The first step is to backup the data. The last thing you want to do is to lose all the images or documents because of an unintended snafu while cleaning up. Copy all the files onto an external drive or look into one of the many cloud storage services where you can sync your data automatically.

Once the data is safe, it’s time to scrutinize every single piece of software installed on the computer, starting with the operating system. Do you really need to be running Windows XP? Microsoft is ending support for the aging operating system. For Mac users, Snow Leopard is getting old, too. Maybe it’s time to upgrade to a more modern OS.

Regardless of the OS version, though, let’s make sure all the latest security updates have been downloaded and installed. If you have been keeping up with the updates, this step is pretty quick. If it has been a while, you may need to download, install, and reboot; wash, rinse, and repeat.

After the operating system, it’s important to consider every application installed on the computer—word processing suite, PDF software, Web browsers, etc—and make sure they are all up-to-date. Are there applications you no longer use? Uninstall them. Do you have several versions of the same software? Get rid of the older ones. Do you even use those applications that came pre-installed with the machine? If not, dump them.

Many Web-based attacks check to see what software is installed on the computer and exploit the security flaw in a vulnerable application to download malware. It’s worth taking the time to remove applications you don’t use as they could wind up being a potential attack vector someday.

Are all your applications up-to-date and on the latest version? Most recent versions of Web browsers and PDF software have a number of built-in defensive features designed to thwart malware and Web-based attacks. Sure, you can get by with Adobe Reader 9 and it may “still work just fine,” but it is less secure than Reader X or XI, which has the sandbox technology to trap malicious code and prevent them from executing and affecting the computer.

Check the vendor Website to find out if there are any software updates available. Update your personal firewall and security software to make sure you have the most up-to-date security protection. Is it time to renew the software subscription? It’s important to stay current with renewal dates, because if the subscription lapses, the software becomes less effective at protecting you from the latest threats.

Once all the applications are updated, it’s time to run the fullest, deepest, most complete scan possible on all the drive, even the external ones. Don’t forget to install and run anti-spyware tools to clean out any adware and spyware that may be lurking on your computer.

Mobile devices can use a similar level of attention, too. If it’s possible, update your mobile OS to the latest version. Go through all the apps to make sure you know what they do and that you actually use them. Several security companies offer mobile security apps that scan apps and Websites to make sure they are safe. Other apps offer features, such as to remote lock, to prevent someone else from using the device if you lose it, or remote wipe to entirely erase the data if the device is stolen.

Running updates and upgrading are tasks that can be—and should be—done throughout the year. At least once a year, though, take a look at what software you are running and purge whatever you don’t need. Done right, spring cleaning can make your electronics more secure.

Spring Clean Your Electronics By Backing Up, Upgrading, and Protecting - ZoneAlarm Blog

Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects your computer, and renders it under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets – a unique aspect of these attacks.

These attacks are variations of a similar one that was conducted last year, and take advantage of a vulnerability in Microsoft’s Windows Common Controls as described in CVE-2012-0158. The attack can successfully infect both Windows 7 and Windows XP platforms.

Bank-related phishing e-mails remain popular. We all notice a message from our bank, and we are likely to feel a sense of urgency to click or act fast. Remember not to open attachments from unsolicited emails from your bank or other organizations. When you receive a suspicious e-mail in your inbox, always be wary, and when in doubt, use the phone and call your bank. Also, make sure your security software is running and up to date. Stay safe!

Another Round of Email Phishing Attacks: Don’t Get Hooked! - ZoneAlarm Blog

How can you avoid becoming easy prey for scammers who can wreak havoc on your computer, personal information, identity and finances? Remembering what you learned from mom, consider the following security tips to help you stay clear of email scams this Mother’s Day.

To read the full article, click HERE:

Mother’s Day Email Scams: 5 Ways to Prevent Them - ZoneAlarm Blog

As wearable technology goes, Google Glass is exciting. The idea of wearing a computer that you can tell it what to do, get the answers you need, and be able to engage with friends over social media effortlessly seems like something out of the future. With Google Glass, wearers can surf the Web and look up answers to questions, take pictures and record video and upload them to Google+ and YouTube, initiate a Hangout, and get turn-by-turn navigation directions. Initial reports from people who are testing the headgear report a surprisingly comfortable fit and smooth online experience.

But as all things Google, there are some people increasingly worried about the erosion of privacy. It’s one thing for Google Glass wearers to agree to share more of their information—where they go in the physical and virtual world and what pictures they are taking—with Google. But it’s a whole new level of privacy concerns when taking pictures and taking video may violate someone else’s privacy.

A common concern seems to be the fact that people won’t know if the wearer is surreptitiously taking pictures or filming someone. According to various reports from people who are testing the gear, it’s pretty hard to hide the fact that Google Glass is on. When Glass is on, the person standing in front of the wearer can see the screen illumination.

Not only will people be able to tell when Google Glass is on, it is pretty obvious when the wearer takes a picture, since the wearer has to say, “Okay Glass, take a picture.”

The bigger question appears to be video. Did that customer start the video before walking into the store and is everything in the store being recorded? Or perhaps the wearer is presently in a Google Hangout and all the folks also in Hangout can see whatever the wearer is seeing.

That is a creepy prospect, and a valid concern. Eric Schmidt, Google’s chairman, thinks new rules of etiquette will evolve regarding how Glass would be used. “The fact of the matter is we’ll have to develop some new social etiquette,” Schmidt told the BBC recently.

“It’s obviously not appropriate to wear these glasses in situations where recording is not correct, and indeed you have this problem already with phones,” Schmidt said.

Google has pointed out that there is nothing Google Glass does that our portable devices don’t already do; it just makes the process easier and accessible. Anyone can casually record conversations using any one of the recording apps available for iOS and Android devices. Maybe you will wind up in the background of a picture or video a wearer took without you knowing it? It doesn’t seem any different from the thousands of snapshots people are taking each day with their smartphones.

“It is still very early days for Glass, and we expect that as with other new technologies, such as cell phones, behaviors and social norms will develop over time,” a Google spokesperson said recently.

Obviously with any new technology there is the potential for misuse, and people are very focused on the possibilities. The privacy concerns should be part of the conversation, but as Lance Ulanoff, editor-in-chief of Mashable recently said, “Google Glass is not a spying tool.” The way Glass is designed, the wearer has to look somewhat up and to the right to see the screen. “If I want a spy tool, put it right in front of my eye, so I can look at the person I’m talking to, while filming someone else,” Ulanoff said.

Are you concerned with Google Glass? Tell us what you think in the comments below.

Google Glass: A Privacy Concern? - ZoneAlarm Blog

Recently, we posted an infographic on securing information on your PC. Here is a purely hypothetical situation you could face this summer:

The focal character in our tale is Alex, a 20-something recent college graduate. She has a great job at a major law firm. She wants a quick vacation this summer; she works hard, plays hard. To that end, she and her friends decide to spend the weekend in Las Vegas.

Let’s see what happens after she uploads her photos through two scenarios:

Scenario 1
Alex doesn’t have software to protect her files. The photos sit in a folder on her desktop.

Scenario 2
Alex has ZoneAlarm File & Folder Lock on her computer. The photo folder is locked with a unique password generated by the program.

When Alex’s friends ask for copies of the photos, she transfers the folder onto USB flash drives, which she then sends to her friends:

Scenario 1
Alex’s friends upload the photos and then throw the USB into a random drawer or the trash, consequently leaving all the photos unprotected and visible to anyone who gets hold of it.

Scenario 2
Alex’s friends can’t open the photos until Alex provides them with the password to the folder. ZoneAlarm File & Folder Lock keeps the files locked, so if the USB is tossed into a random drawer or the trash, no one else will be able to access the photos unless they have the password.

Later in the week, Alex’s mom comes over for dinner and wants to use the computer. A curious parent, she sees the “Summer in Vegas” folder on the desktop and tries to open it.

Scenario 1
Vegas does not stay in Vegas. Mom is able to rummage through the photos Alex took in Vegas, some of which are more confidential than others.

Scenario 2
Alex’s mom doesn’t have the password and is unable to open the folder and lets it go. She understands Alex’s right to privacy.

A few years pass, and it’s time for Alex to get a new computer. What to do with her old Vegas memories?

Scenario 1
Alex deletes all of the files on her computer, empties the desktop recycle bin, then brings her computer in for donation.
Unbeknownst to her, all of the files Alex thought she “deleted” from her computer are still on her hard drive.

Scenario 2
Alex uses ZoneAlarm File & Folder Lock’s Secure Delete and her files along with the “Summer in Vegas” folder are permanently deleted from her computer. Secure Delete is based on military-grade deletion technology, meaning there are no digital traces of any information on her hard drive.

And so ends the tale of Alex, whose trip to Vegas stayed in Vegas… but only in Scenario 2.

ZoneAlarm File & Folder Lock isn’t limited to just protecting photos – think of all of the files on your computer and external devices that are at high risk of being stolen. Have you ever emailed your mortgage application documents to your broker? Did you “misplace” the USB you used to bring tax documents to your accountant? What about the computer you donated, did you really delete all of your files (and emptied the “Recycle Bin”) like Alex? You are at risk of your personal information being stolen by anyone savvy enough to hack into email and a hard drive, or by anyone who knows how to plug in a USB.

This summer, worry about SPF and not your files. Install ZoneAlarm File & Folder Lock on your computer, and it will take care of the latter.

Keep What Happens in Vegas in Vegas - ZoneAlarm Blog

(Click below image to enlarge)

To buy or learn more about ZoneAlarm File & Folder Lock, click HERE.

To buy or learn more about ZoneAlarm File & Folder Lock, click HERE.

How secure is information on your PC? - ZoneAlarm Blog

(Click below image to enlarge)

Got Teens? Online Privacy Issues Concern Parents - ZoneAlarm Blog

You know about being careful and not clicking on random links or downloading software from unknown sources in order to avoid being infected by banking Trojans. You scrutinize account activity and don’t give out bank information to prevent account fraud and takeover. However, the latest attacks knock the banking Website offline so that you can’t even login to your account.

Cyberattackers have targeted some of the largest banks in the U.S. and worldwide with large distributed denial of service (DDoS) attacks over the past few months. In these DDoS attacks, the Website is overwhelmed trying to process a large number of requests all at once. At first, the site gets sluggish, until it eventually crashes and goes offline.

These banks have been hit by waves of DDoS attacks since last fall. The DDoS attacks lasts about three days, during which time banking customers have a hard time getting anything done on the online banking site, or can’t even log in at all.

Just because you can’t log in to your online banking account doesn’t mean your money has disappeared. It just means that you may need to go to physical branch, visit an ATM, or just wait out the attack.

All the financial institutions claimed customer data was not impacted and no fraudulent activity had been detected. As soon as the attacks ended, the sites were back online without any further issues. DDoS, while disruptive, affects Web servers, which are usually well-separated from the systems that handle customer account data and actual transactions.

Even so, these attacks can be a diversion, a way to distract the IT team while another group sneaks in and steals money. These DDoS attacks have in fact “led to or been associated with fraud and customer account takeover,” warned Gartner’s Avivah Litan recently.

A large U.S. bank recently admitted in documents filed with regulators that the attacks “resulted in certain limited losses in some instances,” but did not elaborate. Users should check their accounts and statements for suspicious activity that may have occurred during the DDoS attack. Other basic security hygiene applies, such as selecting, and regularly changing, strong passwords for online bank accounts and running up-to-date antivirus and firewall products, not clicking on links, or opening attachments. It’s critical that all installed software, including Web browsers and the operating system, be updated regularly.

There is not much you can do during a DDoS attack on your financial institution, but you should still follow basic security precautions, check your statements after the attack, and just be vigilant.

What You Need To Know About DDoS Attacks - ZoneAlarm Blog

(Click below image to enlarge)

Managing Logins - ZoneAlarm Blog

Surprise, your email has been hacked. Perhaps you clicked on a link in an email from a similarly affected friend and downloaded a password-stealing malware. Or you were tricked into telling a scammer your password. Or, you were using the same password across several sites, and the attacker had found the password elsewhere.

Why you, you ask? Maybe your email address was on a spam lists or in some stolen database from some other site. Depending on who you are, or who you work for, the attackers may have specifically targeted you. Or perhaps you were just (un)lucky—the attackers cast a wide net and you just got caught.

Okay, so you are hacked. Now what?

Regain Control

The first step is to regain control. If you are locked out of your account, try the password reset process by clicking on the “forgot password?” link. If the attacker hasn’t changed your password reset or your password hints, then you can just click on the link and get back in to your account. That may not work if the attacker has already changed the reset address and security questions.

Most email providers offer some high-level process to help users regain control of their accounts. Of course, depending on the provider, that process may be easy or difficult. Hotmail/Outlook.com users can answer a few questions to verify their identity. Google requires more detailed information in order to verify you are the owner.

Maybe you were lucky and the attacker didn’t lock you out of your account or delete any of your messages. In which case, your first job is to change your password.

Change Your Password

Once back in your account, it’s time to change that password to something strong. “Password1,” “letmein,” or even your last name backwards are not good passwords. Pick a long, weird password, with a mix of characters, upper and lower case letters, and numbers. An obscure phrase would work.

Check Your Password Resets

Did the hacker change the email address listed as the recovery address? Change it back to your own, and make sure the attacker didn’t add any additional ones.

Make sure the security questions are still questions you know the answers to. This may be a good time to change them so that someone just looking at your Facebook page won’t be able to just guess the answers.

If your email provider allows you to automatically forward a copy of your messages to another address, check to make sure the attacker didn’t set that up with some other email address.

Change Your Habits

Think about what you were doing before you got hacked. Clicked on a link? Didn’t have antivirus running to detect that malware? Reused passwords across several sites? Told someone your passwords? Let’s make sure not to make that mistake again. Be careful about what sites you visit, don’t click on random links if you don’t know what they are about, and be paranoid about your password.

Don’t ever share your password with anybody!

Email Hacked? Here Is What To Do - ZoneAlarm Blog