By Greg Boyle

Since the launch of Trend Micro™ Longevity for Android™ Beta only 2 months ago, our users have made over 850,000 queries to our cloud-based Mobile App Reputation technology to get power usage ratings. This has brought to the surface an alarming statistic – only 20% of Android smartphone and tablet users have a security app installed on their device.

It’s hard to imagine that in a world where people’s personal lives are tracked and stored on their smartphones, and where most wouldn’t even consider running a home PC without security, we continue to see a blissful ignorance of the risks of smartphone usage.

Responses from people I speak with range from “There aren’t any viruses for phones, are there?“ to  “I didn’t even know that you could get security apps for your phone.”  And then there’s this one that stands out: “Google checks all the apps that are available so I will be safe.”

Google checks all the apps, right?

This last statement is the one that concerns me the most. Yes, Google is trying to control the apps that are available on Google Play and remove any potential security risks. However, this is like saying I’m going to leave my car unlocked with my camera, wallet, and driver’s license on the front seat while I watch a game at Cowboys Stadium, Wembley, the MCG or Stade de France, thinking I’ll be OK because there is a security guard walking around the parking lot looking for suspicious people.

Google says that they have 850,000 new Android device activations every day. Imagine that security guard protecting 850,000 new cars every day (in a parking lot that is getting exponentially bigger), 680,000 of which are unlocked with valuables on the front seat. There is a reason why we all have locks and alarms on cars….and we use them!

Source: Trend Micro Malware Blog – Jan 5, 2012

Trend Micro threat researchers predict that by the end of 2012 there may be over 120,000 malicious Android apps available. There are currently around 450,000 apps in the Google play store, and countless more available on the range of third party stores such as Amazon, Telco Carrier stores, independent global markets, and regional specific sites.

Source: www.AppBrain.com – May 2012

We have also discovered servers hosting malicious apps that are tricking people to download their wares. With the current growth rate in apps, we could see over 600,000 apps on Google Play by year’s end and maybe 1 million individual apps spread around on different sites on the net.

Why is all of this important you may ask? If you take the prevalence of traditional malware – AVtest.org estimates that there are just over 70 million malicious programs for traditional computers (tracked since 1984), this is a very small fraction of the total number of programs and files that have been written for Windows, Mac and Linux over the years.

The chances of stumbling across a malicious Android app are higher than a malicious PC program.

Now, with the estimate by year’s end of 120,000 malicious apps on Android from a total of 1 million – the ratio is 12%.  These apps are generally concentrated either in app stores or related websites, and Android users are funneled to these locations to fulfill their app needs.  So if you compare this to all the malicious programs spread across the entire Internet for traditional computers, then there is a much higher possibility of an Android user coming across a bad app. Why then is the current level of protection and the perceived need for protection so much lower amongst consumers?

This disparity is cause for concern to the public. For cybercriminals, it’s cause for celebration. For Trend Micro and the entire security software industry, it’s cause for more work as we need to do a much better job of educating the public about the dangers of their digital lifestyles, regardless of the device they choose to use.

I work for Trend Micro and opinions expressed here are my own.

To receive daily tips and alerts regarding Internet security, please follow Trend Micro “Fearless Web” Internet Security on Facebook at www.facebook.com/fearlessweb.

 By Vic Hargrave

By Rik Ferguson

( Photo by: Leif Martin Kirknes, Computerworld Norway)

Many users are under the dangerous misapprehension that Mac OSX is an inherently more secure operating system than any other out there, especially Windows. But while Windows was for many years the target of cybercriminals, and certainly did itself no favours early on in terms of security, there’s little evidence to suggest that Macs were actually more hardened to attacks.

It’s more a question of economics – even five years ago there simply weren’t enough Mac users to warrant the bad guys writing specific malware targeting the platform. The bad news for Apple is that things are changing.

Driven by Apple’s success in the smartphone and tablet markets with the iPhone and iPad, Mac OS user numbers have reached a tipping point where cybercriminals are beginning to take notice. Already in 2011, we saw the fake antivirus Mac Defender campaign and just last month some sophisticated advanced persistent threats targeting Mac computers in pro-Tibet organisations were uncovered.

So what should you do to protect your machine? Well, the good news is that it’s not rocket science, and the attacks seen so far, from MacDefender to the hugely successful Flashback attacks, have not used any techniques we’ve not already seen employed to infect PC users. With that in mind then, you should:

1)      Always keep up-to-date with patches.

Unfortunately, Apple has been criticised for being slow at addressing security vulnerabilities – it took the firm six weeks after Microsoft , Oracle, and Adobe released theirs to launch a fix for the known vulnerability exploited by Flashback. This makes it even more important to patch as soon as one becomes available.

2)      Use third-party, cloud-based protection.

Apple’s in-built security software is very basic, checking for known malicious files alone will not protect users from the more sophisticated threats including zero day vulnerabilities, which haven’t been seen in the wild before. For this reason it’s important to go with a third party security supplier who offers a cloud-based threat protection service that can block threats dynamically, before they reach your machine, using reputation and behavioural detection methods as well as traditional file signature techniques.

3)      Be alert.

It sounds obvious but don’t believe the hype and think that having a Mac makes you impervious to attack. As we’ve seen more and more recently, the bad guys are targeting Mac users. Don’t be caught out.

Ric Ferguson works for Trend Micro and writes a blog called CounterMeasures. The opinions expressed here are his own.

NOTE: New Trend Micro customers can get a 6-month complimentary* copy of Trend Micro(tm) Smart Surfing for Mac, by visiting the Facebook Security – AV Marketplace or just “liking” the Trend Micro Fearless Web Facebook community.

 * = Offer available only in U.S., Canada, U.K., Australia , and New Zealand at this time. Check back for additional countries in the coming months.

By Rik Ferguson

( Photo by: Leif Martin Kirknes, Computerworld Norway)

Mac users have for many years laboured under the misapprehension that their machines are inherently more secure than PCs. For a long time, while Microsoft-powered PCs enjoyed stellar success, there was no real way to dispute this theory as time and again Windows was attacked by cybercriminals. However, things are changing in the information security landscape and a new piece of malware called Flashback has highlighted exactly why Mac users need to be more vigilant than ever before.

The Flashback malware family was first seen in September last year. It has been designed to carry out a range of tasks for the attacker, such as recruiting the machine into a botnet or stealing log-in details or sensitive data. The most recent attack began in March and compromised over 650,000 Macs mainly in the UK, US and Canada.

One of the main reasons why the Trojan was so successful is that it’s able to install itself on unprotected Macs without user interaction. The attackers infected several websites to launch so-called drive-by-attacks which only require the user to visit that site in order to become compromised.

Now, Macs are no stranger to malware – we saw the Mac Defender fake AV outbreak last year and more recently the Gh0stRat advanced persistent threat (APT) attacks on pro-Tibetan organisations were uncovered. But Flashback has shown that criminals have now calculated that it’s worth their while economically to target Mac users. To put it simply, Apple is becoming a victim of its own success.

Why should I care?

1)      Flashback is just the tip of the iceberg. Security experts have been warning about this for a long time, but attacks against Macs have only just begun.

2)      Apple’s built-in security for Mac OS X is not good enough and won’t protect users against the full range of threats in the wild.

3)      If you don’t have up-to-date security software on board, even visiting an infected website could be enough to compromise your Mac and risk exposing your sensitive data to a cybercriminal.

4)      Apple has been very slow to roll out patches in the past and took around six weeks longer than Microsoft, Adobe and Oracle to fix the Flashback flaw. This makes having good Mac security protection even more important.

What can you do?

When Apple does release a patch for a security issue it’s imperative you install it as soon as possible, to keep your machine fully up-to-date. More importantly though, invest in third-party software to enhance the limited built-in protection offered by Apple. Look for solutions which use cloud-based threat detection systems designed to dynamically protect against malware and malicious links, and stop zero day threats with reputation and behaviour-based technology.

Flashback wasn’t particularly ground-breaking or revolutionary but it was very successful because too many users weren’t prepared. A few simple steps should be enough to keep your Mac secure and your data safe from prying eyes.

Ric Ferguson works for Trend Micro and writes a blog called CounterMeasures. The opinions expressed here are his own.

NOTE: New Trend Micro customers can get a 6-month complimentary* copy of Trend Micro(tm) Smart Surfing for Mac, by visiting the Facebook Security – AV Marketplace or just “liking” the Trend Micro Fearless Web Facebook community.

* = Offer available only in U.S., Canada, U.K., Australia , and New Zealand at this time. Check back for additional countries in the coming months.

By Richard Medugno

Today, we’re excited to announce that Trend Micro is partnering with Facebook. This new alliance means everyone who uses “the social network” will be better protected.

Facebook is going to leverage the Trend Micro™ Smart Protection Network™ to help filter out malicious links and stop malware and other cybercriminal attacks before they can reach members.

The Smart Protection Network uses a global network of threat intelligence sensors to continually update email, web, and file reputation databases in the cloud, identifying and blocking threats in real time.

As part of this partnership, we are happily providing complimentary copies of security software to Fearless Web fans (6-month subscriptions)*. They can choose from one of these two:

• Trend Micro™ Titanium™ Security Essentials for Windows 

• Trend Micro™ Smart Surfing for Mac

Both these products use the Smart Protection Network, which is like a “global neighborhood watch” that gathers threat information from all over the world.  It helps stop threats before they can infect your computer or mobile devices. And because this is cloud-based technology, our products won’t slow you or your computer down.

To get your 6-month complimentary copy of Titanium Security Essentials or Smart Surfing for Mac, visit the Facebook Security Software section  or just become a fan of the Trend Micro Fearless Web Facebook community.

As a Fearless Web fan on Facebook, you’ll receive daily tips and timely news stories to help keep you safe online.  And we’re a ready resource to answer your questions about Facebook and Internet security.

* = Offer available only in U.S., Canada, U.K., Australia , and New Zealand at this time. Check back for additional countries in the coming months.

I work for Trend Micro and opinions expressed here are my own.

To receive daily tips and alerts regarding Internet security, please follow Trend Micro “Fearless Web” Internet Security on Facebook at www.facebook.com/fearlessweb.

By Laura Jordan

When my 13-year-old son said, “All my friends have pages on Facebook” and then asked me “What’s Facebook, and can I have one?” – I have to admit, I cringed.  Letting your kid loose on the Internet is a bit like sending them out after dark and hoping for the best.  But I digress…

First, I told him that Facebook is like an online yearbook with people commenting on each other’s pages and sharing pictures, videos, and more.  I said, “if you don’t set your privacy settings correctly, anyone can see what’s going on in your life including hackers and creeps.”  It was a week night so I told him we would set up his page over the weekend, together. But he didn’t ask again…

Time waits for no mom

A month later, on our way back from vacationing in Baja California, my son casually informed me that he had created his own Facebook page, some time ago, and recently had been posting to his friends.  Hmmmm.  He quickly added that he set up his privacy settings “…so everything is alright Mom.”

I took a deep breath and advised him that he should only friend people he knows and not give out too much personal information, or post anything he would not want anyone to see for the rest of his life…  Then I asked him who his friends are.  He said he has over 100 friends, and, to give the kid credit, he knows all of them.

Getting into it

Well, first of all, even though my kid set up his page without asking me, I’m not going to flip out.  He told me he had his own page when he began using it, and took my advice on privacy settings.  However, we need to talk about trust, and why it’s important to be up front with your Mom, before he dives into something new.  We will go over his Facebook privacy settings, referring to Vic Hargrave’s blog Facebook privacy controls get a facelift to get the advanced settings working right.

Next, we will install the free Smart Surfing for iOS on his new iPod Touch.  Smart Surfing for Mac is already on our computer.  Security will keep him from clicking on malicious links or downloading bad apps.  I’ll ask him to friend me.  And his older cousins that he’s already friended, we will keep an eye on things. And I’ll suggest he become a fan of Trend Micro Fearless Web Internet Security—to understand where his Mom is coming from and keep up with Facebook and other cool social media while avoiding cyber scams.

Parents can help a lot

I’m a busy, working mom and don’t have time to ‘copter my kid.  But I believe that familiarity with social networking sites and how to use them is a great way to engage your kids in conversation, share, and be aware of what they are doing online.   Here is an article on the 7 dumbest things that people do on Facebook.  Don’t let your kid do them.

Talking about trust and checking in from time to time helps kids set their own parameters.  My son might think I’m an overprotective Mom because I work for an Internet security company, and he may be right. But, like snow skiing, kayaking, or driving in a car, when it comes to social networking on the Internet, proactive security and awareness are no different than wearing a helmet, sunscreen, or a seatbelt.

Ensuring that your kids have a positive online experience is a lot like teaching them to swim when they are young.  You have to get into the water with them.

What’s your experience?

 By Richard Medugno

It’s spring and it’s time to fling open the windows and let the flower-scented breezes waft through your abode and refresh your living space. And just like your home, your computers need to be cleaned up and the garbage needs to be thrown out…That is, unless you want to make it on to a new reality TV show called “Digital Hoarders.”

Just like physical hoarders, a digital hoarder’s inability to delete obsolete data and other useless items from their computing devices could lead to big problems. If not a personal crisis, then possibly an electronic break-down.

While a clean up can improve your device performance, and save you time, I’m betting that most of you don’t need professional assistance to find the strength to get rid of old, unnecessary electronic files and obsolete documents. So just follow these instructions (some of which assume you have Trend Micro™ Titanium™ Security) to clean up your computers, improve device performance, and free up disk space:

□    Email – Sort your messages

1. Keep only the messages you currently need in your inbox
2. Move “keepers” into specific folder others
     i.      Create folders by topic or by the sender’s name
3. Delete all the old emails you know you will never need to or want to look at again

□    Web Browser – Sort your links and clear histories

1. Organize your bookmarks and delete broken links or ones you no longer use
   (Unfortunately, this is time-consuming since you have to do it one at a time.)
2. Clear the cache, cookies, and old temp files

□    Documents – Sort into three categories these files that sit on your computer’s hard drive

1. Keep only documents that you currently need, using Titanium’s Vault to safeguard your confidential files
2. Archive other documents and images by activating your Trend Micro™ SafeSync™ account  and backing them up
3. Delete the remaining by using Titanium’s Secure Erase feature to shred files with sensitive information

□    Programs – Delete those that you no longer need or use

1. Select the “All Programs” option and right-click the unwanted program and then select “Delete” from the drop-down menu
2. Or,  go into your “Control Panel” and select “Uninstall a program”

□    Run maintenance and troubleshooting checks – Scans can be initiated in your computer’s control panel

1. Run a defragmenting or disk cleanup program
2. Run Titanium’s System Tuner to help you recover disk space and optimize your computer’s performance

□    Updates – Especially Your Security Software

1. Update your software, including antivirus, if it doesn’t update automatically.
2. Change any password you have changed recently. Frequent changes to passwords are one of the best ways you can defend your accounts against intrusion. You probably should try out Trend Micro™ DirectPass™ for assistance with managing passwords and creating strong ones.

If you suspect that your PC is infected, use  Titanium™ Security to run a full scan of your computer. Or use Trend Micro™ HouseCall™ – a free tool – to make sure your system is clean. You can scan your PC for a wide range of Internet security threats including viruses, worms, Trojans, and spyware. HouseCall identifies and fixes vulnerabilities to help prevent re-infection.

Now for the spit and polish

Now, let’s go to the outside of your computers or other devices. Get some rubbing alcohol and a special micro-fiber cloth that won’t leave streaks or lint behind. If you have a separate keyboard, turn it over and give it a good shake.

Be careful about caked-on food or spills – you can’t just use water to dissolve the muck. A cotton swab with rubbing alcohol will remove them, and is precise enough that you don’t have to worry about getting liquids in your electronics.

Don’t forget your mobile devices might need a little clean-up too!

I work for Trend Micro and opinions expressed here are my own.

To receive daily tips and alerts regarding Internet security, please follow Trend Micro “Fearless Web” Internet Security on Facebook at www.facebook.com/fearlessweb.

 By Vic Hargrave

Last spring, I wrote a blog called Facebook Privacy Potholes in which I explained how to navigate Facebook’s then somewhat difficult privacy control terrain. Since then Facebook has given its privacy controls a much needed, well, facelift. It is now fairly easy to control your Facebook privacy settings. And it’s more important than ever to know how to protect your online privacy with Facebook and any other social networking service for that matter.

I just read an article that kind of sent shivers up my spine. Cult of Mac, the daily news website that follows anything Apple, reported on an iPhone app called Girls Around Me that actually pinpoints the locations of women on a Google Map that are within a certain radius of your location. The app does this by tapping into Facebook and Foursquare APIs that provide information on the locations of women who have checked in with these services to let their friends know where they are.

The trouble is a lot of people either don’t know how or don’t do anything to change their default privacy settings, which are usually set to allow information like current geographic location to be essentially broadcast to everybody.

Limiting the circulation of your posts on Facebook – and Foursquare – to friends you trust is the best way to avoid being tracked by apps like Girls Around Me.  Now, let’s take a look at how you can do that with the new Facebook privacy controls.

Taking It From The Top

Clicking on the Privacy Settings in your Facebook drop down menu takes you to a screen that shows your top-level privacy settings. The first improvement over previous Facebook versions you’ll notice is that your top level controls are there nicely organized into sections: Control Your Privacy When You Post, Control Your Default Privacy, How You Connect, Timeline and Tagging, Apps and Websites, Limit the Audience for Past Posts, and Blocked People and Apps.

In the Control Privacy When You Post section, the visibility of each post you make can be individually set to Public, Friends, Only Me, or a custom level. If you want to create a default setting for all your posts, click on Public, Friends or Custom under Control Your Default Privacy, then all your posts will use that setting. I strongly suggest you limit all your posts to friends and make sure that your friends on Facebook are just that, not merely acquaintances.

How You Connect

Clicking on this category link takes you to the How You Connect screen.  It lets you control how, and if, you can be found in Facebook searches and contacted.

Allowing yourself to be found on Facebook is the one option I can advocate for setting to Everybody.  If you don’t use this setting, you will be almost invisible to everyone, which makes it hard to reconnect with friends you had years ago who are trying to find you on Facebook.  You do run the risk of getting spammed via email, but I haven’t seen so much on my account.

As for how people can contact you option, I suggest limiting this to Friends or Friends of Friends to cut down on unwanted messages.  If you make a new real friend that is not in either category, you can “Friend” them which adds them into your circle of trust.   

Timeline and Tagging

While I’m OK with people finding me on Facebook, when it comes to posting on my timeline and getting tagged in photos I want to limit either activity to a great degree.  Facebook did a nice job of organizing these controls in the Timeline and Tagging panel.

The first three controls handle who can post to and see what’s on your timeline. I suggest you limit that to Friends only, particularly if your posts are somewhat personal. Of course, if they are too personal, I don’t think you do yourself any favors posting them on Facebook.

Tagging is a feature I’ve never really liked using nor promoted for myself, although I can see why people who are very close on social networking circles and in real life would like to be tagged in each other’s photos.

Facebook allows you to review posts to your timeline in which others tag you when you enable these controls. Unfortunately, this does not prevent people from tagging you in photos that appear elsewhere on Facebook. Such a feature is high on my wish list for future enhancements to the service.

With the last control on the timeline panel, you can opt out of letting people use Facebook facial recognition to get assistance in tagging you in photos in which you appear.  I wrote a blog about this technology when it was first introduced, stating that facial recognition does not diminish your privacy on Facebook any more that being in involved in social networking does.  Nevertheless if you feel the way I do about tagging, you might as well opt out of this feature by setting this control to No one.

Apps and Websites

In my Facebook Privacy Potholes blog, I commented that it’s a good idea to limit the access to your personal information that apps and websites have. My advice this time around is the same.  Use the Apps and Websites panel to take an audit of the apps that currently have access to your Facebook account to see whether or not you still use them or should cut back on the information they access.

Let’s take an example from my settings.  I use a Google Reader client app called Feedly from which I like to post articles to Facebook and Twitter. To do this, Feedly requires access to my accounts on both of these social networking services. When I click on Feedly, I get the panel of settings shown in the following illustrations.

Here I see that Feedly requires access to my basic information and information that people share with me. However, I was surprised to find out that by opting into Feedly on Facebook, I unknowingly allowed the app to manage my pages, which I certainly don’t recall allowing it to do when I first authorized access to my Facebook information. So I just clicked on the Remove link to prevent Feedly from doing this. I also didn’t feel comfortable with allowing the app to access my data anytime so I got rid of that privilege as well.

Another great Facebook privacy feature is the app access log. Click on the See details link under the Last data access section and a screen will pop up that shows you when and what Facebook information of yours was looked at.

The last three privacy controls in the Apps and Websites panel govern how the personal information gathered by apps can be used including: how people bring info to apps they use, instant personalization, and public search.

I’m going to make a sweeping generalization here by saying that none of these are your friend when it comes to maintaining your privacy on Facebook. Because these leave open the possibility of sharing information in ways that go otherwise unchecked, I suggest you opt out of all of them.

Limit the Audience for Past Posts

With the introduction of Timeline, Facebook made it convenient for you and others to go all the way back to when you first starting using the service to see what you posted. Limiting the audience for past posts enables you to convert all the posts that you made public or only shared with friends of friends to be visible to only friends.

This is very handy if you originally set the visibility of your posts to public or friends of friends back in the Control Your Default Privacy section of your top level privacy controls and you’ve since decided that wasn’t such a good idea. If that’s the case don’t forget to go back to that section and change the setting to Friends.

Blocked People and Apps­

By the time you get to the Blocked People and Apps section of the top level privacy control panel, you are pretty well set and may not have to adjust anything here. On the other hand if you are troubled by contact from users who you don’t want to include in your friend list, app and event invites that you don’t interest you, or applications in general that you don’t want to hear from, you can block any or all of these in the Blocked People and Apps panel.

Another interesting control this panel gives you is the ability to compile a list of friends who should not receive your posts unless you make them public.  I’m not sure when you’d really need this control if you truly trust all your Facebook friends. Before making such a list, I think you should consider first unfriending the friends you were planning to use it on.

I work for Trend Micro and opinions expressed here are my own.

To receive daily tips and advice regarding Internet security, just “like” Trend Micro Fearless Web Internet Security on Facebook at www.facebook.com/fearlessweb.