Just install it already!

In my REIT talk, I rabbit on about the need for good anti virus on Windows. In my over enthusiastic rant, it is possible I forget the basics, that is “how do you do this?”. 


I found this great article on LifeHacker that walks you through the HOW of installing anti-virus. Video and all using Microsoft Security Essentials (MSE) which I also recommend.


MSE is for Macs too. Yes, if you run Parallels (or VMWare or Boot Camp) and have Windows on your Mac, you need MSE installed on the Windows bit too. Just because its running on a Mac doesn’t mean Windows is safe.


And talking of the Mac, there IS a Mac virus at long last. I’m almost excited. We finally got a real one. In case you haven’t heard, Mac Defender is a virus dressed up as an anti-virus. In other words, it tries to trick you by calling itself an anti-malware tool in the hopes you will install it. So if you get offered ANY anti-anything for your Mac, just say no thanks. You don't need it and it may be a fake anyway. What you do need is the latest updates from Apple.

Internet Explorer and why you must avoid it.

I'm a crusader against Microsoft Internet Explorer.

It is the most flawed, broken, dangerous piece of crap that Microsoft ever built. I do not say this lightly. I've written many articles on the subject and they are reproduced below.

The top cop at the NSW Cyber Crimes Task Force put it best in a public lecture where he said the two things Australians can do to protect themselves on the Internet are; 1. don't click on links in email and 2. don't use Internet Explorer.

Internet Explorer (IE) is the web browser that comes with Windows and is the way most newbies view the Internet. But it is NOT the best, safest or only way to surf.

Most web pages contain more than just text. To help your web browser display them (as the designer intended) the web site downloads program code to your PC. This is normal.

With IE, this program code is called Active-X and it is like getting Hitler’s brain transplanted into your head, the evil is inside you and has full control. Java is like reading a book on bomb making, you can choose to follow the instructions, or you can think better of it and ignore them.

There’s lots of other glaring security problems with IE. And Microsoft’s approach to security is to ask the user - “To view this web site you need to install this Active-X component, click here to install” well of course everyone clicks here because you wouldn’t have gone to the web site if you didn’t want to view it! How are you supposed to know if the Active-X is safe or malicious?

So stop using IE and check out Firefox (or Opera or Safari or Chrome). Your surfing will be safer and you will find they work better too! Of course, you will find the odd web site that insists on IE, and if that’s your bank or someone you trust, IE will always be there, because you can’t remove it from Windows.

The first thing you can do to make yourself a whole lot safer on the Internet is to stop using Microsoft Internet Explorer (IE). You know that blue E icon? Stop using it. There are other web browsers you can use and all of them are better.

The Microsoft browser is built in to Windows and for a lot of people that’s all they use. This must change and in fact it has changed. IE has dropped to less than half of all Internet users. Most people have got the message and are using those other browsers. Firefox is the popular choice.

The mainstream press reported yet another bug in IE recently. And rightly so. This most recent one was a bad one. Visit one wrong web page and Bingo! Your computer is taken over and infected with malware.

IE continues to have major security flaws. All these years later and the bad guys are still finding new ones. Over and over again.

In my humble opinion, the whole stupid design sucks badly. In short, the plug-ins (add-ons) for IE are Windows programs. And Windows programs can do anything – wipe your disk, change your settings – anything. And then Microsoft had this horrible after thought – how do we stop them? We opened the gate and after the bad guys had been pouring in for 10 years, then Microsoft decided to do something about it. It’s like allowing anyone to graft anything directly onto your brain – no questions asked.

In contrast, the other browsers (Chrome, Firefox, Opera, Safari to name a few) don’t work that way. They will accept a wish list (from a web site) and decide if the instructions make sense before following them.

At this point, all the programmers reading will be screaming at me. Yep I know that is a massive over simplification to say the least. But I’m trying to boil this down so everyone can get the extremely important message that IE stinks. Go with me here folks.

Understand that if you surf the Internet with Microsoft Internet Explorer, you ARE way more likely to get infected.

Best news? The other browsers are free and easy to use. And I have found them ALL to be better to use. Go change now if you haven’t done so already.

Just in case you didn’t get the memo - Microsoft Internet Explorer is my pick for the most crap security risk of all time. And if you needed another reason to abandon it forever - try this.

Apple’s web browser, Safari, is getting an upgrade. The current version 3 is pretty darn good and runs rings around IE, well doughnuts really. Now Apple has version 4 out as a public Beta (test drive).

In the world of Apple, an UPgrade generally offers more features, more speed and is better than the previous version. Safari does not disappoint. It is around 4 times faster than before and even then it was still the fastest browser out there for my money.

Yep, pages come up faster, look shiny and generally work better. And the cover flow view shows all your recent sites on one screen in a way that has to be seen to be believed.

Yep, I like it.

For Windows or Mac. Free.

Microsoft has released Internet Explorer version 8. And you might like to know if my opinion has changed or if this version is better, safe to use or gets the tick of approval.

It doesn’t.

Another fundamentally broken insecure piece of garbage from Microsoft. In all fairness it does have some nice new features and it is more secure than the previous versions. It still is no way as secure as any of the other browser you should be using.

I won’t bore you with a deep technical discussion.

Just use Firefox.


There’s a lot of buzz about Firesheep, heck it even made The Mercury. So high time I covered it.

Basically this is a consumer hacking tool that anyone can use. One click and it lets you into someone else’s Facebook page! You start it up, it shows you a list of all the Facebook users near you (even has their photos) and you click on anyone to hijack them - easy.

The technique is not new. What is new is that it is a simple plug-in for Firefox and anyone who can click a mouse can use it with no special skill or knowledge.

What Firesheep does is to intercept the non-secure cookies that Facebook (and Twitter, Amazon, Google, Yahoo, Myspace, Flickr and many more) use and then hijack the session. This lets you into the web site logged in as the other person. Its as if they walked away from their computer without locking it and you sat down. Anything they are logged into, you are in too!

Now, it doesn’t tell you their password, so you can’t go changing it to lock the victim out. But you can change their privacy settings, post embarrassing photos, articles and the likes. Or just snoop.

And remember this isn’t just Facebook, it is a lot of web sites.

What’s the catch? You do need to be on the same network and on a hub not a switch. But any open (or WEP) wifi meets this criteria. Many home networks have hubs and some older business networks. The IT people may even have installed a hub just to monitor network traffic.

What’s not vulnerable? Switched networks and WPA encrypted networks. These isolate each user’s traffic by design so the non-encoded cookies don’t pass by every user like they do on a hub network.

Bottom line, if you are on open wifi at a coffee shop, airport etc, you CAN be snooped on very easily. It is not just hackers anymore, the general public can do this too. If you have wifi in your home or business, you absolutely need to read up on wifi security and understand the basics. You've been given a chainsaw and it is vital you read the instruction manual before attempting to use it or you might get hurt.

Why is it a Firefox plug-in? No, its not a security flaw in Firefox that is being exploited here, its really bad design in web sites like Facebook. They are the ones sending your confidential data around with no encryption. Firefox provides a cross platform (Mac, Windows, Linux, Android) way of distributing this hacking tool. It could have been written in Java or any other language, the author just wrote it in Firefox. Like I said upfront, this is nothing new. Just re-packaged for the masses to use.

Expect chaos.

Since writing this, Facebook now allows you to keep your connection secure ( but I notice that some FB apps and web pages switch you back to non-secure. FB hasn't quite got it right. You should select "Browse Facebook on a secure connection" under my account, settings, account security.