Firefox Security Update Released
If you haven't already done it, go get the new version of Firefox (v2.0.0.13). It fixes ten security issues of varying severity, many of which are critical.
An accompanying update of Mozilla's Thunderbird Email client won't be out for several weeks. David Ascher who is the head of Mozilla Messaging addressed this on his blog :
"there’s a Firefox 2.0.0.13 release coming up, which fixes some security bugs. Some of those are in the part of the code that is shared with Thunderbird. There will therefore be a matching Thunderbird 2.0.0.13. The only question is when. At the scheduling meeting, it was clear that the ideal scenario (near-simultaneous security releases for Firefox and Thunderbird) was simply impossible, mostly because of resource contention. Some of those resource contentions are due to not enough automation for the Thunderbird release process, and some of it is the consequence of not enough people with the right training — one of the factors that led to the creation of Mozilla Messaging. After careful weighing of the various options, we all agreed that Thunderbird 2.0.0.13 will have to release several weeks after Firefox 2.0.0.13."
---------------------------------------------------------------------
Firefox 3 will be released sometime in the next month (or so), and from my testing of the early beta releases people will be amazed at how much faster it is. The memory usage is also much better controlled in the new version.
There's more information and better control regarding individual web pages/sites via the "View Page Info" (in the context menu when you R-Click on the page).
Things like "Web Site Identity", "Privacy and History", and "Technical Details" (If the site is encrypted, and if it is the strength of that encryption).
The Privacy and History section has information like; "Have I visited this web site before today?", "Is this web site storing information (cookies) on my computer?", and "Have I saved any passwords for this web site?". It provides the answers to those questions and lets you view the associated cookies/passwords.
Another tab ("Feeds") within 'Page Info' tells you if there are RSS Feeds available for that page, and the types.
The "Permissions" tab lets you 'Allow' or 'Block' images, pop-up windows, cookies (including "Allow for Session"), and installation of extensions or themes.
The individuals and organizations who develop the 'extensions' (add-ons) are updating their versions to work with Firefox 3 quicker than ever. As a matter of fact, the majority of my personal favorites have already been updated. So many have been updated that I've been using the 'beta' version as my primary browser for some time. It's so much faster than version 2 that it's kind of a pain to go back and use the old version!
One thing that hasn't been updated yet to work with Firefox 3 is LinkScanner, which I've gone back to using since I uninstalled AVG 8.0 (I'll explain why in a future post). Actually only one feature doesn't work, and that's the search results notification (the 'LinkScanner' part) that usually shows a color-coded symbol along side search results in Google, Yahoo!, and Windows Live Search to tell you if it's safe to click the link and go to the web site(s). Similar products from Finjan and others haven't been updated to work with Firefox 3 yet either which is understandable, but thankfully the other protections of LinkScanner Pro aren't affected and are still protecting my home network. * None of this affects those using the current versions of browsers like Internet Explorer and Firefox.
UPDATE [12:47 PM]: I just got a call from James Barnes at Finjan (who just got out of a meeting about this very subject) informing me that they have a new version ready to go whenever Firefox 3 is released. I hope to hear something similar from Exploit Prevention Labs/Grisoft soon.
I want to encourage readers to use some form of 'proactive protection' product to protect them while they're browsing the Internet. Whether it's a separate product like Finjan (SecureBrowsing) or LinkScanner (Pro/Lite), or something included in their Anti-Virus product or a Security Suite/Firewall, the threat of web-based attack is increasing.
While I'm on the subject, I have links to a couple of web pages you can keep at hand (in your browser's Bookmarks/Favorites Toolbar) that allow you to paste in an unknown web address (URL) and have it scanned for threats before you go to the page:
(These are just two of many sites that have similar services and products)
That's all for now, but as usual I want to encourage everyone to visit the [free] Secunia Software Inspector for a check to make sure you have the latest updates for your software. Also, keep your Anti-Virus and other security software up to date! It only takes a few minutes (if that) and could save you a lot of time, money, and stress.
And as always, THINK before you click!
Appreciated!
TR,
I just wanted to take a minute to tell you how very much I value the information you share with readers. I am learning a lot from you and even though I should know this stuff as a computer owner, I don't, because searching for the information is so very confusing. I often don't even know where to begin. I appreciate your posts and knowledge. Concord Monitor readers/computer owners are better off for having you here:)
Tracy M
Hello fellow bloggers!
Thanks to both of you for the kind words!
Bill, I've been using CCleaner every day for years. I run it right after I'm done browsing to clean out the cache of whatever browser I've used (IE - Firefox - Opera) and the 'Temp' files. I also use the registry cleaner regularly, especially after uninstalling programs. It's an excellent program, and it's FREE!
Tracy, I'll be honest, hearing things like this means a lot to me. Sometimes I wonder if anyone's even reading what I write. I hope to raise awareness of the importance of computer and Internet security, especially for people like you. It can be intimidating at first, and easy to take a computer for granted. And as I'm probably one of the best procrastinators I know, it's easy to put off things like learning something new, or doing the 'chores' like cleaning the PC (physically and system-wise) and making sure my programs are up-to-date.
I'm also working at [trying] to stay 'on topic'. Between my ADD and my interest in nearly everything, my mind (and my writing) tends to wander as I gather information and write my posts.
I haven't forgotten about posting about 'helpful' web sites. I ran across one that emails you recipes regularly that I plan to include. Again, there are just SO many cool and helpful web sites that I get a little overwhelmed trying to decide which ones to start with. I start out in the morning doing research in one direction, and hours later I'm about a thousand tangents away from where I started! Thankfully I make use of some of the 'reminder' software like the ReminderFox add-on for Firefox!
That reminds me... I also want to do a post or two about the hundreds of add-ons available to make browsing safer, more customized to individual needs and preferences, and quicker.
Thanks so much, and I look forward to your next 'tasty' post! (I love good food!)
PS: Lets encourage all the other bloggers here at BlogsNH to exercise their fingers and minds. I want to know what they're up to and thinking about! I also want to encourage the Concord Monitor Online to allow comments on their articles. Let's get some local conversation going!
Take care
Thanks for the updates!
Just a few questions on the topic of internet security: I've got AVG 8 and am using it every night (the free version). I've also got the latest free version of Ad Aware and I run it about every 2-3 days. Is this good enough to keep hackers, viruses and other malware off my computer?
Thanks again for all the work you do in updating us all on the internet, software and especially Firefox and the Mozilla software. Without you doing this, I'd be in the dark on all these important issues!
Another appreciative reader
Another appreciative reader here as well, TR. Thank you for the information you provide.
That's a good start
First off, I want to say to all of you that your encouragement and appreciation is much appreciated!
Now specifically towards Susan, I recommend and use a 'layered' approach. Similar to how castles were built, with a moat (equal to a 'NAT Router' plugged in between your computer and your ISP's modem), the castle walls (equal to a software Firewall), and troops inside, which you can equate to your security software like Anti-Virus and Anti-Malware.
They all have to be maintained and fed, so keep everything up-to date with every security update as soon as it comes out by having Microsoft/Windows 'Automatic Updates' set to automatically download and install the monthly security updates, and periodically go to the Microsoft Update web site and choose the "Custom" check for additional updates that might be necessary or wanted.
Check your other software at Secunia's Software Inspector web page.
Anti-Virus is one of the basic layers (as long as it's kept updated at least daily). AVG's Anti-Virus is usually rated well by the testing organizations who test the different programs every year. Just make sure whatever anti-virus program you're using is set to update automatically.
Note: I'm now using (and recommending) "ESET NOD32 Antivirus". There are good [free] antivirus and other security programs available, but I feel more comfortable using the programs that are around the top of the list on the majority of the intensive tests done by independant testing organizations and individuals I've learned to trust over the years.
I've also decided to move away from the all-in-one security 'suites' in favor of separate components (AV/Malware/Firewall/etc.).
One of the few 'Suites' I've seen that's done very well in some of the testing is "Norton Internet Security 2008" and "Norton 360".
AVG 8.0 (the paid version I was using/testing) scored very poorly on it's firewall, and because of that and some other reasons I've stopped using it. But like I said, AVG's free anti-virus, like Avast's free anti-virus (which is quite a bit better and more comprehensive [free] protection) are both decent and popular
Ad-Aware is a well known product. I've used it frequently over the years, but not recently. Spybot Search & Destroy is another free product you might want to try also. I've also been running "SpywareBlaster" on my computers for years, It runs in the background protecting Internet Explorer and Firefox blocking known 'bad' web sites, backs up system files and your 'Hosts' file [manually] so you can recover them from the backup if they get infected, and has other features also. Basically all you have to do is remember to [manually] check for updates regularly and when you update, [afterward] just use the 'System Snapshot' feature and maybe save a new copy of your Hosts file (another feature), then close it. Like I said, it runs in the background, out of sight (and it's also free!).
The reason people use multiple programs to [manually] scan their computers is because no single program will catch everything. What one misses another might catch. Some use different methods to look for things, hence the results vary.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Please excuse me. This response is too long. But not knowing how much you understand makes me unsure of how technical/simplified to make this! Plus, there are so many variables and personal preferences that go into an effective security system that each individual will feel comfortable with and use, that I'll have to speak in fairly general terms. I can be much more specific if you (or others) want to email me and/or talk by phone, either of which I'd be happy to do. Just use the contact [tab] on my bio page.
There's also the fact that I tend to 'ramble'! 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But to continue, running security software including either the Windows built-in firewall or better yet a well-rated third-party firewall like Online Armor or Comodo (both of which have a free version) on your computer is essential. But that's only one part of the answer to your question, and not "good enough to keep hackers, viruses and other malware off my computer".
Equally as important is your (and anyone else using the computer) behavior when you're online. Try to only download software through sites that check [it] out themselves like SnapFiles (my favorite), CNET Download.com, NoNags, etc..
Never install software that pops-up out of nowhere and tells you that your PC is infected and offers you theirs!
Don't trust/open unexpected email attachments even if they appear to have come from someone you know unless you've spoken with them about it. Never click on unknown links in email (or anywhere) unless you're running very good proactive software like Finjan SecureBrowsing or LinkScanner Pro (or something equivalent), and even then be very cautious.
Never respond to email requests for your personal login or financial information. Have the phone #s of your bank and other companies that you do business with handy and use those to call and verify any questions you or they have. Don't automatically trust phone numbers that are provided to you in an email. Use your own or look them up.
As I've stated many times before, these days you have to be very sceptical and cautious! The Internet has given rise to a new generation of scam artists, and a huge new world online for them to exploit! Look back through my previous posts and go to the web sites I've provided links to that have information about online safety. Many have examples of the different 'cons' used to get you to provide your personal info, or silently install their 'crimeware' on your computer. "Hoax-Slayer" is the site I mentioned in a recent post that has a wealth of different information on the different scams and hoaxes. Also, government sites like the FBI, FTC, Consumer Safety, etc. all have good information and tips for staying safe online.
As far as the frequency of Anti-Virus and other scans, it depends on the behavior of the people using the computer. If everyone is cautious and well-behaved online and you run 'real-time' security software (that runs continuously) you don't need to do daily scans. Once a week should be fine, unless you suspect you've been infected. Plus, you should always [manually] scan new software after you've downloaded it because manual scans are usually more 'in-depth' than how it's checked by the security software as it's being downloaded. As far as scanning with things like Ad-Aware, Spybot S&D, SUPERAntispyware, and the like, anywhere from once a week to once a month, again depending on how cautious you are online.
I hate to say it, but these days even well-known 'safe' popular web sites are being infected with different threats. Sometimes for just a few hours at a time! So even if you stick to 'the main roads' you can't avoid the threats. It used to be the advise of security professionals for folks to just stick to 'known' sites to be safe, and just the other day Steve Gibson (one of the top security folks in the business and co-host of the excellent [but relatively technical] "SecurityNow!" podcast and owner of the equally excellent grc.com web site), stated that he doesn't even run anti-virus software on his PCs because he "doesn't go to dangerous/unknown web sites". That might have kept him fairly safe in the past, but not anymore!
Bottom line, if you want to stay [relatively] safe these days (nothing short of unplugging your computer's connection to the Internet will guarantee 100% safety), it takes staying up-to-date with the latest threats and updates for all your programs (Secunia's web site will help), use the highest rated security software available and keep it and your system updated, and make sure [that] software includes 'proactive' protection (like Finjan and LinkScanner does) that checks out the safety of web sites/links before they're allowed to connect with your browser.
Use the Firefox browser with the NoScript add-on (that in itself will protect you from so many threats!).
Keep your computer behind a router (I use a 'wired' one, as opposed to a 'wireless', but if you opt for a wireless one make certain you follow the security procedures to keep it secure).
'Get to know' your computer so that if it starts acting strangely you'll notice it.
Go to the web sites I mentioned (and others) and read about the threats and the basics of staying safe online. Know the risks!
Be skeptical of email and especially attachments!
Susan, I'm sorry this was so long. Hopefully it will be read, and of use to/by others as well as yourself.
* I just noticed the time.. I started this in the morning, and now it's almost 5PM!
Time for something to eat and some coffee!
Hope I've helped, and as I said, anything else I can clarify or add, just let me know.
Stay cool down there, I've noticed the temps have already been in the 90s!
All the best,
TR
With out you...
TR;
Without you I'm sure that many of us would be in the dark both literally and figuratively!
I understand completely what you are saying about a multi-leveled approach to keeping the computer clean...no one program can be expected to know about each and every virus.
My brother-in-law, who runs the technology department at the local high school recommended AVG and Ad-Aware. However, I'm going to add Spybot to the list. As my computer updates the AVG every night, I feel rather safe about my ventures into the cyber-world. I usually run Ad-Aware every 2-3 days, manually.
We are fortunate in that we don't open any e-mail from someone we don't know. My philosophy on this is that if they need me, and they know me, they can call me!
Thanks again so much!
Susan
Good stuff, TR.
I only use Firefox after having my computer hijacked at a hotel one night over the internet.
As it becomes more popular I imagine that as it gains in popularity, the schemers and hacks will be out to mess that up as well.
Have you heard of CCleaner? I have used it for some time and it is a handy tool.
Keep up the good info; I read every single post!
Bill