Wednesday, April 9, 2014

HEARTBLEED BUG WILL MAKE YOUR WALLET BLEED

BAD NEWS IN TECH NEWS








UPDATE 12PM




I forgot to put THIS link into what I wrote below. If you click on it you can plug in the name of a website to see if it's still vunerable. If it is, try to avoid using that website and don't change your password until it's been patched - Brian



A bad "bug" has been made public and it doesn't do much to reassure users around the world that anyone is on top of  web security like they should. It's called the "Heartbleed Bug", and involves OpenSSL, and websites that use it [ed. - believe me, a BUNCH of websites use this] like your bank, your web email or Cloud storage sites to name a few.

What is OpenSSL? It's a cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it. That's a mouthful. In plain language, in the past you've been told that when you do anything on the Internet, especially things that require purchasing items from a website, to make sure that you see the little lock symbol in the websites address so that you know it's secure.

We've just been informed - it's not so secure. In fact, it's so insecure that Canada has halted e-filing of tax returns in their country. A BBC news article can be found HERE. Security experts are saying this is a failure of epic proportions and users should change their passwords immediately [ed. - Yahoo says that they have made the appropriate patches to their websites, but unless you know that the site you are going to change your password on has done the same, I wonder what risk is involved?].

You can read other news stories about this from the Associate Press, HERE, and Reuters, HERE. In that story Michael Coates, director of product security for Shape Security says: 

"If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website".

This is a really big deal, and all of you should follow news articles to keep up-to-date on this matter.



ANTI-VIRUS "TESTS" ARE LIKE THE 4 SEASONS - 
YOU'LL SEE AT LEAST 4 OF THEM EACH YEAR



If you're a viewer of at least two computer/tech websites you know that they'll run "OUR TOP TEN ANTI-VIRUS SUITES SHOOTOUT" at least 3 or 4 times a year, and in many cases they'll contradict themselves at least once - so how are you supposed to know what to buy?

First, let me address the multiple tests each year - There are two schools of thought about this, 1). When there isn't a lot to fill space on a website [PC World, PC Mag, Computerworld, etc.] they'll run a top 10/15/20 test of anti-virus suites to get your attention, and/or 2). The world of viruses is so fluid that you have to test the suites every-so-often because what was number one 4 months ago may be number 5. IMHO I think it's a little of both.

Over the years I've seen it happen where the #1 anti-virus flip-flops with another vendors product that ranked lower in a test, so there is validity to the idea that your #1 product could be #5 in six months. Should you run out and replace your A/V software when this happens? No. Money is a good reason why you shouldn't [most suites have a one or two year subscription, so you don't want to throw your money away just because of the most recent A/V software comparison], and many times a drop in it's ranking isn't as earth shattering as it sounds.

A good rule of thumb is:


Stay away from the bottom of the list and you'll be okay

I don't recall seeing a dead last A/V product rise from the bottom of the pack into the top five, so I'm pretty confident with my rule-of-thumb advice. Some products may flip-flop in that lower bracket but there is one free A/V software that consistently ranks the worst, and that is Microsoft Security Essentials. This comes along with the Windows 8 family operating system and if that is your only defense you should re-consider your playbook and fork out some $$$ to better protect yourself.

Earlier this year, AV-TEST ran their anti-virus software shootout and here is a chart of their results -

CHART COURTESY OF AV-TEST.ORG

























As you can see, if you stay in the top 10-12 products you'll be in good company, and if you look at other websites and their "shootouts" you'll probably see some shuffling around in the top 12 [for instance Trend Micro ranks 1st-5th in many other comparisons, and Symantec/Norton doesn't].

In the world we live in today you can't get by without a good anti-virus. While it won't protect you from everything, what it does protect from will pay the yearly (or two-year) charge it costs to update it. Read a variety of reviews from different sources, and consult with someone familiar with security for help in choosing the best suite for you.

'Nuff Said,
Brian



No comments:

Post a Comment