To test your anti virus in full safety, you can use the file of Eicar test. This file is detected as a virus by the anti viruses but it is not one, it does not contain any viral code. If the false virus is detected, it is that your anti virus is active and protects you.

1. To create this false virus, you need simply to create a file inside Windows. Click on the Start button, All Programs, Accessories then on Notepad.

2. Then cut and paste the following character string in the Notepad:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTI VIRUS-TEST-FILE!$H+H*

3. Then save the file while clicking on File then Save as.

4. Unroll the “Save as type” list then select the option All files.

5. Add the name of file eicar.com in the zone File name. Choose the location where you want to save it (on Desktop) and then click on Save button.

6. If your antivirus is correctly activated, it must then alert you instantaneously presence of the Eicar virus.

7. Then ask your antivirus to remove the file.

8. Go to the EICAR web site & download the test file ” eicar.com “. During the download, this will test your AV’s ability to scan downloads.

If your antivirus does not see anything, than you have a problem. It could be because of two reasons: permanent protection is badly configured or there were some problems during antivirus installation. Then you have to read documentation of your software to correct this problem.

**Only do this test after you have updated the file signiture files in your AV software. If the false virus is still not detected, you must then seriously think of changing anti-virus software.

Thus, when an edit has been made to a web page, if the browser the client has been using has stored a previous version, the client may not see the new changes. To clear your bowser’s Internet cache in IE 7, following the following directions:

Internet Explorer 7 Cache Clearing

Open Internet Explorer and locate Tools in the top menu.

Select “Internet Options” in the drop down menu.

Next, locate “Browsing history” and click Delete.

Locate “Temporary Internet Files” – Copies of web pages, images, and media that are saved for faster viewing – and click: Delete files.

You will receive a pop-up warning entitled “Delete Files – Are you sure you want to delete all temporary Internet Explorer files? Click: Yes

Locate “History” – List of website you have visited – and click Delete history.

You will receive a pop-up warning entitled “Delete History – Are you sure you want to delete your history of visited websites? Click: Yes

Close and then click OK to exit.

One should clear their browser’s cache (temporary Internet files and history) on a regular basis in order for the browser to function more efficiently.

Use one of the many FREE email service web sites and create you very own throw away account. Then when you visit a web site that requires a “valid” email address, you supply the throw away one.

Pros:

1. Its free

2. Its a “real” account (you can send and receive mail).

3. Its relatively safe (don’t open attachments or click on links).

4. If it is spammed, just delete ALL or just ignore the account for several weeks. Most of these email sites will de-activate your account for non-use. If that happens, just create a new one.

Cons:

1. Its another email account you have to keep track of.

Video Demo on creating a throw away email account at www.myway.com

Internet security is based on a “weakest link” principle, and passwords are often the only thing standing between a hacker and access to your computer or the home/business network. If your password is weak or non-existent , you make it easier for someone to break in. Hackers make their livelihood by automating ways to continually search out the weakest link to gain access to a network or computer. Don’t let your password be the weak link!

There are real consequences to not having a strong password. If someone steals your password, they may find a way to access your e-mail or IM messages, your bank accounts, your research, your contact lists, confidential memos and whatever else you have on your computer. Your files may be altered or destroyed or in some cases, lock you out of your own system. Sometimes hackers even take over a computer and turn it into a zombie, using it to perform malicious tasks such as sending out large amounts of spam.

How Passwords are stolen

When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:

• Guessing. Believe it or not, this is usually number one. Programs designed to guess a user’s password are common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.
  TIP: It’s best to NEVER use any personally identifying information when creating a password.
• Dictionary-based attacks. Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.
  TIP: Staying away from actual words, even in a foreign language, is recommended.
• “Brute Force” attacks. By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.
  TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.
• Phishing. Phishing scams usually try to hook you with an urgent IM or e-mail message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.
  TIP: Best advice is don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source.
• “Shoulder surfing.” Passwords are not always stolen online. A hacker who is lurking around in a cybercafé ,library or any open or public wireless access points, may be there for the express purpose of watching you enter your user name and password into a computer.
  TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.
• Inadvertently exposing you password. Once you have created your really strong password, keep it to yourself. Don’t write it on a post-it and stick it under your keyboard.

Never, Never and I mean NEVER….

Never write your password down or store it electronically in an unencrypted file-such as in a spreadsheet or text file.

Never leave any password blank or unchanged from its initial or default value.

Never make your password trivial (e.g., “password”, “passwd”).

Never make your password repetitive (e.g., “AAAAAAA”, “aaaa111″).

Never make your password sequential (e.g., “abcdefgh”, “12345678″, “qwerty”).

Never base your password on any of your personal information such as all or part of your Social Security number or telephone number.

Never use the name of a family member, nickname, pet name, birth date) or word associated with your interests (carfixer123) as your password.

Never use any word in any dictionary or any common given name (e.g., John, Mary, Tommy) as your password.

Never construct your password by taking any word in any dictionary or any common given name and substituting numeric characters or symbols for similar looking alphabetic characters (e.g. “p@ssw0rd”, “C@rfiXer”). Many of these can be found in many of the popular search engines on the web.

Never build your password by following or preceding any of the above with by a number or symbol (e.g., “movie10″, “1kerri”).

Never use the same password over again. Think of them as disposable.

Never send your password through email. A new trick that hackers use is to try to get people to give away their passwords and other personal information through email. Reputable companies will never ask you to send a password through email. If you receive such a request, notify the company immediately by phone or through their Web site.

Tips for Creating and Using Safe Passwords

If you work in an office or have multiple home users of your computer, it’s important to remember protecting your computer and accounts with strong passwords. This helps protect other users as well. If just one password used to access the company network is breached, all of the computers connected to the network are put at risk for viruses, worms and other forms of malicious attack.

In addition to the suggestions offered above, follow these guidelines for creating and using strong passwords:

Creating a strong password:

• Use BOTH upper- and lower-case letters.

• Place numbers and punctuation marks randomly in your password.
• Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended (of course this makes it more difficult to commit to memory).
• Use one or more of these special characters: ! @ # $ % * ( ) – + = , < > : : “ ‘
• Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.
• A passphrase could be a lyric from a song or a favorite quote. An example of a strong passphrase is “Superman is $uper str0ng!”. A nonsensical word can built using the first letter from each word in a phrase (e.g. C$200wpG., represents “Collect $200 when passing Go.”). These typically have additional benefits such as being longer and easier to remember.

Using your password safely:

• Create different passwords for different accounts and applications. That way, if one account is breached, your other accounts won’t be put at risk too.
• Don’t use your computer password for online shopping sites or free e-mail accounts (Hotmail, Yahoo!, Gmail).
• Change your passwords regularly, about every six months. Don’t share your password with anyone else. Once it’s out of your control, so is your security.
• Don’t enable the “Save Password” option, even if prompted to do so. Pre-saved passwords make it easy for anyone else using your computer to access your accounts.
• Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
• Don’t use sample passwords given on different Web sites, including this one.
• Another safe password technique is to create a new, strong password for every Web site or login that requests one. You might consider creating a few strong passwords and use those at sites you want to keep most secure, such as your bank, brokerage, or bill-paying company. Then create another small set of passwords that are easier to remember that you can use everywhere else.
• A social engineer will try to manipulate a computer user by using trust rather than exploiting computer security holes. Be aware of anyone who wants to log on to your machine to send a quick email or anyone who claims to be an administrator and requests a password for various purposes.
• Use a password generator
• Using a password manager to store your password is not recommended unless the password manager leverages strong encryption and requires authentication prior to use. Be sure to use a strong password for your password manager. KeePass password safe (http://keepass.info/ ) is a fine example.

A good password is more than just a complex password. A good password is one that is not easily guessed but still easy to remember. It should be long and should consist of letters, number, and symbols, but still easy to type quickly with few errors. It should have elements of randomness that only a computer can provide while still having familiarity that only a human can provide.

But the best password of all is the one that the user chooses based on an educated understanding of passwords – a password that is hard to crack, but never forgotten. And the best password policy is one that helps users in creating these passwords.

Links:

http://en.wikipedia.org/wiki/Password_strength

http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/

http://www.pctools.com/guides/password/

https://www.grc.com/passwords.htm

http://www.microsoft.com/protect/yourself/password/checker.mspx

http://www.passwordmeter.com/

Passwords

Document for download: passwords.pdf

**Please note: a .pdf file reader is necessary to display and print these files. Get a Windows reader here.