By Law: Catching Up with Malware - Network Security -
By Law: Catching Up with Malware - Network Security -Companies large and small are still feeling the effects of spyware. While spyware is damaging from a productivity standpoint in an enterprise, it is not as threatening as some better-known viruses. Spyware programs often contain one or more additional applications that trigger pop-up ads and other applications, while devouring computer memory resources and limiting computer performance.
This is a problem that primarily haunts consumers because most corporate networks have more advanced
security to guard against spyware/adware programs. But more information workers perform their tasks remotely these days using personal systems that don't have the protective automatic security and patches to guard against malware. These programs have become more than just nuisances; they are making a bigger appearance at the corporate level, despite security precautions.
Getting to the Root of the Problem
According to Webroot Software, Inc., a Boulder, Colo.-based firm specializing in antivirus protection, adware-infected computers lose 10 percent to 90 percent of their productivity, depending on the type and number of installed adware/spyware programs. Beyond that, firms and individuals spend countless time and expense trying to eradicate these programs or paying professionals to do so.
IDC, a global provider of market intelligence, estimated that spyware problems represent 30 percent of all helpdesk calls. According to Webroot, about 87 percent of all computers scanned by the company had some type of spyware. So the government is stepping in with enforcement and legislation.
The FTC Makes an Entrance
The Federal Trade Commission (FTC) asked a U.S. District Court judge to halt an operation that secretly installed spyware/adware that consumers could not remove from their infected computers. Defendants used the lure of free software, which they claimed would make peer-to-peer file sharing anonymous, to entice users. The agency alleged the stealthy downloads violated federal law and asked the court to order a permanent halt to them.
According to the complaint filed by the FTC, Stratham, N.H.-based Odysseus Marketing, Inc. and its principal, Walter Rines, advertised Kazanon software they claimed would allow the anonymous file sharing. With claims like "Download Music Without Fear" and "Don't Let the Record Companies Win," the defendants encouraged consumers to download this free software.
The agency charges that the claims are bogus. First, the software does not make file-sharing anonymous. Second, the cost to consumers is considerable because the "free" software is bundled with spyware called ClientMan, which secretly downloads dozens of other software programs, degrading consumers' computer performance and memory.
This accumulated software also replaced or reformatted search engine results. With this spyware, for example, consumers who tried to conduct a Google or Yahoo search would be brought to a page that appeared to be the Google or Yahoo search engine result. However, the page was actually a copycat site. The order of the search results was rigged to place the defendants' clients first
. The bundled software programs, which also generate pop-up ads, captured and transmitted information from the consumers' computers to
servers controlled by the defendants.
Other spyware and adware programs also have promised free goods, bargain prices, or even spyware- and adware-blocking capabilities, but they turned out to be the same type of program they promised to eradicate.
Obligation To Disclose the Facts
In the landmark Odysseus Marketing case, the FTC charged that the defendants had an obligation to disclose that their "free" software download caused spyware/adware to be installed on consumers' computers. But instead, the company hid its disclosure in the middle of a two-page end-user licensing agreement buried in the "terms and conditions" section of its Web site, according to the FTC.
End-user licensing agreements, particularly those listed in the terms and conditions sections, are usually listed in minuscule type with legalese, making them difficult or impossible to read. As a result, most people ignore them.
The FTC also alleges that the defendants deliberately make their software difficult to detect and impossible to remove with standard software utilities. Although the defendants purport to offer their own "uninstall" tool, it does not work. In fact, it actually installs additional software, according to the FTC's complaint.
The FTC charges that the practices of Odysseus Marketing and Walter Rines are unfair and deceptive and that they violate the FTC Act. The agency will seek a permanent halt to the practices.
Domestic Jurisdiction
Since Odysseus Marketing is based on U.S. soil, the FTC has a better chance of shutting down the operation than other alleged spyware/adware operations. Other sites that allegedly propagate spyware are largely based out of the country and out of the U.S. law enforcement's reach.
The action against Odysseus Marketing follows a late-summer settlement as Advertising.com, Inc., a subsidiary of America Online, Inc., agreed to settle FTC charges that it violated federal law by offering free security software without adequately disclosing that adware was part of the software bundle.
States are also getting more aggressive. Recently, the state of New York reached an agreement with the former CEO of a leading Internet marketing company responsible for secretly installing adware/spyware on millions of home computers.
Under the agreement, Brad Greenspan, the founder and former CEO of Intermix Media, was ordered to pay $750,000 in penalties and disgorgement in connection with an investigation into the conduct of his former company.
"Internet marketing companies have gotten away with unethical and illegal software downloading practices for too long," said Attorney General Eliot Spitzer. "This agreement sends a message that intrusive and deceptive practices will not be tolerated."
Legislative Intervention
The penalties could become stiffer for similar cases in the future. The Internet Spyware (I-SPY) Prevention Act of 2005 makes unauthorized access of computers using spyware a criminal offense punishable by a prison term of up to 5 years. The second bill-called the SPY Act-requires firms to get the informed consent of users before installing programs on their PCs.
Both bills have been sent to the Senate for consideration, after being approved by an overwhelming majority in the House. As of late October, the Senate had yet to pass its versions of the same legislation. Some of these programs also have a legitimate business purpose, according to some security experts. So the legal protections are moving ahead slowly.
Related legislation was also subject to a vote before the end of the year. In October, the House was debating the following measures: the Financial Data Protection Act of 2005, designed to prevent data breaches by mandating a strong national standard for the protection of sensitive consumer information; requiring institutions to notify consumers that their information has been compromised and could be used by identity thieves; and mandating institutions to provide consumers with a free 6month nationwide credit monitoring service upon notification of a breach.
"We know of 50 database security breaches that have occurred since January 2005 that, taken together, could impact [more than] 51 million Americans," according to Rep. Michael N. Castle, R-Del.
"While the severity of each breach and the long-term consequences, in many cases is minimal or not yet known, I worry about consumer confidence. The words 'identity theft' have become an all too familiar phrase in our everyday lives and consumers constantly worry about their sensitive information getting into the wrong hands."
He continued: "This legislation will build on efforts we have enacted over the years by safeguarding sensitive information like Social security numbers, credit card numbers with security or access codes, drivers' license numbers, and personal identification information."
In October, the Senate Judiciary Committee approved and sent legislation authored by Sen. Jeff Sessions, R-Ala., to the floor that would require businesses and organizations to notify consumers who are at risk of identity theft because of a data security breach.
"For the fifth year in a row, identity theft has topped the list of fraud-related complaints to the Federal Trade Commission," according to Sessions, a member of the Judiciary Committee. "Individuals need to have confidence that they can transact business online or otherwise without the fear of identity theft."
Sessions' bill -- Notification of Risk to Personal Data Act of 2005 -- requires businesses and organizations in possession of computerized data containing sensitive personal information to implement and maintain reasonable security and notification procedures. It would also create a national legal framework, preempting such state laws. Some senators oppose the legislation; they say their existing state laws offer better consumer protection than the proposed law.
Enterprises Take a Stand
Corporations are taking a more aggressive stance as well. Microsoft joined Symantec, Trend Micro, McAfee, Panda, and several other security firms to form the secureIT Alliance.
Those companies in the alliance will share information about new threats and best practices, along with gaining access to Microsoft betas, software development kits, early adopter programs, and development labs. The online portal to facilitate this cooperation will be launched later this year.
Likewise, the public will also benefit. The secureIT Alliance Web site will also provide customers with security-related case studies, videos, white papers, and more, according to Microsoft.
*************************************************************
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
Where Did the Data Go? - Computerworld
Where Did the Data Go? - Computerworld"Is our data missing?" Does that sound familiar? Just last month, hotel chain Marriott International Inc. disclosed that backup computer tapes containing data on approximately 206,000 customers were missing from a company office in Florida.
Major thefts and misappropriations of computerized personal and financial information are causing legislators nationwide to focus on this issue. Amid rising concern over the problem of identity loss, California and other states have enacted laws to give members of the public prompt notification that their personal information may have been misappropriated.
Because the 2002 California law is the model that other states have followed in enacting data security breach notification requirements, several points should be noted with respect to that law.
General scope. The California law applies to any company that does business in the state and that owns or licenses computerized data that includes personal information.
"Personal information" is defined as a combination of two categories of information: identifying information (i.e., a person's first name or initial and last name) and any item in a specific list of data elements -- Social Security number, driver's license or California ID card number, or a financial account number in combination with the account password, security code or access code.
To constitute personal information, the security breach must involve both identifying information and one of the specified data elements but does not include publicly available information that is lawfully made accessible to the general public from government records.
Encryption. The notification requirements of the California law don't apply if either the personal identifying information or the data elements are in encrypted form.
What constitutes a breach? The term breach of the security of the system is defined as "unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal information maintained by the person or business."
Who must be notified, and how? The California law requires reasonably expedient notification to individuals whose unencrypted personal information "was, or is reasonably believed to have been acquired by an unauthorized person." Notice may be on paper or in electronic form. There is a provision for so-called substitute notice if the cost of notifying individual consumers would exceed $250,000 or if the number of consumers to be notified exceeds 500,000.
Substitute notice consists of all of the following efforts: e-mail notice to those consumers for whom the company has an e-mail address, conspicuous posting on the company's Web site and notification to statewide media. If a security breach takes place while the information is in the hands of a third party -- such as a company to which data processing has been outsourced -- that party must promptly notify the owner of the information of the breach.
Other states have enacted similar laws, and so could Congress. As of August of last year, at least 17 other states have enacted data-breach security notification laws similar to that in California. Although many of those states followed the California model without any essential changes, it's important to be aware that there are a few state enactments with significant differences from the California law.
In particular, companies with multistate operations or that maintain databases that are likely to contain information about consumers in more than one state should scrutinize these individual laws to determine applicability and requirements specific to those states. (Some of the differences in the laws enacted by other states include adding to the list of specific data elements that may comprise personal information and exempting certain "technical breaches" of security from the notification requirement.) Congress is considering bills that would impose a national standard for notification of security breaches that involve consumer data.
John Gliedman is an attorney at the law firm of Brown Raysman Millstein Felder & Steiner LLP, which has offices in New York, New Jersey, Connecticut and California. A graduate of Harvard Law School and the Computer Counsel columnist for Computerworld.com, he specializes in IT and business process services and outsourcing agreements as well as intellectual property licensing.
You can reach him at
jgliedman@brownraysman.com or (212) 895-2000. This article does not constitute specific legal advice.
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
DMNews.com | News | Article
DMNews.com News ArticlePostal reform, data security and sales tax collection are among the issues lawmakers will consider as the 109th Congress reconvenes this month.
The Senate formally returns Jan. 18, and the House on Jan. 31.
Top of mind for direct marketers is postal reform, though insiders said that the chance of passage is slim.
Mailers are waiting to see whether a bipartisan bill (S. 662) sponsored by Sens. Susan Collins, R-ME, and Tom Carper, D-DE, will be taken up by the full Senate. The Homeland Security and Governmental Affairs Committee, which Collins chairs, approved the bill in June. A bill passed the House in July.
But reform took a step backward last year after Senate Majority Leader Bill Frist failed to broker a deal between Collins and Sen. Christopher "Kit" Bond over the legislation. Bond placed a hold on the bill because he wants to insert language letting mailers challenge prices for First-Class mail if they think the rates are not "fair and equitable."
Bond, R-MO, has said that his provision -- backed by Kansas City, MO-based Hallmark and other companies that rely on First-Class mail -- would protect consumers from getting higher postage rates to subsidize discounts for large bulk mailers. Collins, however, has said Bond's language would reduce the U.S. Postal Service's flexibility to set its own rates. Large catalog mailers such as L.L. Bean, Freeport, ME, agree with Collins, as does the USPS.
National Association of Letter Carriers members protested last month at Bond's offices in four Missouri cities. The union claimed that after a coordinated offensive by NALC members in Missouri and union officials in Washington, Bond told the news media that a Senate vote on reform legislation could occur in February.
Jerry Cerasale, the Direct Marketing Association's senior vice president, government affairs, said "we don't think all the t's are crossed and the i's are dotted on that. But there is some hope that we can try to push forward."
However, insiders doubt the bill will move even if it passes the Senate. The Bush administration has a large budget deficit, and pension-related elements of the reform bill would add to the deficit. As a result, the administration is unlikely to sign off on reform. Another issue is that a House-Senate conference committee would be needed to resolve a price-cap difference between the respective bills.
Congressional efforts to reform the postal service may influence USPS actions to seek a rate increase for 2007. Reform may reduce the postal service's money needs and so reduce the rate increase to mailers and the public in 2007.
"We know that the USPS is poised to file yet another rate case in the first quarter of 2006, to be effective early in 2007," said Neal Denton, executive director of the Alliance of Nonprofit Mailers. "We remain hopeful that reform legislation will be enacted in time to affect the size and timing of the next rate increase."
Cerasale thinks this year may be postal reform's last chance.
"If we don't get it done in the 109th Congress, I'm not sure it is going to be taken up again in the 110th," he said. "There is definitely an imperative to get this through in this session of this Congress."
DMers also will track two bills introduced Dec. 20 that would mandate provisions of the Streamlined Sales and Use Tax Agreement. S. 2152, from Sen. Michael Enzi, R-WY, and S. 2153, from Sen. Byron Dorgan, D-ND, would permit states that become voluntary members of the SSUTA to require remote sellers to collect and remit sales and use tax. The bills were referred to the Senate Finance Committee.
The SSUTA lets remote sellers selling to people or businesses in member states to voluntarily collect taxes on sales that occur via the Internet, telephone or catalog. So far, 19 states have passed legislation needed to join.
Enzi and Dorgan are longtime supporters of mandatory sales tax collection. In 2003, they introduced one bill. Enzi's bill this year is identical to the 2003 bill and includes a provision releasing companies with sales under $5 million a year from collecting the tax. Dorgan's bill asks the Small Business Administration to initiate a rulemaking as to the dollar amount for the exemption.
Enzi said his bill would help states efficiently and fairly collect revenue that is being lost because remote sellers do not have to remit such taxes on catalog and Internet purchases. The DMA objects to letting SSUTA member states require remote sellers to collect and remit sales and use tax for all state and local taxing jurisdictions.
"We think the streamlined sales tax agreement is not really streamlined sales tax," Cerasale said, "but we are going to have our work cut out for us to make sure that we educate members of the House and Senate to understand that calling it streamlined doesn't make it streamlined."
He does not expect immediate floor action on these bills in February or March.
The DMA also is eyeing bills on data security.
"There are six committees in the Senate and the House that are working on this, and quite a few bills out there, and we do expect something to come on this in this session," Cerasale said. The DMA will advocate for a law that sets a national standard and focuses on protecting types of data most likely to be used to commit fraud or identity theft.
Cerasale also said the DMA is watching bills involving spyware and privacy. The House passed a spyware bill, and one has been introduced in the Senate. In general, the DMA backs spyware legislative standards requiring that consumers be informed when something is downloaded to their computers and giving them the right to decline, he said.
The House and eventually Senate commerce committees begin rewriting the Telecommunications Act this year, Cerasale said, "and we've seen some drafts with privacy implications in them." But this is unlikely to pass in this session, he said.
Finally, the DMA is tracking attempts to create a national child protection e-mail registry based on those in effect in Utah and Michigan, Cerasale said, and the association is working with the USPS and other groups to fight do-not-mail registries proposed in New York, Massachusetts and Missouri.
Melissa Campanelli covers postal news, CRM and database marketing for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting
www.dmnews.com/newsletters*********************************************************
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
Idealstor Brings High Security to Removable Disks with Ibac 3.0; Backup and Restore Software First to Enable Encryption on Removable Disks
Idealstor Brings High Security to Removable Disks with Ibac 3.0; Backup and Restore Software First to Enable Encryption on Removable DisksIdealstor Brings High Security to Removable Disks with Ibac 3.0; Backup and Restore Software First to Enable Encryption on Removable Disks
GAITHERSBURG, Md. --(Business Wire)-- Jan. 9, 2006 -- Idealstor, a leading manufacturer of removable disk-to-disk backup solutions, has announced that Ibac 3.0, a new version of its data protection software, is now available to customers. Ibac 3.0 introduces target folder encryption and Idealstor's Quick System Recovery (QSR) disk.
Protecting sensitive information from prying eyes even after it has been backed up has become increasingly important. Encryption is increasingly recommended and may eventually be mandated among the government, financial, and health sectors.
Ibac 3.0 is unique in that it is the only solution that provides backup encryption onto removable disks, offering a faster and more reliable alternative than current solutions on the market that encrypt tape backup media. "Stories of tapes going missing with critical data continue to come out in the news so we are proud to be the first to offer data encryption for backups stored on removable disk media," noted Ben Ginster, Channel Marketing Manager for Idealstor. The original Ibac 2.0 for Windows backs up data in its native format. Now with Ibac 3.0, administrators will be able encrypt their backup data using DESX or 3DES using Ibac 3.0 target folder encryption.
This will prevent unauthorized users from accessing the data on the removable backup disks when they are in transit or stored offsite. With Idealstor's QSR (Quick System Recovery), users can quickly boot up off the QSR disk in times of server failure. The disk contains a bare bones version of Windows Server 2003 that starts the system, and then uses Ibac to restore data in a short period of time. The result is both a lower total downtime as well as a lower cost. "With added target file encryption features, Ibac 3.0 gives our customers the high-assurance data security our customers are telling us they are seeking," added Ginster. "QSR increases Ibac's functionality, allowing us to bring a new standard to the marketplace by allowing fast system recovery from a removable disk backup."
About Idealstor Idealstor is the leading manufacturer of removable disk to disk backup solutions. The Idealstor Backup Appliance is a disk-to disk-backup that allows users to backup to disk and remove the disks and take them offsite just like they would tape. Idealstor is also the developer of Ibac Data Protection Software. Ibac is designed for any environment and backups up data quickly in its -native format. Idealstor's aim is to take away the headaches, pain and expenses normally associated with tape based backup systems and offer you peace of mind.
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
Disc and Data Recovery - By J. Brian Keith
Data Recovery is probably the last thing on anyone's mind when they buy a computer. Most of us never think something will go wrong until it's too late. Data recovery or Disc Recovery services is something we hope we will ever have the need for.
Whether your computer simply crashes or you accidentally delete
software that is important or imperative to you, it may seem
that your information is lost for good. Although, if you have
quality data recovery software already in your system or on your
computer, you should feel good in the fact that it has backup,
even though things like this can and will happen at times. This
can be extremely important for you state of mind and well being
when it comes to safeguarding your personal or business
information and software.
What many don't understand is that there are numerous reasons
things can go wrong on their computer. Whether it is your own
personal computer you are responsible for, or a large business
computer system, having a method of restoring the information
when things go wrong can be of the utmost importance. Your
computer could run slow or be packed full of non efficacious
adware and spyware that can ultimately destroy your important
files, siphon and transfer personal data, this could cause a
computer crash. In a blink of an eye, everything that is
important to you could be gone. Storms can cause Power surges
quickly and without much or any advance warning, that could be
all it takes to lose everything. These are not the only ways you can lose the data that is
stored on your computer. Most people think this will never
happen to them, it's human nature. So what do we do? Nothing,
which means you could lose everything. Disc recovery is an
absolute must to avoid these things from happening. Disc and
Data Recovery is very easy to install and use and can be
virtually self maintaining. So why doesn't everybody take
advantage of data recovery? It could be the expense, but it
doesn't cost much, more likely they just don't understand the
importance or simply don't think about it at all until it's too
late. Data recovery is quite possibly the most important thing
for computer users. Don't get caught without it!
For more information about Data Recovery:
http://www.sddatanet.com/articles/index1.html Article Source:
http://EzineArticles.com/
|
**********************************************************
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
HEXUS.net : Press Release : VIA StrongBox Builds In More Functionality and Language Support for Wider Data Security : Page - 1/1
HEXUS.net : Press Release : VIA StrongBox Builds In More Functionality and Language Support for Wider Data Security : Page - 1/1
For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
href="http://www.saveandsecure.com/content/view/44/36/">SaveAndSecure.com
Hard Disk Data Recovery Expert: Choosing Yours
DavidA WilliamsIf you need a hard disk data recovery expert, you need one now. You have just lost a good amount of work that you need to send, well, yesterday. No matter how well versed you think you are in the computer world, chances are that at some point, something will go wrong. This is when you will want to find the right person or company to help solve your problems. Data disk hard recovery is a touchy situation, though. So, to help you find the hard disk data recovery expert that you need, here are a few helpful hints.”
First off, take the time to find the right company. Don’t simply choose one that says they will do the job for you. They can make things worse if they are not prepared. It only takes a few minutes to find out what they can do for you.
Consider the company itself. Does it have the ability to service your manufacturer? What experience do they have? How do you know its not a bunch of college kids? Ask questions, do some basic research. It takes only minutes.
You will want to know what specifically they will do for your data disk hard recovery needs. The hard disk data recovery expert should be able to handle your specific problem. More than likely, they will ask you just what happened, what type of application is being used and if you know what the source of the problem is. From here, they should provide you with some sort of plan of action that they will take. Very important is that the work that they do will not violate your computer’s warranty. You will specifically want to make sure of this.
Will they need you to bring your system in? Or, many of the hard disk data recovery experts will work with you over the phone to help you restore data within minutes. That will save you quite a bit of time and expense. Often times they will log into your system and handle the issue professionally. In many cases, though, you will need to take your system in.
How will they provide the lost media to you? The hard disk data recovery experts often offer a number of methods to provide you with what you lost. They can often be transmitted to you, sent to you on CD-ROMs or hard disk drives. Most of the time, the choice is up to you. Lastly, it is also important to know what the hard disk data recovery experts will charge you when the data disk hard recovery is unsuccessful. Will they charge you for the service or will the service be free? Perhaps they will offer you a lower price?
Finding the right company to choose from is not that hard. The hard disk data recovery experts that are available to you are able to help you in your time of need. In many cases, they can have your files restored as you need them within a few hours, days or in extreme cases a little longer. Nonetheless, their data disk hard recovery service is something you will likely need and not be able to think twice about having the service preformed. But, when you take the time to find a qualified hard disk data recovery expert, things can go right, right from the beginning!
David writes for the Business Catalyst, where you can find information on Small Business Startups in Nashville,TN. You can find more information on data recovery at
http://www.mydatarecoveryexpert.info.
Article Source:
http://EzineArticles.com/For all your
Online Data Backup,
Data backup,
Computer backup,
Data storage and
Data restore needs go to
SaveAndSecure.com
