Best Tips to Protect your Web Sites from Hackers and Malicious contents

Hack

The Web is scarier than most people realize, according to research published recently by Google.These Web-based attacks become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers. Nowadays about 1.3 percent of all Google search queries list malicious results somewhere on the first few pages.

Criminals are getting better at this kind of work. They have built very successful automated tools that poke and prod Web sites, looking for programming errors and then exploit these flaws to install the drive-by download software. Often this code opens an invisible iFrame page on the victim’s browser that redirects it to a malicious Web server. That server then tries to install code on the victim’s PC. “The bad guys are getting exceptionally good at automating those attacks,”

[ad#add-top-in]

Following are some tips to get rid of this hackers or hijackers activity.

Keep you password and username safe change it frequently only with strong password check your password with Microsoft

Keep your PC clean from viruses and spy-wares because there are chances to hijack your PC contents and login cookies etc. Scan your PC for viruses now with NOD32 Online Antivirus Scanner

Keep all folders and files permissions proper in your web hosting accounts/server. Never give full permission for the folders and files, that means read write and execute permission. If you are hosting sites in Linux platform never give 777 permission (read write and execute permission) to all members even for net users of file and folders. The preferred maximum permission is 755. This means write permission for root user and only read and execute permission for others.

There are many techniques used to hack/hijack the website

Cross Site Scripting (XSS)

SQL injection flaws

Site reconnaissance

Session hijacking

Application denial of service

Cookie/session tampering

To withstand from this you need “professionally well designed websites” and also powerful web sitefirewall at server end.

You need to choose good web hosting platform or company which provides good firewalls and Security. If you are going for Linux platform better to choose Grsecurity enabled kernel Servers; especially for shared hosting.

But not the least the best way to find the flow in website is by checking the web site stats all the day. By this you can find the links/URL which are not related to your website so that you can delete it before it spreads through search engines.

If some one reports your site having virus then its 99% sure your site home pages are having masked IFrames at the beginning or last lines of the page, which actually downloads virus file form some other server/site. You can fix it your self by editing your home page and removing the contents which looks like as shown bellow.

Iframe

These are some of the tips which really helps to protect yourself from Hackers and Malicious contents

Tips to Protect your PC from Malicious Sites Using McAfee Siteadvisor Plug-In

McafeeMcAfee SiteAdvisor, a plug-in for Internet Explorer and Firefox browsers, tests, analyzes and rates websites in detail for unsafe or annoying practices such as dangerous downloads, spamming, misuse of personal information and browser hijacking. This helps you sidestep possible identity theft or fraud traps. When searching with Google, Yahoo! or MSN, SiteAdvisor’s easy-to-understand safety ratings too

[ad#add-top-in]
1) Browser tool bar

As you browse Site, a small button on your browser toolbar changes color based on SiteAdvisor’s safety results.
Red (Danger) Mc Red

McAfee tests revealed some serious issues that you’ll want to carefully consider before using this site at all. (Example: The site sent lots of spam e-mail or bundled adware with a download).

Yellow (Caution) MC Yellow

McAfee tests revealed some issues you should know about. (Example: a site tried to change browser defaults, or sent a lot of non-spam e-mail)

Green (Safe) mc green

McAfee Tested the site and didn’t find any significant problems. (Secure sites.)

Gray (Not submitted site) Mc Gary

The site has not been tested, or is in the process of being tested also you have option to submit the site to test also.

You have a menu options on SiteAdvisor’s toolbar which let you customize SiteAdvisor or see a site’s detailed test results too.

2) Search Page

When you search with Google, Yahoo! or MSN, SiteAdvisor’s safety ratings appear next to search results. Ratings—Red indicates dagger that means this site reported virus downloads and also linked to malicious sites which already rated Red in Macfee database.

Search-res

You can also get more information about the site by keeping the mouse pointer on the alert symbol; it will show a popup in search window it self, which gives summary of the sites status.

Search Pop

3) Detailed Test Results

Also a detailed test results for every site are available by clicking on the more info link; in that you can see the external sites which are linked to this site as shown bellow.
Linked

So it will be very hand if you installed McAfee SiteAdviso in your PC while surfing the giant www network.

Download it here….

Windows Vista ‘most secure’

Vista

Windows Vista gets high marks for security, from Microsoft at least..

“It’s fair to say that Windows Vista is proving to be the most secure version of the Windows to date,” said Austin Wilson, director in Microsoft’s Windows client group, in a blog post on Wednesday. “Our investments in the SDL [Security Development Lifecycle] and our defense in depth approach to building Windows Vista seem to be paying off.”

Windows Vista also exhibited fewer vulnerabilities than other operating systems over a one year period, according to a report published by Jeff Jones, security strategy director in Microsoft’s Trustworthy Computing group. The report claims that there were 36 vulnerabilities fixed in Windows Vista during its first year, compared to 65 in Windows XP, 360 in Red Hat RHEL4 reduced, 224 in Ubuntu 6.06 LTS reduced, and 116 in Mac OS X 10.4, also known as Tiger.

“Analysis found that researchers found and disclosed significantly fewer vulnerabilities in Windows Vista than either it predecessor product, Windows XP, or other operating systems such as Red Hat Enterprise Linux, Ubuntu, and Apple Mac OS X 10.4,” said Jones in his report.

Eric Schultze, chief technology officer of St. Paul, Minn.-based Shavlik Technologies, considers such metrics to be apples-to-oranges comparisons. “When you start counting vulnerabilities, it’s a matter of defining vulnerabilities,” he said. “For example, if a bulletin is released for Internet Explorer, that’s one patch for IE. Microsoft may have broken it out to say there are five distinct issues fixed in this patch. Is that five vulnerabilities or is that one vulnerability because it’s one patch?”

Setting aside questionable comparisons to other operating systems, Vista’s superiority to its Windows ancestors may not seem particularly surprising or noteworthy. But Wilson makes the case that Vista’s security features like User Account Control and Internet Explorer Protected Mode reduce the risk and severity of security vulnerabilities and give companies more time to deploy patches.

Wilson points out that Windows Vista makes it easier to run standard user accounts rather than administrative accounts, which are more dangerous when compromised. This, he says, diminishes the impact of vulnerabilities.

“Of the 23 security bulletins that have been released for Windows Vista through January 2008, 12 specifically call out a lower impact for those running without administrative privileges: MS07-033, 034, 040, 042, 045, 047, 048, 050, 057, 064, 068, and 069,” explained Wilson. “This is a great illustration of the importance of User Account Control and why we included it in the product. It’s also the reason I personally run as a standard user on every machine I use.”

Wilson also singles out Internet Explorer Protected Mode as a reason that Vista is more secure than XP. Protected Mode in Vista prevents Internet Explorer 7 from altering user or system files, and various settings, without consent from the user. This diminishes the effectiveness of malicious Web sites, if the user is paying attention.

As evidence of the impact of Protected Mode, Wilson cites the MS07-056 security bulletin from October 2007. It was rated “Important” on Windows Vista and “Critical” on Windows XP. He also notes that IE 7 and Vista are blocking almost 1 million phishing attempts every week. One metric where Vista seems to shine is in terms of patch days.

“During Windows XP’s first year, updates were released on 26 separate days,” said Wilson. “Through a combination of the move to a predictable monthly release schedule, and decreased vulnerabilities, Windows Vista had updates released on just nine days in its first year. To the average security professional, this is one of the most relevant metrics: how many times did I have to activate my internal patch management process due to vendor update releases over the course of a year?”

Schulze remains skeptical about Wilson’s claims. “What he states is accurate, but he’s only presenting the numbers that come out in a favorable light,” he said. “He’s not presenting the numbers that come out in an unfavorable light. For example, he claims that there are a certain number of vulnerabilities for which, on Vista, there was lower severity than on Windows XP. But he’s not telling you about the number of patches which were more critical on Vista than on Windows XP.”

Dave Marcus, security research and communications manager of McAfee Avert Labs, gives Wilson credit for some good points but believes it’s still too early to declare victory for Vista. “Wilson put forth a very good argument,” he said. “His stats are valid, but I think he fails to take into account that most businesses have not deployed Vista, nor have most consumers.”

Marcus said that while Vista was superior to Microsoft’s previous operating systems from a security standpoint, many of the security features were only available in 64-bit versions of the operating system and many organizations would be disinclined to purchase new hardware to use those features.

Once Microsoft officially deploys Vista SP1, Marcus expects more corporate Vista deployments and a clearer picture of Vista’s security profile. Like other security vendors, McAfee has predicted a surge in malware in 2008 for Vista as more people install the new operating system.

“Think 2008 will be the year that Vista finally joins the malware party,” said Marcus.

In a phone interview, Wilson countered that Windows Vista already is widely deployed, noting that Microsoft has already shipped 100 million copies of the software. And he expressed skepticism about a surge in malware, given that security researchers have been looking for holes in Vista since the Black Hat Conference in 2006, when Microsoft distributed beta copies of the operating system to help identify security flaws.

“It’s safe to say that the security research community has had a strong focus on Windows Vista,” said Wilson.

But that focus has yet to offer much clarity. “This is a matter of Microsoft bending the statistics for their own purposes,” said Schulze. “We could just as easily create the same number of statistics that puts Windows Vista security in a negative light.”

Source:itnews