy pane to enable the do-not-track feature.

Unfortunately, few websites obey your do-not-track preference at the moment. Do not track is also available in Internet Explorer 9 and Apple Safari, but it’s noticeably absent in Google Chrome.

Search Suggestions

Firefox sends every letter you type into its search box to your default search engine, which sends search suggestions back.

You can easily disable search suggestions by right-clicking the search box and unchecking Show Suggestions.

Safe Browsing

Firefox uses the same phishing and malware detection technology found in Google Chrome. Like Chrome, Firefox automatically downloads an updated list of malicious websites from Google every 30 minutes. If you try to access one of these websites, Firefox sends contacts Google to confirm the website is malicious.

It shouldn’t be possible for Google to determine the exact website you tried to access, but Google cookies you have on your computer may also be sent. Phishing and malware detection helps protect your personal data and your computer’s security, but you can disable it using the options on the security pane.

Cookies

Click the “Firefox will” box on the privacy pane and select “Use Custom Settings for History” to view Firefox’s cookie options

Many advertising networks track you across multiple websites with third-party cookies. You can disable these cookies by unchecking the Accept third-party cookies box. This may cause problems with some websites, so you may have to re-enable this check box.

First-party cookies can be used for tracking, too. Many websites won’t work if you disable cookies entirely, but you can have Firefox automatically clear them each time you close your browser. This prevents websites from building up a profile of you over time, but you’ll have to log into any open websites each time you reopen Firefox. Just enable the “Clear history when Firefox closes” check box and click the Settings button.

Select Cookies and any other type of data you want Firefox to automatically delete, and then click OK.

Crash Reports and Performance Data

Firefox can send crash and performance reports to Mozilla. Mozilla uses these reports to fix problems and help improve Firefox.

The Submit crash reports check box on the advanced pane controls the crash reports feature. Firefox never sends crash reports automatically; it always prompts you. You’ll still see the prompt if you uncheck this check box, but the crash report dialog will default to not sharing any data with Mozilla.

The Submit performance data option causes Firefox to send anonymous performance reports in the background. The reports contain information about how you use Firefox’s interface, how well Firefox is performing and what hardware your computer contains.

Remember to save your settings by clicking OK.

__________________________________________________________________

Wondering about Firefox Sync? Firefox automatically encrypts all your data before syncing it if you have the sync feature enabled, so sync isn’t much of a privacy concern.

Read More

Why You Don’t Need to Install a Third-Party Firewall (And When You Do)

Firewalls are an important piece of security software, and someone is always trying to sell you a new one. However, Windows has come with its own solid firewall since Windows XP SP2, and it’s more than good enough.

You also don’t need a full Internet security suite. All you really need to install on Windows 7 is an antivirus — and Windows 8 finally comes with an antivirus.

Why You Need a Firewall

The primary function of a firewall is to block unrequested incoming connections. Firewalls can block different types of connections intelligently — for example, they can allow access to network file shares and other services when your laptop is connected to your home network, but not when it’s connected to a public Wi-Fi network in a coffee shop.

A firewall helps block connections to potentially vulnerable services and controls access to network services — particularly file shares, but also other types of services — that should only be accessible on trusted networks.

Before Windows XP SP2, when the Windows Firewall was upgraded and enabled by default, Windows XP systems connected directly to the Internet became infected after four minutes on average. Worms like the Blaster worm tried to connect directly to everyone. Because it didn’t have a firewall, Windows let the Blaster worm right in.

A firewall would have protected against this, even if the underlying Windows software as vulnerable. Even if a modern version of Windows is vulnerable to such a worm, it will be extremely difficult to infect the computer because the firewall blocks all such incoming traffic.

Why the Windows Firewall is Good Enough

The Windows Firewall does the exact same job of blocking incoming connections as a third-party firewall. Third-party firewalls like the one included with Norton may pop up more often, informing you that they’re working and asking for your input, but the Windows firewall is constantly doing its thankless job in the background.

It’s enabled by default and should still enabled unless you’ve disabled it manually or installed a third-party firewall. You can find its interface under Windows Firewall in the Control Panel.

When a program wants to receive incoming connections, it must create a firewall rule or pop up a dialog and prompt you for permission.

When You Would Want a Third-Party Firewall

By default, the Windows firewall only does what’s really important: block incoming connections. It has some more advanced features, but they’re in a hidden, harder-to-use interface.

For example, most third-party firewalls allow you to easily control which applications on your computer can connect to the Internet. They’ll pop up a box when an application first initiates an outgoing connection. This allows you to control which applications on your computer can access the Internet, blocking certain applications from connecting.

Power users may love this feature, but it’s probably not a good feature for the average user. They’ll be charged with identifying applications that should be allowed to connect and may block background-updater processes from connecting, preventing their software from updating and leaving it vulnerable. It’s also a very noisy task, as you’ll have to confirm a prompt box every time a new application wants to connect. If you really don’t trust a program to connect to the Internet, perhaps you shouldn’t be running the program on your computer in the first place.

Nevertheless, if you want outgoing-connection management, you’ll probably want a third-party firewall. They also offer an interface where you can more easily view statistics, firewall logs, and other information.

For most users, using a third-party firewall just introduces unnecessary complexity.

Advanced Windows Firewall Features

The Windows firewall actually has more features than you might expect, though its interface isn’t as friendly:

• Windows offers an advanced firewall configuration interface where you can create advanced firewall rules. You can create rules that block certain programs from connecting to the Internet or only allow a program to communicate with specific addresses.
• You can use a third-party tool to extend the Windows firewall, forcing it to prompt you for permission each time a new program wants to connect to the Internet.

__________________________________________________________________

A third-party firewall is a power-user tool — not an essential piece of security software. The Windows firewall is solid and trustworthy. While people can quibble about the Microsoft Security Essentials/Windows Defender virus detection rate, the Windows firewall does just as good a job of blocking incoming connections as other firewalls.

Read More