Home » Security
Category Archives: Security
It can be quite a challenge to find effective software that can help you keep your PC in proper working order so in this article I will attempt to review some of the best free PC maintenance tools available as of the start of 2013.
It’s a well know fact that with use your PC’s performance will degrade if it is not properly maintained. When putting together your PC maintenance toolkit there are a number of key areas that you want to have covered. These categories include:
- The best firewall software possible
- An anti-virus program with good virus detection rates
- Specialized anti-virus tools to hunt the worst threats
- A file recovery tool
- A hard drive defragmentation utility
- A junk file / registry cleanup / general tune-up utility
- A hardware review tool
- A sandboxing tool
To get straight to the point: I’ll start this post by saying that in the past I have found both paid for and free Anti-Virus (AV) software to be ineffective in identifying and containing malware infections. I’m sure this will meet a lot of resistance since using the popular Anti-Virus software is easy and gives the average user a feeling of being in control of their system.
I’ve had my share of chasing malware and trying to track down sources of infection. When it comes to tracking down malware I am still constantly learning, so I do not intend this article to be any kind of definitive answer to whether one should buy or use AntiVirus software. As you read this article, keep in mind that I am still learning the basics of malware detection, and would appreciate your feedback and experiences doing the same.
Also, I’m definitely not suggesting that anyone should go out and uninstall whatever Anti-Virus program that one is using; I’m just saying that one should never consider an AntiVirus scan to be an accurate summary of a PC being clean of viruses. I think there is some benefit to using Anti-Virus software, but I am definitely concerned how often people seem to be confident that their systems are safe or clean just because their Anti-Virus software didn’t detect anything.
November 6 2012: After the crisis with their domain hijacking, there are some amazing accounts coming out about what happened. This article on TechCrunch tells quite an incredible story.
October 26 2012: @Diigo on Twitter has announced that they are back in control of the Diigo.com domain as of about 5:00ET.
The domain update should have propagated through the Internet by now so Diigo.com is safe to access now. Diigo states that the total outage time was 48 hours.
It remains to be seen if people’s PCs have been infected by possible malware hosted on the hijacked sites. I certainly hope this is not the case.
October 25 2012 – Warning: do not browse to Diigo.com. The site has been domain hijacked.
The Web is going crazy with viruses and hack attacks these days. It seems like every day there is news of a new compromise.
Today I was surprised when I tried browsing to Diigo.com (a great social bookmarking site that I like to use) only to find myself redirected to site I do not recognize that has bizarre popups. It looks like the site has been compromised.
Happily Diigo has been keeping its user base updated on Twitter via @diigo .
It seems user data has not been lost and all of one’s social bookmarks are still in place. Diigo is working with its domain registrar Yahoo hosting to correct the hijacking, but progress is slow. Based on people’s reports on Twitter it seems the hijack happened sometime yesterday (22 hours ago as of 3:00 ET Sept 25 2012) and Yahoo hosting has still not corrected things. In the meantime @Diigo on Twitter is advising users to point their browsers to Diigo.net which is still operational.
Wikipedia has a short entry explaining the Diigo domain problem that is worth checking out.
When I checked the URL for the hijacker’s site, it comes up with a 0 trust rating, which is definitely not good. I wonder if there is a chance of malware or a virus attack coming from the site. Some people on Twitter are reporting that their Antivirus software is showing warnings of Trojans.
My Antivirus software did not report a problem, but I will need to run diagnostics on my machine to try to clear up any garbage that might have found its way on, and I also plan to change all of my passwords just to be safe.
This sort of thing is always annoying when it happens, but it is definitely a wake up call to anyone developing sites for the Web. It’s a bit like the wild-west out there and there is danger lurking around every corner if you are not careful.
- Here is a link to the Official Diigo explanation page regarding the compromise.
- Here is a link that @Diigo has posted to a similar domain hijacking story that happened to howardforums.com
In an earlier article I covered how to generate Excel reports on the fly using the Interop.Excel Namespace.
This is a really handy technique that also gives you full control over the minutia of the document you are creating. However the catch in using this technique is that you will need to update the configuration of your Web server to allow Web users to trigger Excel on your Web server. This can mean some pretty drastic security changes and possible loopholes in your Web server’s security so you should do a risk analysis before choosing this method.
In this article I will review the Web server security updates that need to be made to allow using the Interop.Excel Namespace to generate Excel documents for your Web site.
Please note that since I am developing this site for an Intranet, I am not as concerned with locking down the server. If you are working with a server that is exposed to the Web then you will want to review these security changes much more thoroughly.
If you are adding parameters to a SqlCommand object then you can use either Parameters.Add or Parameters.AddWithValue. The Parameters.Add syntax requires you to explicitly specify the DataType of the parameter you are passing, while the Parameters.AddWithValue syntax implicitly attempts to convert the parameters you pass in.
When choosing which method you want to use, you should be aware that although there is no difference in the functionality of either method, but Microsoft added Parameters.AddWithValue because overloads for Parameters.Add resulted in possible confusion of which specific overload was being used. I do find myself using Parameters.AddWithValue for its convenience and clarity, but the fact that you are leaving the datatype for the compiler to implicitly convert is not a good thing.