CyTRAP Labs - Wincurity - smarter protection

Recently we posted:

- 1 - CyTRAP Labs’ checklist - taking your notebook on a trip

- 2 - CyTRAP Labs’ checklist - taking your notebook on a trip - how can you best protect your PC against keylogging and hacker attacks

Not having a working firewall on one’s computer is like forgetting to look one’s door and windows when leaving home.Not having anti-virus, anti-spyware protection installed and updated before leaving home is a dangerous thing to do - some call it NEGLIGENT others plain stupid.

By taking the precautionary steps outlined below, you will have a safer and better online experience whilst travelling.BETTER SAFE THAN SORRY - read on and have a nice and safe trip.

Today we dive a bit deeper and address a few more issues that you must take care off before going on a road trip:

_9 Does my anti_virus program work properly while being away from home

One of the things you have to check is if your anti-virus program that you might get from your internet service provider (ISP) is able to download program updates regarding new viruses whilst you may not connect from home for weeks to come (e.g., you are doing field research or at temporary assignment in a remote area in Peru)

If you are not certain, it is wise to just download an open source program:

- Download CyTRAP Labs Choice - free anti-virus scanner

You might very likely find a red emblem in the lower right of your desktop bar that if you click on it will show you the Windows Security Center screen suggesting that your system is not protected with anti-virus software. Naturally, this is incorrect.

You can also click Start > Control Panel and then go down to Security Center - right click > open and you see also the Windows Security Center

If you cannot get the screenshot see here: Windows Security Center screenshot

The above would suggest that your PC does not have anti-virus protection (e.g., ClamAV is installed but does not show), but Windows can be wrong. In other words, not to worry.

_10 Are you sure that your notebook’s hard-disk is free of viruses and worms?_

Malware (this is the generic term for such malicious programs as viruses, worms, or Trojans) should be removed from your system before you leave. This is to say that whilst these nasties may do nothing unless you click on them, you should use another virus scanner than the one you have installed on your PC to make sure that everything has been removed before you leave home for a remote spot. Get a free online scan here:

- CyTRAP Labs Guide - getting your PC scanned against viruses online for free

You should run the online scan when you do not have to work on your PC because a virus scan will slow down things considerably. Yes, it might easily take five hours to complete the job but it is worth it.

_11 Having checked your PC against spyware and stealthware recently?_

If you have not go to Tip 1 and 2 in this security guide and get a choice of free software to do the job for you:

- CASEScontact.org guide: the best ways for getting rid of spyware and stealthware

_12 Have you installed the right door lock?_

When you leave your house or apartment to go on your holiday or work trip, you will most certainly lock the house door as well as all windows.

Similarly, your computer needs a traffic cop, such as a firewall that checks and makes sure that neither unauthorized traffic leaves nor enters your PC. You can get a really neat free firewall here:

- CASEScontact.org security guide: Best ways for using a firewall to protect your PC

Go down to Tip 1 and download the firewall, it also tells you how to make the most of it.
And what might happen is the same as under point 9 above, Windows will try to convince you that you do not have a Firewall running.

How why you should deactivate the Windows firewall fast and easy is explained here:

- CyTRAP Labs - De-activating Windows firewall and having a save surf experience

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

anti virus software, CASEScontact.org, ClamAV, computer virus, CyTRAP labs, cytrap labs analytica services, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, cytrap labs size of risk impact guide, data security, free tool, freeware, free anti virus, glossary, hacker attacks, holiday resort, home computer security, home PC information security, identity theft, InfoSec, Infosys, internet security, keylogger, keylogging, malware, notebook, on vacation, PC network protection, plain stupid, precautionary steps, Privacy, protect your pc, screenshot, spam, spyware, travelling with your notebook, trust, urs+nahums security checklist, virus protection, windows security center

Previously we discussed:

- CyTRAP Labs security tip - lock your computer

- CyTRAP Labs security tip - instructions on how to add a shortcut to your desktop for turning on the screensaver

- CyTRAP Labs security tip - instructions on how to lock your computer

Is it worth to memorize a shortcut?

The problem with shortcuts is to remember them. For instance, Word offers over 300 shortcuts as shipped, not including the menu shortcuts. However,  Windows and Microsoft Office applications do offer a few that we found are worth the effort.

In the past we pointed out that to improve security and prevent a customer passing by from reading confidential information on your screen, etc. Now we focus on a few handy short cut keys to make working with Windows a bit easier.

In general, a few shortcuts depend on the:

Windows key	with the Windows logo on at
Application key	with an icon of a menu on it
The most popular shurt cut keys are such as:	copy (Ctrl-C) a picture or object,cut (Ctrl-X) a paragraph in a text, or paste (Ctrl-V) the text or objects you just cut or copied into another document.

A very handy key is:
- Display Windows Help:

Windows-F1The keys we present below will work just about anywhere in Windows such as Microsoft Office applications but, as importantly, including most application programs such as the Thunderbird mail program or the Firefox web browser.

- Wish to select all the text in a pane?  ==> Ctrl-A.

This shortcut selects all the text in the current pane of the Help screen and all the text in a Notepad, Word document or on a webpage using Firefox web browser. This can be useful when you need to copy information to another window or application.

- Copy an image of the currently selected Window to the Clipboard: Alt-.

You can then paste the image into a document. Using Alt- confines the capture to the currently selected window or dialog box, as opposed to , which captures the entire screen. If no dialogs are open, Alt- gives you a picture of the current application.

- Lock your computer and hide the screen: Windows-L.

If Windows XP is set to use Fast User Switching, this will bring up the Welcome screen and wait for you to log on again. As a result, you must reenter your password to get back into the application.If your machine is not set to use the Welcome screen or it’s set to use the Welcome screen but not Fast User Switching, Windows-L will hide anything on-screen and bring up the Unlock Computer dialog box.

- Search for a computer on your network: Windows-Ctrl-F.

This will not only search for a computer but also allow you to search for a particular content or file on your PC. Quite nifty if you are looking for an older version of a file.

- Open the Start menu: Ctrl-Esc or Windows.

Either of these two shorthcuts will open the Start menu.Use the Up and Down Arrow keys to move through the menu, and the Enter key to choose an item.Be aware though that the two shortcuts vary slightly depending on your version of Windows. Ctrl-Esc, Esc leaves the Start button selected but not pressed.In Windows 95, 98, and NT 4.0 (but not Windows 2000 and Me), Windows, Esc will return you to the window or desktop selection you were working with previously.

- Minimize all open Windows and reveal the desktop: Windows-M or Windows-D.

M for Minimize all and D for desktop. Note that Windows-D doesn’t work under Windows 95, but Windows-M does.

- Restore all Windows you previously minimized with Windows-M or Windows-D Shift-Windows-M or repeat Windows-D:

Shift-Windows-M or repeat Windows-D.

If the above is not sufficient for you, get the complete list of shurtcuts directly from Microsoft:

- keyboard shortcuts for Windows

or chose another with a nice summary table here:

- Geeks’ Windows and Windows XP shortcuts

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

application key, application programs, CASEScontact.org, computer virus, ctrl c, CyTRAP labs, cytrap labs analytica services, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, cytrap labs size of risk impact guide, data security, display windows, f1, firefox web browser, free tool, freeware, glossary, handy key, help windows, home computer security, home PC information security, identity theft, InfoSec, Infosys, internet security, keyboard shortcuts for Windows, keylogger, mail program, malware, microsoft office applications, PC network protection, Privacy, security breach, security tip, shortcut, shortcut keys in Windows, shortcuts for Windows 95, shortcuts for Windows 98, spam, spyware, thunderbird mail, trust, urs+nahums security checklist, windows help, windows key

What is the difference between Java and JavaScript?
Java	is an Object Oriented Programming (OOP) language created by James Gosling of Sun Microsystems.
JavaScript	is a distant cousin of Java. It is also an OOP language and was created by the folks at Netscape.
Diferences are such that:	JavaScript contains a much smaller and simpler set of commands than does Java.As well, JavaScript is easier to understand than Java.

Both, Java and JavaScript will create great Web page events. Both can offer interaction between the user and your Web page. But they are not created equally.Object Oriented Programming (OOP) is a relatively new concept, whereas the sum of the parts of a program make up the whole.You can think of it as being similar to building a concept house or car. You build the engine first, therafter one builds the body of the car and then the seats that were supplied by another firm and so on. Each of these parts can stand on their own. Hence, each part is an object. However, it can be a fully functioning car only, once these pieces or objects have been put together correctly.It is also important to understand that the parts used for the engine (e.g., pistons) cannot be used for making up another part of the car (e.g., seats). In other words, each part such as the pistons or the battery used for the engine, seat belts or seats are made up of certain what is called class of parts.With OOP one builds objects out of classes of commands (the car has classes of parts that make up engine, seats, etc.) to create the whole program (i.e. car).

A) Java can stand on its own - this also means Java is a much larger and more complicated language that creates what is commonly referred to as ’standalone’ applications. A Java ‘applet’ (so-called because it is a little application) is a fully contained program.

B) JavaScript must be placed inside an HTML document to function. Accordingly, JavaScript is text that is fed into a browser that can read it and then is enacted by the browser.

There is also another difference on how these two are presented to the user when the latter visits a web page, namley:

1) Java must be compiled into what is known as a ‘machine readable language‘ before it can be run on the Web. Hence, after the programmer writes the Java program and checks it for errors, he or she hands the text over to another computer program (the compiler) that changes the text code into a smaller language. That smaller language is formatted so that it is seen by the computer as a set program with definite beginning and ending points. Nothing can be added to it and nothing can be subtracted without destroying the program.

This means once the Java is compiled, it is set. Naturally, one can go back to the original text and alter it, but then one must compile it again.

2) JavaScript is text-based which means that once the HTML document is written it is then run through a browser. As well, the JavaScript can be alterered and then be run again and again.

3) Java applets run independent of the HTML document that is calling for them. Hence, the HTML document basically called for the application and places it. If the programmer allows it, one may set certain parameters by the HTML document. This includes, such as:

- the background color of the applet, and/or
- the type of text the applet displays.

The delivery of the applet is done through a download. The HTML document calls for the application, it downloads to the user’s cache, and waits to run.

In contrast, JavaScript is wholly reliant on the browser to understand it and make it come to life.

BENEFITS - BOTTOM LINE
Java, because of the size and structure, can be used to create something such as:

- a small Web page event to

- entire databases and even

- full browsers.

Accordingly, Java’s versatility is surely an advantage. But this also means that Java is very rigid and requires all items to be denoted and spelled out exactly.

In contrast, JavaScript allows for fast creation of Web page events and allows one to call on an item that already exists, such as the status bar or the browser itself, and play with just that part. Some have argued that JavaScript’s main benefit is that it can be understood by non-techies, such as home-users. As well, JavaScript is much easier and more robust than Java. Many JavaScript commands are what are known as Event Handlers which means:

- Even Handlers can be embedded right into existing HTML commands.

JavaScript is a little more forgiving than Java. It allows more freedom in the creation of objects.

Finally, while JavaScript is geared to Web pages, Java is geared toward where it is needed most at the time.

You can get resources here, such as:

- getting Java Applets here

- getting over 2300 JavaScript scripts here

Once one has mastered how to get Java Applets or JavaScript on a web page, one will understand more about their structures. In turn, this will help in mastering the first steps about the language and, in turn, create functioning JavaScripts or applets for a web page oneself.

Which should I use now? Java or JavaScript?
Work	use whichever fits your needs. You simply grab the Java applets and JavaScript as fully functioning items from somewhere on the Internet. Therafter, one can if one has permission use them on one’s web page. There are many sites out there that do nothing more than hand out applets or JavaScript - see the two sites we provide links for above - there you can get what you need.
Security	this will be discussed as it pertains to Java and JavaScript in an upcoming post.

SUBSCRIPTIONTo make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

advertising banners, CASEScontact.org, computer virus, contained program, CyTRAP labs, cytrap labs analytica services, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, cytrap labs size of risk impact guide, data security, FAQ, FAQ Java, free tool, freeware, glossary, home computer security, home PC information security, html document, identity theft, InfoSec, Infosys, internet security, james gosling, Java, Java versus JavaScript, JavaScript, keylogger, malware, netscape javascript, object oriented programming, oop language, PC network protection, Privacy, seat belts, spam, spyware, standalone applications, sun microsystems, trust, urs+nahums security checklist, web page events, web page object

What we have done so far

- 1- CyTRAP Labs’ checklist - taking your notebook on a trip

- 2 - CyTRAP Labs’ checklist - taking your notebook on a trip - how can you best protect your PC against keylogging and hacker attacks

- 3 - CyTRAP Labs’ checklist - critical security checks before taking your notebook on a holiday or road trip

Not having data backed up is NEGLIGENT but whilst travelling loosing one’s notebook with all the work one did within the last week is a terrible experience. Having a VoIP software installed and wanting to talk to one’s children at home who miss mom and dad is a great idea but discovering that it fails to work properly whilst being on-the-road will be a frustrating experience.

By taking the precautionary steps outlined below, you will have a safer and better online experience whilst travelling.BETTER SAFE THAN SORRY - read on and have a nice and safe trip.

Below we present you with tips 13 - 15 that will help you in better protecting your PC and data against mishaps, hacking attacks and so on.

_13) Will I use web-based e-mail?_

Sometimes you may be unable to download your e-mail to your notebook whilst travelling (e.g., connectivity problems). Hence, if you want to view your e-mail securily using a web browser (e.g., Firefox as mentioned earlier) do as follows:

- Setting your web-based e-mail account to allow https = more security for you

When you are done reading your e-mail, PLEASE log out by clicking on the Sign out or Log out button (this is vital because if your password or login got stored inadvertently the next person visiting the site might get loged in automatically).

_14) Will I use somebody else’s computer to check e-mail or find something on the web?_

Sometimes when visiting family or a friend it might be easiest to use one of their computers to log onto the internet and check one’s e-mail using the https protocol when reading the mail on the web. But remember, your friend’s computer might be infected by spyware, keyloggers, etc. Hence, to protect yourself do as follows:

a) load Notepad or any other basic editor

b) type your username and password as part of a sentence. The sentence should be such that you can paste what you need for your password such as 19&Rambo96 out of a sentence like:

At 19:00 hours we thought it was necessary & Rambo wanted to have the 96 marbles and not the 56 I suggested

Copy the 19 & Rambo 96 from the sentence and paste it into the password field

YES: there are even safer methods but this should do for most users you can always change your password when you are back home….

c) copy your username out of the sentence you wrote in the editor and paste it into the username field - do the same for password when signing in

If you do the above, no keylogger will be able to grab your password. Do the same if you log in anywhere, it is easy and highly effective to reduce the risk somebody stealing your password any way.

Finally, please go to:

>Tools >Privacy (K-Meleon) or >Clear private data (Firefox)

to get rid of your browser history and details and THAN exit the program before leaving the computer.

15) Leaving the notebook home and taking your USB stick instead

- Encrypt your USB drive or other portable storage device for Windows�

- CyTRAP Labs tip for the mobile worker - travelling with your USB stick and your favorite e-mail program, web browers and office suite

The above two links help you to protect your data stored on your memory stick in case of misplacement or loss and, as importantly, enables you to download USB versions of your favorite program.

So what does this mean in practice? As long as you have access to another PC that runs on Windows (more than 90% around the globe will do that), plug in your USB stick, start your favorite browser or mail program and you can do all those things you need to whilst travelling.

_Conclusion_

Naturally, there are many more steps one can follow to protect oneself against nasty surprises while travelling. But nearly all of the above steps you can prepare easily for whilst still being at home.

Points 13 and 14 are easy to follow, just print out this posting and keep it handy if you are somebody that might forget (also have it somewhere stored in your e-mail - copy and paste or subscribe to our postings to get them via e-mail). Then when you want to read your e-mail on the web or have to use somebody else’s computer and you have to worry about a keylogger, read points 14 and 15 again and voila you are then doing it more securily than otherwise.

Probably this should do and if you go on a vacation just make sure that neither your notebook, smartphone or USB stick get lost. Taking your smartphone to the beach is a sure way of loosing it or having it stolen, unless somebody can keep an eye on these gadgets while you take a dip in the sea.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

better safe than sorry, connectivity problems, e mail account, Firefox, hacker attacks, https protocol, K Meleon, keylogging, mishaps, mom and dad, notebook, precautionary steps, protect your pc, security checks, vacation trip, visiting family, voip software, web based

Microsoft has released 4 security bulletins patching several vulnerabilities:

If you have Automatic Update activated for your PC, these patches will be downloaded automatically (for more details see below)

Receive this type of alert automatically via e-mail:

Your email:  
subscribe unsubscribe  

CyTRAP Labs security risk barometer
low	elevated	moderatelycritical	critical	severe
1	2	3	4	5

For more information about the CyTRAP Labs risk barometer you can visit here:

CyTRAP Labs security risk barometer.

WHAT CAN YOU DO?

operating system affected	1 bulletin for Windows , Microsoft Windows XP service Pack 2, XP Professional x64 Edition, Windows Vista, Microsoft Windows Server 2003 - SP1, 2
affected software	Microsoft Outlook Express Microsoft Mail (the built-in e-mail client for Vista) Internet Explorer 5, 6 & 7
risk	4 critical bulletins fixing several vulnerabilities were issued today.
where is the patch?	There are several patches available for download
what should one do?	If your Automatic Update is functioning properly, you are covered.You can check if it works if need be reading further below.
what is the possible impact if not patched	A remote attacker can get arbitrary commands executed on your system.
where can one get more details?	Get more details from CT110106 - CASEScontact.org advisory

_ADDITIONAL ADVICE about WINDOWS UPDATE_

If you want to check right now if your Automatic Update is functioning properly you can get step-by-step help here:

- CyTRAP Labs Tip - What to do if you are not sure if your Automatic Windows Update works properly?

If you are not sure if you should either activate the Automatic Windows-Update function or else deactivate it, you can get more information what might be the most effective option for you here:

- CyTRAP Labs Tip - enabling or disabling Automatic Windows Update - what is the best solution for you?

Incidentally, the MBSA 2.0.1 Microsoft Baseline Security Analyzer called MBSA for short is a free tool from Microsoft that searches computers for known security vulnerabilities and suggests remedies. What is nice is that it checks if your PC has the latest patches installed.

Step-by-step instructions on getting it installed on your PC trouble-free can be gotten here:

CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA

affected software, arbitrary commands, automatic update, CASEScontact.org, computer virus, cve, cve 2007, CyTRAP labs, CyTRAP Labs compliance risk assessment, CyTRAP Labs Early Warning System EWS, CyTRAP Labs risk barometer, CyTRAP Labs WinCurity better protection, data security, free tool, freeware, glossary, home computer security, home PC information security, identity theft, InfoSec, Infosys, Internet Explorer 5, Internet Explorer 7, internet security, keylogger, malware, Microsoft Mail, Microsoft Vista, Microsoft Windows, microsoft mail, microsoft windows xp service pack 2, MS07 031, MS07 033, MS07 034, MS07 035, Outlook Express, patch Tuesday, patches, PC network protection, Privacy, security bulletins, security risk, spam, spyware, trust, Urs+Nahums security checklist CyTRAP Labs, Vulnerabilities, Windows XP, windows microsoft, windows update

Earlier we pointed out:

- Encrypt your USB drive or other portable storage device for Windows

Important: logging your laptop with you on any and every trip can be cumbersome

Why not set up your USB stick with your favorite programs and take it along. It surely is not as heave as your notebook and as easy to use. Plug it in at another’s computer’s USB port (e.g., your friends) and voila, download your e-mail.

Here we provide you with some links to set up your USB memory drive or thumb drive with your favorite programs’ portable version - for free - of course.

So here we provide you with some links where you can get some of the best open-source programs to download for free and install on your USB memory stick.

This is not much technical skill required to do this properly.

COMMUNICATION AND WORK

- Mozilla Firefox, Portable Edition
- Mozilla Tunderbird, Portable Edition

- Gaim chat/messenger program, Portable Edition - has interface to chat with Yahoo/Google, etc.

- Open Office, Portable Edition

SECURITY

- ClamWin Anti-Virus, Portable Edition

MORE CHOICES

- LIST of many more portable editions for your USB memory stick

- Another list of portable editions you might want to use

Incidentally, so you have installed the above applications on your thumb drive or USB stick. Would it not be nice if the programs you are using most likely when plugging in your USB stick (e.g., browser, e-mail and anti-virus program) would start automatically?

Easy done, just set it up by taking advantage of a Windows “feature” called Autoplay. This link shows you how to set up such a file on your USB memory stick, step-by-step it is child’s play and sooooo easy and convenient, try it:

- Would it not be nice if your workspace launched automatically? Setting up Autoplay is a no-brainer

Have a great trip. And if we forgot any program you would like to recommend, please leave a comment below we would surely like to know.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

anti virus, autoplay, CASEScontact.org, clamwin, ClamWin anti virus, computer virus, CyTRAP labs, CyTRAP Labs compliance risk assessment, CyTRAP Labs Early Warning System EWS, CyTRAP Labs risk barometer, CyTRAP Labs WinCurity better protection, data security, firefox portable, free tool, freeware, gaim, glossary, home computer security, home PC information security, identity theft, InfoSec, Infosys, internet security, keylogger, mail, malware, Mozilla Tunderbird, mozilla firefox, open office, open source programs, PC network protection, portable storage device, Privacy, spam, spyware, thumb drive, trust, Urs+Nahums security checklist CyTRAP Labs, usb memory stick, usb stick, yahoo google

In the past we have reported about Windows Vista:

- Off-the-beat: Apple trying to take on Vista security

- Windows Vista content protection - why it will fail and hurt users in the developing world the most

-Why Microsoft’s Open XML is not an open standard

During the recent WinHEC event in Los Angeles, Bill Gates, as usual, gave the keynote address, and he repeated the company’s message about Windows Vista selling twice as fast as Windows XP.

Bill Gates mentioned that the launch of Windows Vista has resulted in more than 40 mio sales. He pointed out that 78 % of Vista sales were of the premium edition of the operating system.

We expect that he was almost certainly talking about retail sales, as bundled sales tend to be dominated by the Home Basic version.

WinHec - Bill Gates Speech - transcript (Tue May 15, 2007)
WinHec - Bill Gates Speech - audio (Tue May 15, 2007)

NOTE

Home users and small business enterprises, however, who rely on personal firewalls and personal editions of AV software, should wait another 12 months until those products are more widely available before taking the plunge to upgrade to 64-bit computing. Incidentally, why not wait until you replace the hardware anyway because it will be delivered with a 64-bit system (e.g., Windows Vista).

There will no doubt be teething pains and patches required for certain types of programs, despite Microsoft’s best efforts.

If you are interested to learn more how a 32-bit compares to a 64-bit system, read this here, worth your time:

What is the difference between an OS running on 32-bit vs. 64-bit - the facts Click on link - Login as guest - click on this link again and you get defintion - fast and easy

NEW PRODUCT

For the more than 40 million homes with multiple PCs in the U.S. and many more households around the globe, Windows Home Server, its aspiring for customers’ file-sharing headaches. Slated for a fall release, Windows Home Server will be sold by OEM vendors and off-brand system builders, as well.

In the Windows Home Server demo, Microsoft officials showed that from the server console, the administrator (in this case, “dad”) can monitor all of the computers on a network and manage them, such as turning on a firewall or setting up regularly scheduled backups. In a demonstration of 21st century parenting, the product manager denied his son access to his music collection as punishment for turning off the firewall.

Home Server will also do disk mirroring, so if the drive in your computer dies, you can install a new physical drive and it will build an entirely new image of your drive, complete with Windows, applications and settings. No more reinstall headaches.

Home Server customers will get a free domain name from Windows Live, which will allow users to access the entire network remotely. So long as you have browser access, you will be able to access the computers on the network to get and put files or manage the network.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

32 bit, 64 bit, 64 bit computing, CASEScontact.org, computer virus, content protection, CyTRAP labs, CyTRAP Labs compliance risk assessment, CyTRAP Labs Early Warning System EWS, CyTRAP Labs risk barometer, CyTRAP Labs WinCurity better protection, data security, free tool, freeware, glossary, home computer security, home PC information security, home server, home server, identity theft, internet security, keylogger, keynote address, malware, new product, oem vendors, PC network protection, personal editions, personal firewalls, Privacy, security windows, small business enterprises, spam, speech transcript, spyware, trust, Urs+Nahums security checklist CyTRAP Labs, Windows Vista, Windows XP, winhec

Previously we mentioned:

- Is digital rights management (DRM) dead? EMI must think so

- Windows Vista - digital rights management (DRM) - loosing more user rights

This week, ‘DRM-free downloads’ began at Apple’s i-Tunes site, supposedly. The first one to report that something was not going right was Ars Technica that erported 2007-05-30 the following:

- Apple hides account info in DRM-free music, too

In the above story Ars Technica outlines that the Apple’s iTunes site embeds account information, including:

- full name and

- email address,

in all purchased songs. This includes the DRM-free songs that became available starting 2007-05-30.

But Joe Touch wanted to test this (the following are his results we got via email)
=============================

TEST 1: ‘Free song of the week’, under ‘iTunes Plus’ (DRM free)

I tested:
- downloading the “free song of the week” (DRM free)

I found as clear text:
- my AppleID
- my name (as part of my billing address under my account)

I did not find any other information associated with my account, for example, I did NOT find as clear text:

- my email address
- my street, city, state, or zip code
- my phone number

When I zeroed out the AppleID and name above, the song would no longer play - iTunes was happy trying, but acted like the file was corrupt, and played only a half a second or so.

Conclusion: “free song of the week” is not DRM-free

=============================
TEST 2: ‘Free song of the week’, not under ‘iTunes Plus’ (not DRM free)

I tested:
- downloading the “free song of the week” (not DRM free)
NB: there is no indication that this is DRM-free

I found as clear text:
- my AppleID
- my name (as part of my billing address under my account)

I did not find any other information associated with my account, e.g., I
did NOT find as clear text:
- my email address
- my street, city, state, or zip code
- my phone number

When I zeroed out the AppleID and name above, the song would no longer play - iTunes reported that I needed to authorize my computer to play songs owned by the blanked-out ID.

CONCLUSION

The non-DRM “free song of the week” not DRM-free (to be fair, they never assert that it would be)

=============================

We thank Joe Touch for these test results. You may go ahead and play your ‘DRM free’ song using iTunes but beware, it is not DRM free. And in contrast to Ars Technica he did not find:

- email address,

being included. But this is a minor difference. Nonetheless, critical is that the information that is collected is sufficient to enable Apple to identify the user even with so-called ‘DRM free’ songs.

Whatever we want to call this, Digital Rights management is alive and kicking…. whatever Apple tries to make us believe.

The above lets one pause. Put differently we must put forward the question:

- how serious does Apple take it with the truth and,

- should one continue to have trust and confidence in Apple considering how the firm handles users’ rights (claim DRM free when it is not).

Honesty should be rewarded, dishonesty should make you cautious. So, as an Apple customer be aware and take care.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

Apple DRM free downloads, Apples iTunes site, ARS Technica, ars technica, CASEScontact.org, computer virus, copyright, CyTRAP labs, CyTRAP Labs compliance risk assessment, CyTRAP Labs Early Warning System EWS, CyTRAP Labs risk barometer, CyTRAP Labs WinCurity better protection, data security, digital rights management, downloads, DRM, EMI, free tool, freeware, free songs, glossary, home computer security, home PC information security, i Pod, identity theft, internet security, iTunes Plus, i tunes, Joe Touch, keylogger, mail test, malware, music, PC network protection, Privacy, spam, spyware, trust, Urs+Nahums security checklist CyTRAP Labs