What is Prefetching

Link Prefetching is a concept introduced by Firefox and Google as late as 2005, but still many people do not know much about it. Link Prefetching actually is a mechanism through which Firefox utilizes some of its idle time to prefetch web pages, which it thinks your are likely to visit next from the currently open web page. After the current web page has finished loading and some idle time has passed, Firefox starts link prefetching and silently loads the next probable page in its cache. The purpose of Link Prefetching is to enhance your user experience by quickly load your next page by serving it quickly out out of Firefox Cache.

Google has been supporting Link Prefetching, and when you search for any keyword in Google through Firefox, the first link displayed gets prefetched to your browser cache.

But, Is Link Prefetching always Good ?

Link Prefetching feature of Firefox looks nice on the face of it, as it speeds up your Browsing speed by utilizing your idle time.

But there is a lot of criticism against Link Prefetching by Firefox. Some of the issues are…

• Users who pay for the amount of bandwidth they use find themselves paying for traffic for pages they might not even visit.
• Webmasters who pay for the amount of outgoing traffic on their sites, are forced to pay for traffic generated by people who may never actually visit their sites.
• Advertisers pay for viewed ads on sites that are never visited (non-compliant prefetching)
• Browser usage statistics may get skewed towards browsers that implement prefetching.
• Search engine referer statistics may get skewed towards search engines that implement prefetching.
• Web site statistics may become less reliable due to registering page hits that were never seen by the user.
• Users may be exposed to more security risks – by downloading more pages, or from un-requested sites (additionally compounded as drive-by downloads become more advanced and diverse).
• Users may find themselves at legal risk if illegal content is prefetched. So, the choice is yours.

If you prefer to Disable Link Prefetching, then proceed as follows.

How to Disable Link Prefetching in Firefox

Firefox has the Link Prefetching feature ON by default, and there is no option in the Firefox properties Dialog Box, which allows you to disable Link Prefetching. You have to do it manually by editing the about:config entries. Follow these steps for that.

1. Open the Firefox browser
2. Type about:config in the address bar and press Enter
3. Scroll down the resulting preference list to network.prefetch-next
4. Double click network.prefetch-next so the value is set to false.
5. Close Firefox and restart it to enable the change.

How to Enable Link Prefetching for all Links on a webpage

In case, you are an ardent supporter of Link Prefetching, there is a nice Firefox Extension. You can use Fasterfox, which has an option to enable the prefetching of all page links by the browser.

With the ever increasing threat of phishing and hacking attempts, and the number of online usernames and passwords, it is becoming extremely difficult to manage passwords without the help of a good Password Manager. With so many passwords to remember, it is almost impossible that you can have different passwords for different websites and learn them all.

What do you do then ? Either use some common passwords for many websites, and thus compromise your online security, or use a Password Manager.

Password Managers are both online and offline. Offline passwords appears to be safer because your private data is not stored with any third party. But they lack the flexibility and you may not be able to use them from other computers, say in your office. On the other hand, online password managers are flexible but you always are doubtful about the trust worthiness of the password managers themselves.

Clipperz, is great online password manager, which solves both the purposes. It is an online password manager utility, which is highly flexible to use and allows you to login with a single click. Clipperz has an excellent feature for firefox, when it opens a side bar in firefox, and it allows you to login and open your desired websites with a single click.

Clipperz doesn’t even requires your email for registration. The data you send to them is encrypted at the browser level itself. They even do not store your passphrase, which you require to access your Clipperz account. The best part is that their source code is available for scrutiny.

Clipperz is much more than just being an online password manager. With Clipperz, you can store all your secret PINs, CVVs, SSNs and virtually anything. Clipperz offline version also offers to access your precious and confidential data are always at hand, even if you are not online.

I liked it, simply.

Recent Document List is a useful feature in MS Office products as it allows you to access your recently opened files quickly.

But this useful feature sometimes becomes a security concern if you are working on a system which is accessible to others, while your are away from it. For instance, if you are working on an office computer, then, somebody else may spy upon you and see the files, which you have recently worked upon.

The best option is to clean the recently opened document list.

How to do that ?

A few simple steps.

• Open MS Word 2007 > Click the round Office Button on the top of the menu.
• Click on the ‘Word Options’ button at the bottom of the pop up box.
• ‘Word Option’ window will open. Click on the ‘Advanced’ Tab.
• Scroll down to find the ‘Display’ group. Look for the ‘Show this number of recent documents’ to ’0′ or any other desired value.
• Save the settings.

[Please make Internet a safer place and consider Stumbling this post for the benefit of more and more innocent web surfers.]

Yesterday, during my regular Google search for new Malware attacks, I discovered a rogue blog, which is blatantly dishing out rogue malware software to its innocent visitors. I had noticed many such sites previously also, but something kicked me within this time to write a quick post about it, for the benefit of visitors of Webtools & Tips.

Actually I was searching for more info about the Blue Screen of death and I entered a query "computer blue malware" in the Google Search Box. See the screenshot below of top 3 results.

The 3rd spot was grabbed by the following URL.

porono-tube8reg (dot) blogspot (dot) com/2008/06/computer-blue-malware-squared-anti.html

It seems to be a Blogger Blog. Remove (dot) and replace with a "." to visit the actual link.

When I clicked on the link, I was immediately redirected to AdultFriendFinder. No issues, I have seen many of them, and I don’t mind the webmaster’s attempt to make a few bucks by luring me to join the AdultFriendFinder program.

I just closed the tab and returned back to the Google Search Result page to try to discover some more facts about the URL. I copied the home page URL porono-tube8reg (dot) blogspot (dot) com, and pasted in another browser Window. Try it yourself, it will not harm you in any way.

I was again redirected, but this time to a harmful website. All my browser windows were immediately closed and I got the following pop-up windows staring at me.

(First Attempt: Install AntiVirus2009)

I was quick to judge the trap and quietly closed the window. If you are following me, then please be careful to not click on any OK here. Because all this attempt is to lure you to get one of their rogue antivirus installed on your system.

I opened yet another browser window and repeatedly tried to open the home page. But every time I was redirected to different malware programs, which are well known for their nature. In fact these are rogue anti-virus programs, which pretend to be a genuine antivirus, and try to get themselves installed on your machine.

Try it yourself. But be careful that your AntiVirus and Firewalls are well in place and do not click anywhere on the pop-up windows.

(Second Attempt: Install AntiSpyWare2008)

(Third Attempt: Install Online-xpcleaner)

(Fourth Attempt: Install yet another Rogue Media Player)

(Fifth Attempt: Install some malware from avwav.com)

Yet another lesson, which I learnt from this attack, is that out of the five attempts to install a malware on my laptop, only one was detected by my system. Incidentally I have been running Windows Vista Business Edition, with Bit Defender Firewall, Norton 2008 AntiVirus and Firefox 3.

Few quick lessons learnt here.

Phishing email scams are increasing day by day. New tricks are being learnt by the phishers and email providers are after them to be more clever in detecting phishing emails.

Related: You can find 9 effective ways to detecting phishing emails on this blog.

In a recent development, GMAIL, arguably the most secured email provider, has started cooperating with Paypal and Ebay, for better protection against phishing. Paypal and Ebay are notably the most targeted domains by phishing email attempts.

In the details posted on the Official Gmail Blog, Brad Taylor, Software Engineer and Gmail Spam Czar, has stated…

Now any email that claims to come from “paypal.com” or “ebay.com” (and their international versions) is authenticated by Gmail and — here comes the important part — rejected if it fails to verify as actually coming from PayPal or eBay. That’s right: you won’t even see the phishing message in your spam folder. Gmail just won’t accept it at all. Conversely, if you get an message in Gmail where the “From” says “@paypal.com” or “@ebay.com,” then you’ll know it actually came from PayPal or eBay. It’s email the way it should be.

Google is understood to be working on the well known concepts of Sender ID and DomainKeys for validating the sender, and this is one step further in the attempt to provide complete protection against all phishing attempts.

However, phishing attempts seems to be an the rampage these days with phishers and spammers working on newer ways to improve their success rates.

Full details here.

Virus!

One of the most feared and often highly misrepresented term of computer terminology. The root of ALL evils, at least many think so. I have seen many long time computer users linking all sorts of hardware and software troubles and crashes to so-called viruses in their system. But it is not so.

What actually are AntiViruses ?

Too Simple a question, who doesn’t know the answer. But technically…

Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. The term “antivirus” is used because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two different approaches to accomplish this:

• examining (scanning) files to look for known viruses matching definitions in a virus dictionary, and
• identifying suspicious behavior from any computer program which might indicate infection.

As you must have used many Antivirus programs, we are not talking about them in this post. There are the merits and demerits of all of them. But one thing is for sure. No Antivirus is perfect. By the very nature of their working principle, Antivirus invent the process of cleaning a virus only after a virus is born. And this gap, between invention of a virus and its vaccine decides the effectiveness of an anti virus software.

Here comes the role of Free Online Antivirus Programs.

How Online Anti virus programs help ?

Once it is established that no Anti virus program is perfect, then it is sometimes better to apply double protection, meaning that you you two anti virus programs to scan your PC. But you cannot (or rather should not) use two anti virus programs simultaneously on one machine. So, why not try using free online antivirus programs. So that is the reason of writing this post.

Here we introduce you to 10 best online free anti virus scan utilities, which you can use absolutely FREE.

1. Trend Micro HouseCall 6.6 Free Scan: HouseCall is a FREE Web-based tool designed to scan your PC for a wide range of Internet security threats including viruses, worms, Trojans, and spyware. It also detects system vulnerabilities and provides a link so you can easily download missing security patches. After each scan, HouseCall delivers a detailed report, which identifies security threats detected on your computer.
2. Panda ActiveScan: Panda ActiveScan 2.0 detects all types of viruses, Trojans, worms, spyware, dialers, hacking tools, jokes, and other active or inactive (latent) security risks on your PC. It also detects vulnerabilities of software installed on your PC which could compromise your computer’s security. You can use Panda ActiveScan 2.0 whenever you want to make sure that your PC is free from all types of threats. Also, if you are registered or have bought the paid version you will be able to disinfect the threats that ActiveScan 2.0 finds on your PC.
3. Computer Associates Virus Scanner: This scanner requires a browser such as Internet Explorer which is capable of rendering ActiveX objects.
4. Symantec Security Check: Virus Detection checks for known threats, including top threats identified by Symantec Security Response. It provides an analysis of your results and offers suggestions for further action. It does not examine compressed files. In order to run Virus Detection you must be using Microsoft Internet Explorer 5.0 or higher with ActiveX and Scripting enabled.
5. McAfee FreeScan: McAfee FreeScan helps you detect thousands of viruses on your computer. Based on the award-winning McAfee VirusScan engine, FreeScan searches for viruses, including the latest known “in the wild” viruses, and displays a detailed list of any infected files. Should viruses be found, FreeScan even provides links to more information about the viruses and what you can do to clean your system.
6. BitDefender Free Online Virus Scan: BitDefender Online Scanner is an on-demand virus scanner which incorporates the award-winning BitDefender scanning engines. You can use it to scan your system’s memory, all files and drives’ boot sectors, and to automatically clean infected files. It is also ActiveX based. Requires Internet Explorer.
7. ESET Online Scanner: A user-friendly, powerful tool, our online antivirus utility can remove malware—viruses, spyware, adware, worms, trojans, and more—from any PC utilizing only a web browser. No installation required. The scanner uses the same ThreatSense® technology and signatures as ESET NOD32 Antivirus, which means it is always up-to-date.
8. Free Virus Scan – Kaspersky Lab: This free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one. Most importantly, you can see what viruses your current antivirus software let slip through. It is stated that this free online virus scanner is very powerful and scans your machine very deeply, so it could take hours to complete. We suggest running it during a time of low activity.
9. F-Secure Free Online Virus Scanner: F-Secure Online Virus Scanner (version 3.3) is a free service. Use it to find out if your computer is infected, and disinfect your computer if needed. The product will automatically download the necessary components and virus definition databases as it is started. The size of the download package is about 35 MB incl. databases
10. Authentium :: Command-On-Demand – Free Virus Scanner: Authentium Command On Demand is a highly-effective, totally free virus scanner. Command on Demand scans for more than half a million Internet threats, using definition files that are updated daily.

What is Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting.

The sole purpose of a Phishing attempt is to acquire your sensitive information to do frauds.

How Phishing Works

Phishing scams generally take advantage of software and security weaknesses on both the client and server sides. But it has been seen that most of the phishing scams are generally done by convincing you that the attacking message is a simple piece of information from a trusted source. The typical phishing attack tries to create a sense of emergency to trap you.

How can I detect Phishing Scam Emails

Most of the phishing scams are carried through phishing emails. Detecting most of these phishing emails is easy, if you are a bit careful. Here we are producing screenshots of a few actual phishing emails, and try to elaborate how to detect phishing emails.

1. Look for your Name in the address: Phishers, generally don’t know the names of their targets. They are actually phishing for the weak and unalarmed users to make their targets. Look for the header of the email you received. If you do not find your name or email address in the address bar, this is a red sign. You have to be cautious on this email. See Figure below.

2. Look for the Salutation / Greetings: Generally, the financial organizations are very careful about the personal experience which their users get while transacting with them. One usual practice taken care by them is to greet their customers with the name. If you do not find any greeting or salutation, then it is also a thing to deal the email with caution. We are not saying that all emails without salutation are phishing emails, but this is definitely a preliminary way of raising your alarm bell. See Figure Below.

3. Look for the URLs as shown in the emails and your Browser Status Bar: Nowadays, most of the browsers display the URL in their status bar if you hover your mouse over a hyperlink. This is your most important trick to quickly discover most of the phishing attempts. Hover your mouse over the link, and without clicking just look down below at your status bar. Compare the two links very cautiously. See Figure Below. Can you see the minor difference in both the links. That is the boundary line between good and the evil.

[Bonus Tip] Look for https://: Almost all the Financial organization do online transactions through a secured protocol, and this requires the URL to begin with https:// instead of http://. Look for it. If you find the URL to be only http://, then it is most likely a phishing email. See Figure Below.

4. Look if any generic name is there in the salutation: Like mentioned above, if you do not find a salutation, or you find a generic salutation, then it is time to be concerned. We are not saying that all such emails are phishing, there are many exceptions to this as well, but it is surely a sign to be more cautious and look for other clues. See Figure Below.

5. Look for Poor Grammer and Salutation: Without prejudice to any country or race, it has been observed that most of the phishing attacks are from countries where population is not English speaking. And it leaves a mark everywhere. Since phishers are generally individuals, not organizations, and mostly operating from close confines, there are small grammatical and punctuation mistakes in their copy. Look for them, and be warned. See Figure below.

6: Do not rely on the link address shown in the Browser Status Bar: Even if, you find that the URL address as shown in the Browser Status Bar is exactly same as that shown in the email, there are chances that the actual hyperlink is pointing to somewhere else. In such a case, your safest bet is to just select the URL and copy it. Open a second browser windows, paste the address there and press enter. Remember, do not use the Copy Link Location command from the right click menu. It will defeat the entire purpose.

7. Do not rely even if you find your name in the salutation or address: With the advancement of technology, phishing techniques are also getting smarter every day. Now phishers dig deep and research to find the name and addresses of their targets. So even if you find that proper Greetings and salutations are there, still there are chances that you are staring at a phishing scam attempt. See Figure Below.

8. Look for the domain name of the link: The domain names tell you many things. If the domain name of the URL, to where your Browser status bar is pointing, is same as your financial institution, then you are most like safe. But be very cautious here. You should be knowing, what exactly is the domain address in a URL. Phishers try to make it look like the original domain, and you have to find the actual domain name from that. See the figure below.

9. Use Copy & Paste: Yes it is really good idea. But remember, don’t use Copy Link Location from the right click menu.

[Yet another Bonus Tip] Be watchful. Do not get alarmed when the email creates a sense of urgency by warning you that your account is just about to get suspended. Be cool and try to confirm from your banker through their actual website or phone, whether it is really true.

And remember, howsoever smart you are, you can never be totally phishing proof.

This is not all about Phishing. You can find more information on Phishing elsewhere, be watchful.

Happy Anti-phishing.