You know that your new iPad will let you easily watch movies, browse the Internet, or play games on the go, but there are many advanced features hidden beneath the surface of iOS that can improve your tablet computing experience even further. To help you become an iPad master, we’ve compiled a handy list of tips and tricks for new iPad users. Read on if you want to learn how to multitask, take screenshots, encrypt your backups and more.

Set the iPad to self-destruct in 10 seconds: Okay, not really–but you can set the iPad to erase all data after ten failed passcode entry attempts by checking the Erase Data option under Settings, General, Passcode Lock.

Don’t let AutoCorrect mess you up: If you don’t like the option AutoCorrect gives you, reject it by finishing the word as you prefer, and then tapping the suggestion. If you want to use AutoCorrect’s choice, just type a space or punctuation mark, or tap Return, the moment it pops up.

Create custom shortcuts for common phrases: Make AutoCorrect work for you by teaching iOS to transform shorthand (such as “omw”) into common phrases (like “on my way”) using iOS 5 shortcuts. Simply navigate to Settings, General, Keyboard, and select Add New Shortcut. Type the phrase you want to shorten in the Phrase field, and then type the shortened version you want to use in the Shortcut field.

Download the free iPad User’s Guide: You may have noticed that your iPad didn’t come with a big printed manual–that’s not Apple’s style. However, you can download the PDF version of the iPad User’s Guide from Apple’s website, or you can read it in iBooks if you have that installed (iBooks is available as a free download in the App Store). Make sure to download the manual for the version of iOS you’re currently using!

Use the Side Switch: You can use the switch on the side either to enable and disable audio alerts (this doesn’t affect video/audio playback) or to lock the screen’s orientation in portrait or landscape mode. You can toggle which function is assigned to the switch by opening Settings from the home screen, selecting General, and choosing the function you want under the ‘Use Side Switch to’ heading.

Take a free guided tour: Apple provides video tutorials on setting up iTunes, as well as a complete rundown of all your preinstalled apps so that you can get a good look at how to use them.

Speed up your sentences: Double-tapping the spacebar while typing a message will type a period and a space.

Multitask in iOS: You probably already know that you can press the Home button twice to bring up a list of currently running or suspended apps. However, you can also swipe the multitasking bar left to right to quickly access audio/video playback controls, a shortcut to the iTunes app itself, an AirPlay button that lets you wirelessly mirror the iPad display on an Apple TV, and volume controls. Also, when you choose whether the Side Switch should mute alert sounds or lock the screen orientation (see the tip above), the function you didn’t choose will appear in this shortcut bar.

Secure your backups: You can encrypt your iPad’s backup data in iTunes. Just open the iPad in iTunes, click the Summary tab, and check Encrypt iPad backup under the Options heading.

Swap the search engine: Too cool for Google? You can change Safari’s default search engine by going to Settings, Safari, Search Engine. Alas, you can choose only from Google, Bing, or Yahoo–no vintage Metacrawler for you.

Take a screenshot of whatever is on the screen: Press the Home button and the sleep/wake button simultaneously. The screenshot will automatically appear among your photos.

Selectively prevent automatic sync: Sometimes you don’t want to sync your iPad when you connect it to your computer. In that case, hold down Shift-Ctrl (or Command-Option, on a Mac) in iTunes while plugging your iPad in, and iTunes will skip the automatic sync just this once. Alternatively, you can safely interrupt a sync by dragging the unlock slider on your device while the iPad is midsync.

Toggle 3G/LTE data roaming: If you’re using a 3G iPad, you can turn data roaming on in theSettings, Cellular Data menu in case you want to try receiving cellular Internet through a different provider (fees may apply). You can also disable LTE service if you’re trying to conserve bandwidth, and you can check your data usage by going to Settings, General, Usage.

Restrict mature content: Go to Settings, General, Restrictions and tap Enable Restrictions to selectively apply controls on your apps, content, Game Center, and more. You can use this setting to limit mature content on your new iPad by disabling explicit-language recognition, blocking podcasts that have the “Explicit” tag, or blocking movies, TV shows, and apps that are rated for mature audiences.

Make your passcode more complicated: iOS defaults to a four-number passcode, but you can turn it off by going to Settings, General, Passcode Lock, Simple Passcode. Now you can use any full keyboard password to lock the iPad. The password also helps to encrypt your mail and attachments on the iPad, so you probably want to make it safer than a four-digit number.

Tweak AutoFill: You can choose to enable Safari’s AutoFill feature under Settings, Safari, AutoFill. From there you can tell Safari to fill out forms automatically, either by using your specified contact information or by remembering the names and passwords from previous website login sessions.

Sync your bookmarks: You can use iTunes to sync your iPad’s Safari bookmarks with your PC’s Web browser. Open the iPad tab in iTunes, click the Info tab, scroll down to the Other heading, check Sync bookmarks with, and choose your preferred browser.

Email photos: The easiest way to email photos from an iPad is to open the Photos app, select a photo, press the button in the upper-right corner (the rectangle with the right-facing arrow, not the AirPlay or trash can button), and choose Email photo… to send.

Test your Web links: You can check a linked word’s actual destination URL by touching and holding down on the link–it’s a perfect way to sniff out phishy links.

Choose an app for email attachments: You can open a file attached to an email message by tapping the attachment in Mail, but if the default app isn’t the one you want to use, simply press and hold and wait for a menu that lets you select an app.

Use your iPad as a picture frame: Not for physical photographs of course, but you can press the Picture icon in the lower-right corner of the lock screen to have the iPad display your photo stream as a slideshow.

Show traffic conditions: Open Maps, press the dog-eared page icon in the lower right, and then turn the Traffic overlay on. If your iPad has an Internet connection, Maps will show real-time traffic conditions in the displayed area. Green means traffic is going at the posted speed limit, yellow means traffic is slower than the posted speed limit, and red means traffic is stop-and-go.

Share podcasts with friends: Listening to a podcast that you think a friend would like? You can share the link while you’re listening to it by pressing the Email button while it’s open.

Don’t forget your downloads: You can immediately see if your iTunes account is due for incoming downloads by opening iTunes on your PC, clicking the Storemenu, and selecting Check for available downloads. This trick can come in handy if your download process is interrupted, or if you missed some bonus iTunes content that came with an album you purchased.

Turn on Universal Access: You can enable options such as closed-captioned movies, VoiceOver screen reading, zoom magnification, and inverted white-on-black text by selecting the iPad in iTunes, opening the Summary tab, and clicking Configure Universal Access under the Options heading.

Forget Wi-Fi networks: So you accidentally connected to a network once, and your iPad remembers it for life–whether you like it or not. On your iPad, go to Settings, Wi-Fi, and find the network under the ‘Choose a Network’ heading. Tap the blue arrow next to the network you want to remove, and tap the button on the top that says Forget this Network.

Customize your Spotlight searches: The iPad uses Spotlight for its built-in search functions, and you can tweak it to your needs under Settings, General, Spotlight Search. If you have a lot of data on your iPad, for example, you can selectively disable search in different categories (Contacts, Applications, Audiobooks, Notes, Events, Mail, and so on) that you don’t use so that your desired results show up faster. You can also simply change the order in which the search-result categories display by dragging them up and down, so that your more frequently used search categories appear at the top of the page.

Turn off in-app purchases: Go to Settings, General, Restrictions and tap Enable Restrictions to selectively enable restrictions for your apps, content, Game Center, and more. If you’re worried about other people breaking your bank account on in-app purchases, just disable In-App Purchasesunder the ‘Allowed Content’ setting.

Switch up the fetching frequency: Your iPad automatically grabs new data, such as incoming email. However, the iPad also periodically activates apps that don’t support iOS’s Push feature so that they can go fetch new data–which uses the tablet’s battery life. You can tweak your Push and Fetch settings in Settings under the Mail, Contacts, Calendars menu by toggling the Fetch New Data option.

Change your email signature: Don’t be one of those people who leave the default ‘Sent from my iPad’ signature on all their messages. Change it in Settings, Mail, Contacts, Calendars, Signature to something more interesting.

Master multitasking gesture controls: Enable multitasking gesture controls in any iPad running iOS 5 or later by navigating to General, Settings and toggling Multitasking Gestures on. Now you can place four or five fingers on the screen at once and swipe them left or right to switch between open apps, or swipe up to display the multitasking bar. You can pinch your fingers together on the screen to return to the iPad home screen.

Sync your iPad wirelessly: To set up iTunes wireless syncing, plug your iPad into your PC, make sure both devices are connected to the same wireless network, and then boot up iTunes on your PC. On your iPad, navigate to Settings, General, iTunes Wi-Fi Sync, select the computer you want to sync with, and tap the Sync Now button. Your iPad should sync wirelessly with your computer, and will now do so automatically whenever you have it plugged in and connected to the same Wi-Fi network as your computer.

By Alex Wawro and Patrick Miller, PCWorld

Web services and network managers nearly always require a minimum degree of password difficulty to prevent standard password-cracking techniques from guessing them quickly. We’re also cautioned not to reuse the same passphrases on different sites and are routinely blocked from recycling the passwords we’ve used previously.

Considering the number of times PC users sign into a service or network each day, we may need to remember a half-dozen hard-to-guess passwords, not to mention the various sign-in IDs we use along with the passwords (full name or first initial-last name? Case sensitive? An e-mail address?). Many computer professionals need access to dozens of secure systems, which stretches the limits of anyone’s memory.

Your three options are to use a password-management program, to write your passwords down on paper (or record them in an encrypted text file), or to devise a method for memorizing hard-to-guess passphrases. While no single technique is right for everyone, here’s why I suggest the memorization approach.

The pros and cons of password managers
For many people, the best way to protect their data and identity is to use a password manager, which either stores your passwords in the cloud or on a local drive–often a USB thumb drive or other portable storage device. The obvious risk is that the vendor’s server is hacked or you lose the drive that stores your passwords.

Last May, the LastPass password-management service reported a breach that may have exposed users’ passwords, although LastPass CEO Joe Siegrist stated that people who used strong master passwords were not threatened.

Other password managers work without storing your passwords on a Web server. The Tech Support Alert site recently compared several free password-management programs, including LastPass, RoboForm, and KeePass.

The hard-copy approach to password management
If you forgo the password-manager route, your options are to write your passphrases down or to memorize them. Whenever you record your passwords on paper–even if you record only a mnemonic that reminds you of the actual characters–you’ve made your accounts a little more susceptible to unauthorized access.

That hasn’t stopped computer experts from recommending that users jot down their passwords and keep the paper in a secure location. Gunter Ollman, a researcher for security firm Damballa, concludes that recording your passwords on paper is the lesser of several password evils; more risky is using the same password at multiple sites, setting your software to remember passwords, failing to change passwords frequently, using an easy-to-guess password, and reusing past passwords.

Likewise, computer expert Bruce Schneier reiterated on his Schneier on Security blog the advice of Microsoft executive Jesper Johansson to record your passwords on paper to encourage use of strong passwords.

The obvious downside of the paper approach is that someone will find the paper taped to the bottom of your keyboard or tucked into your wallet and access your private data before you’re able to take preventive measures. Or you may simply lose the paper and have to do the recover-password-by-e-mail two-step for each network and service you need to access.

The wetware approach to password storage is still the safest
As you might have guessed, Mr. Schneier’s 2005 post recommending that you write down your passwords generated quite a few comments to the contrary. Most of the commenters suggested their own technique for remembering strong passwords.

Of course, the bad guys pay close attention to this information and will attempt to incorporate the approaches in their password-cracking efforts. The key is to get creative in altering something you’ve already memorized, such as song lyrics, family members’ first names, or place names from your past.

An alternative method leverages something nearby. For example, there may be a product near your workstation that has a prominent model or serial number, or a book within view of your seat has an ISBN number on the back cover. Rather than using the exact number, add or subtract two or three numbers or letters, so “1158748562″ becomes “3370960784,” or “BCGA1339″ becomes “DEIC3551.”

The only problem I’ve encountered with my own password-mnemonic creation is that some vendors require a mix of upper and lower case letters and numbers. I have become resigned to having to go through Apple’s “Forgot your password?” e-mail routine about every other week.

This is doubly upsetting because my system uses from 12 to 16 random alphabetic characters (found in no dictionary and following no discernible pattern). As the How Secure Is My Passwordsite indicates, the all-text, all-lower-case password I devised would take much more effort to crack than an eight-character password that meets Apple’s requirements.

Check the strength of your passwords at the How Secure Is My Password site, which indicates how difficult your password is to crack, and whether it’s on the site’s common-password list.(Credit: screenshot by Dennis O’Reilly)

Only time will tell whether PC users will ever be able to securely store their sign-in credentials in their systems’ software or on a service’s Web server. For most people, the safest approach to passwords is to rely only on their own personal gray matter. Let’s hope a secure alternative to passwords arrives before our memories give out.

 Dennis O’Reilly @ CNET

If unethical journalists can do it chances are anyone can, right?

To test my theory I called up Kevin Mitnick, who wrote about the hacking and social engineering that landed him in jail in a fascinating book coming out this summer, “Ghost in the Wires,” and who serves as a security consultant, helping clients protect against privacy breaches such as this.

Phone hacking, also known as “phreaking,” is easy to do, Mitnick said, adding that he could demonstrate it on my phone if I wanted proof. So I gave him permission to access my voice mail and told him my mobile phone number.

He called me right back on a conference call so I could hear what was going on. First he dialed a number to a system he uses for such demonstration purposes and entered a PIN. Then he was prompted to enter the area code and phone number that he wanted to call (mine) and the number he wanted to be identified as calling from (again mine). Next thing I know I’m listening to a voice message a friend of mine left me last night that I hadn’t erased.

“See how easy it is?!” Mitnick says as my jaw drops.

He was able to get into my voice mail by tricking my mobile operator’s equipment into registering the call as coming from the handset–basically pretending to be me. To do this, he wrote a script using open-source telecom software and used a voice-over-IP provider that allows him to set caller ID, but there also are online services that provide similar capability that non-hackers could subscribe to. It might be easier or harder to accomplish depending on the mobile operator, he said. (I’m keeping some of the details sketchy to avoid providing a how-to for phreaking.)

“Any 15-year-old that knows how to write a simple script can find a VoIP provider that spoofs caller ID and set this up in about 30 minutes,” Mitnick said. “If you’re not adept at programming, you could use a spoofing service and pay for it.”

This technique, called Caller ID Spoofing, has been used and abused for years. In 2006, a caller ID spoofing account in the name of Paris Hilton was suspended for voicemail hacking, with other celebrities, including Lindsay Lohan, allegedly being victims, according to IDG News Service.

The method is more sophisticated than that allegedly used by the British journalists who are accused of using default PINs to access victims’ voicemail accounts, assuming correctly that many people wouldn’t bother to change the PINs. Since the phone hacking scandal first erupted about five years ago, mobile operators in the U.K. have changed their practices and most now require people to set their own PINs for remotely checking voice mail.

If I want to avoid having anyone use Caller ID Spoofing to access my voice mail again, I need to change my phone settings to require a PIN even when checking voice mail from my mobile device. But that doesn’t address the fact that mobile operators don’t authenticate caller ID. “The magic is that my VoIP provider allows me to set any caller ID and the other operators trust it,” Mitnick said. “Caller ID is automatically trusted.”

Mobile phone industry specialist David Rogers suggests on his blog that operators should consider preventing people from accessing mobile voicemails remotely at all.

Meanwhile, the Truth in Caller ID Act of 2010, which was signed into law late last year, prohibits anyone intending to defraud, cause harm, or wrongfully obtain anything of value from knowingly causing any caller ID service to transmit or display misleading or inaccurate caller ID information. This could send the caller spoofing services off shore but likely won’t put an end to the practice.

by Elinor Mills @ cnet.com

That’s the message from the “November Threat Landscape Report” released yesterday by security vendor Fortinet.

Global spam levels ultimately fell 12 percent in November after Dutch authorities took down a large Bredolab network made up of 140 different servers. The Bredolab botnet was typically used by cybercriminals to send out spam selling fake drugs, according to Fortinet. Spam had actually fallen as much as 26 percent the week after the network was dismantled but was able to stage a bit of a recovery afterward.

(Credit: Fortinet)

The ever-present Koobface botnet, known for affecting Facebook users, also suffered a hit on November 14 when U.K. Internet service provider Coreix took down three of its central “MotherShip” servers. The perpetrators of Koobface use these MotherShip servers as their main command-and-control systems to direct the spread of the botnet and control infected PCs. The bad guys communicate with the MotherShip machines through intermediary servers.

Though the takedown of the MotherShip servers dealt Koobface a severe blow, the success was short-lived as the botnet operators were able to use stolen FTP accounts to hijack other servers, according to Fortinet.

“We confirmed that on November 14, when the primary servers were taken offline, the intermediary servers failed to proxy content, which effectively crippled the botnet,” Derek Manky, project manager for cyber security and threat research at Fortinet, said in a statement. “Unfortunately, we saw communication restored five days later on November 19th. This is likely due to the fact that Koobface contains an FTP harvesting module.”

Looking at other botnets, Fortinet found another prominent threat in November in the form of Sasfis, a botnet that infects PCs by using the standard port 80 reserved for HTTP traffic. Increasingly, botnets are using common ports to spread in an effect to blend in with normal traffic. Detections of Sasfis command-and-control servers were third on the top 10 attack list maintained by Fortinet.

Fortinet also discovered in November that the Hiloti botnet was using legitimate DNS queries to report back to its command-and-control servers, another example of a botnet trying to use standard protocols to avoid being detected.

Finally, zero-day vulnerabilities were found last month in Adobe Shockwave, Adobe Flash, Microsoft PowerPoint, Apple QuickTime, and Microsoft’s Internet Explorer. All of these weaknesses were cited by Fortinet as critical as they leave the applications open to attacks that are able to run code remotely.

In terms of sheer malware attacks among the top countries hit in November, the U.S. accounted for 35 percent, up from 32 percent in October. Japan took 22 percent of the total attacks, up from 16 percent the prior month. And Korea took the brunt of 12.5 percent of the world’s total malware attacks, up from less than 9 percent in October.

(Credit: Fortinet)

Read more: http://news.cnet.com/8301-1009_3-20024432-83.html#ixzz186DmrR3M

Lance Whitney, CNET

“The final version of Microsoft Security Essentials will be released to the public in the coming weeks,” Microsoft said in the note.

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Public beta testing of Security Essentials started in June, with Microsoft reaching its goal of 75,000 testers just one day after it issued a call for them.

Ina Fried, CNet

While they were on the road, their home in Mesa, Ariz., was burglarized. Hyman has an online video business called IzzyVideo.com, with 2,000 followers on Twitter. He thinks his Twitter updates tipped the burglars off.

“My wife thinks it could be a random thing, but I just have my suspicions,” he said. “They didn’t take any of our normal consumer electronics.” They took his video editing equipment.

Most people wouldn’t leave a recording on a home answering machine telling callers they’re on vacation for a week, and most people wouldn’t let mail or newspapers pile up while they were away. But users of social media think nothing of posting real-time vacation photos on Facebook showing themselves on beaches hundreds of miles from home, or sending out automatic e-mail messages that say, “I’m out of the country for a week.”

“I’m amazed at how many people get on there and say they’re going on vacation,” said Lee Struble, head of security at Monroe Community College in Rochester, N.Y.

Struble, 53, is a member of Facebook with more than 200 friends, many of them classmates from high school and college who recently reconnected through the site. “Some of these people you haven’t seen in 20 or 30 years,” said Struble. “But they know where you live or can find out pretty easily, they can do a Google Maps search and can get directions to your house, and you’re telling them that you’re going to be gone.”

Struble is careful about his outgoing e-mail messages. “I just tell people I’m going to be out of the office; I don’t say I’m going to be out of town,” he said.

Despite the fact that so many people share their vacation plans via the Internet, most Americans don’t think private information is secure online. “We actually polled on that question, and the majority of people, teenagers and adults, think that a determined searcher can find them — no matter how careful they are with information,” said Lee Rainey, who has studied Internet behavior extensively as director of the Pew Internet and American Life project in Washington, D.C.

New communication technology has always brought with it new risks and rules, usually learned the hard way. When telegrams were a primary means of long-distance communication, correspondents struggled to craft messages that would convey meaning without revealing private business to the operator. Party line phones were often conduits of news and gossip. And Prince Charles showed the world painfully that mobile conversations could be intercepted when his pillow-talk call to Camilla Bowles was made public.

Facebook and Twitter are so relatively new that users may not consider all the risks. For Hyman, Twitter was a way to connect with fans of IzzyVideo.com, where he offers how-to videos on video production. His wife teaches scrapbooking through videos at Paperclipping.com. About half of the new episodes they release are free, but viewers pay to access their archives.

“The customers have never met me in person,” Hyman said. “Twitter is a way for them to get to know me. You do business with people you know. I’m a real person. I take my kids to the park. I go on vacation. I’m not just some company!”

He added: “I forgot that there’s an inherent danger in putting yourself out there.”

Detective Steven Berry of the Mesa Police Department, which is investigating the burglary at Hyman’s home, said: “You’ve got to be careful about what you put out there. You never know who’s reading it.”

Despite the potential risks, some social media fans say they have no qualms about sharing their whereabouts.

“I don’t worry about it,” said David McCauley of Boise, a social media consultant who posts a running update of his activities for his Facebook friends. McCauley also communicates constantly on Twitter, where anyone can sign up to read your posts.

“If somebody really wanted to rob me, they could rob me whether they’re Tweeting about it or not,” McCauley said. “Most people who want to follow you (on Twitter) are typically not thieves, or they’re not looking to take your stuff; they just want to follow you and understand you.”

McCauley even plans to offer a description, via Twitter, of a trip to adopt a child overseas.

“In the grand scheme of all the noise that’s out here on the Internet and in Facebook and Twitter, there’s so much going on that it would be hard for somebody to zero in on me, looking for me to be gone,” he said. “I’m just not worth that much.”

Anne Wallace Allen, The Associated Press

A Computer Economics report showed that annual worldwide malware expenses increased by $10 billion (to $13 billion) over a recent 10-year span. Google Research suggests that one in every 10 Web sites is infected with “drive-by” malware. In June 2009, the Windows Secrets e-newsletter reported that such seemingly safe Web sites as Coldwell Banker.com, Variety.com, and even Tennis.com were exposing Internet Explorer visitors to the Gumblar exploit, which threatens to compromise visitors’ systems in order to propagate.

IT professionals must encourage their users to follow several security practices to minimize virus, spyware, and malware exposure. But many computer techs are too busy to spread the word, or they don’t have the time to build an appropriate memo or handout.

With that in mind, here’s a handy reference list of 10 steps end users can adopt to avoid infection (including when using home systems to read and send work e-mail, create, edit, and distribute documents and spreadsheets, access the corporate VPN, and perform other office tasks). Post this list on your Intranet, distribute it in an e-mail, or download the PDF version and pass it along to end users. Just be sure the word gets out. Otherwise, you’re likely to find yourself losing precious time cleaning and repairing infected systems or entire networks.

1: Install quality antivirus

Many computer users believe free antivirus applications, such as those included with an Internet service provider’s bundled service offering, are sufficient to protect a computer from virus or spyware infection. However, such free anti-malware programs typically don’t provide adequate protection from the ever-growing list of threats.

Instead, all Windows users should install professional, business-grade antivirus software on their PCs. Pro-grade antivirus programs update more frequently throughout the day (thereby providing timely protection against fast-emerging vulnerabilities), protect against a wider range of threats (such as rootkits), and enable additional protective features (such as custom scans).

2: Install real-time anti-spyware protection

Many computer users mistakenly believe that a single antivirus program with integrated spyware protection provides sufficient safeguards from adware and spyware. Others think free anti-spyware applications, combined with an antivirus utility, deliver capable protection from the skyrocketing number of spyware threats.

Unfortunately, that’s just not the case. Most free anti-spyware programs do not provide real-time, or active, protection from adware, Trojan, and other spyware infections. While many free programs can detect spyware threats once they’ve infected a system, typically professional (or fully paid and licensed) anti-spyware programs are required to prevent infections and fully remove those infections already present.

3: Keep anti-malware applications current

Antivirus and anti-spyware programs require regular signature and database updates. Without these critical updates, anti-malware programs are unable to protect PCs from the latest threats.

In early 2009, antivirus provider AVG released statistics revealing that a lot of serious computer threats are secretive and fast-moving. Many of these infections are short-lived, but they’re estimated to infect as many as 100,000 to 300,000 new Web sites a day.

Computer users must keep their antivirus and anti-spyware applications up to date. All Windows users must take measures to prevent license expiration, thereby ensuring that their anti-malware programs stay current and continue providing protection against the most recent threats. Those threats now spread with alarming speed, thanks to the popularity of such social media sites as Twitter, Facebook, and My Space.

4: Perform daily scans

Occasionally, virus and spyware threats escape a system’s active protective engines and infect a system. The sheer number and volume of potential and new threats make it inevitable that particularly inventive infections will outsmart security software. In other cases, users may inadvertently instruct anti-malware software to allow a virus or spyware program to run.

Regardless of the infection source, enabling complete, daily scans of a system’s entire hard drive adds another layer of protection. These daily scans can be invaluable in detecting, isolating, and removing infections that initially escape security software’s attention.

5: Disable autorun

Many viruses work by attaching themselves to a drive and automatically installing themselves on any other media connected to the system. As a result, connecting any network drives, external hard disks, or even thumb drives to a system can result in the automatic propagation of such threats.

Computer users can disable the Windows autorun feature by following Microsoft’s recommendations, which differ by operating system. Microsoft Knowledge Base articles 967715 and 967940 are frequently referenced for this purpose.

6: Disable image previews in Outlook

Simply receiving an infected Outlook e-mail message, one in which graphics code is used to enable the virus’ execution, can result in a virus infection. Prevent against automatic infection by disabling image previews in Outlook.

By default, newer versions of Microsoft Outlook do not automatically display images. But if you or another user has changed the default security settings, you can switch them back (using Outlook 2007) by going to Tools | Trust Center, highlighting the Automatic Download option, and selecting Don’t Download Pictures Automatically In HTML E-Mail Messages Or RSS.

7: Don’t click on email links or attachments

It’s a mantra most every Windows user has heard repeatedly: Don’t click on email links or attachments. Yet users frequently fail to heed the warning.

Whether distracted, trustful of friends or colleagues they know, or simply fooled by a crafty email message, many users forget to be wary of links and attachments included within email messages, regardless of the source. Simply clicking on an email link or attachment can, within minutes, corrupt Windows, infect other machines, and destroy critical data.

Users should never click on email attachments without at least first scanning them for viruses using a business-class anti-malware application. As for clicking on links, users should access Web sites by opening a browser and manually navigating to the sites in question.

8: Surf smart

Many business-class anti-malware applications include browser plug-ins that help protect against drive-by infections, phishing attacks (in which pages purport to serve one function when in fact they try to steal personal, financial, or other sensitive information), and similar exploits. Still others provide “link protection,” in which Web links are checked against databases of known-bad pages.

Whenever possible, these preventive features should be deployed and enabled. Unless the plug-ins interfere with normal Web browsing, users should leave them enabled. The same is true for automatic pop-up blockers, such as are included in Internet Explorer 8, Google’s toolbar, and other popular browser toolbars.

Regardless, users should never enter user account, personal, financial, or other sensitive information on any Web page at which they haven’t manually arrived. They should instead open a Web browser, enter the address of the page they need to reach, and enter their information that way, instead of clicking on a hyperlink and assuming the link has directed them to the proper URL. Hyperlinks contained within an e-mail message often redirect users to fraudulent, fake, or unauthorized Web sites. By entering Web addresses manually, users can help ensure that they arrive at the actual page they intend.

But even manual entry isn’t foolproof. Hence the justification for step 10: Deploy DNS protection. More on that in a moment.

9: Use a hardware-based firewall

Technology professionals and others argue the benefits of software- versus hardware-based firewalls. Often, users encounter trouble trying to share printers, access network resources, and perform other tasks when deploying third-party software-based firewalls. As a result, I’ve seen many cases where firewalls have simply been disabled altogether.

But a reliable firewall is indispensable, as it protects computers from a wide variety of exploits, malicious network traffic, viruses, worms, and other vulnerabilities. Unfortunately, by itself, the software-based firewall included with Windows isn’t sufficient to protect systems from the myriad robotic attacks affecting all Internet-connected systems. For this reason, all PCs connected to the Internet should be secured behind a capable hardware-based firewall.

10: Deploy DNS protection

Internet access introduces a wide variety of security risks. Among the most disconcerting may be drive-by infections, in which users only need to visit a compromised Web page to infect their own PCs (and potentially begin infecting those of customers, colleagues, and other staff).

Another worry is Web sites that distribute infected programs, applications, and Trojan files. Still another threat exists in the form of poisoned DNS attacks, whereby a compromised DNS server directs you to an unauthorized Web server. These compromised DNS servers are typically your ISP’s systems, which usually translate friendly URLs such as yahoo.com to numeric IP addresses like 69.147.114.224.

Users can protect themselves from all these threats by changing the way their computers process DNS services. While a computer professional may be required to implement the switch, OpenDNS offers free DNS services to protect users against common phishing, spyware, and other Web-based hazards.

Erik Eckel, TechRepublic

To avoid such issues, the Anti-Spyware Coalition (ASC, www.antispywarecoalition.org ), a consortium of software companies and outside parties, has presented definitions and supporting documents at www.antispywarecoalition.org/definitions.pdf.

This isn’t the first attempt to define spyware. An earlier industry consortium effort called COAST fell apart after it admitted an adware vendor. Almost all the same antispyware companies are part of ASC, but no adware companies are included yet.

So far, it’s hard to see what the ASC documents accomplish. Sunbelt Software stayed away from ASC because it argues that adware vendors have the most to gain from consistent definitions. The authors of adware and spyware are innovative and fast-moving, and they spend as much time trying to fool antispyware programs as they do trying to fool users. Giving them consistent definitions would help them work within the loopholes in those definitions.

Moreover, there’s a lot more to writing antispyware than just defining terms. Which threats, for example, should merit a default action of Remove? What language in end-user license agreements is proper? What information needs to be disclosed during installation? These are some of the important and difficult decisions in the antispyware business, and the ASC documents don’t address them at all.

The other potentially important ASC document describes a dispute resolution process for vendors who don’t like the way they’ve been classified. This process, however, also seems likely to be more useful to spyware vendors. And potential legal liability may dilute the way software is classified. For instance, faced with vendors who objected to having their products described as spyware or adware, the Internet security company McAfee created the term PUP (potentially unwanted program) to describe programs that aren’t exactly malware, but which users may download inadvertently and would probably avoid if they realized what was happening. Symantec entered the antispyware arena using a definition process that sounds more like a 12-step program.

So what do the ASC documents do for the poor end-user? Not a whole lot, it seems to us. Formalized definitions are more likely to constrain legitimate software than to limit the activities of spyware and adware vendors. In addition to relying on an antispyware vendor’s software and its judgments about the threat landscape, you should continue to cast a wary eye and be alert for signs that may indicate programs you’d prefer to avoid.

Larry Seltzer, PCMag

Well, okay, I cheat a little: I use Outlook 2007′s spell-checker to give my outbound mail the once-over before sending. You can do likewise, without having to remember to click the Spelling button every time, by tweaking Outlook’s checker. Here’s how:

1. Click Tools, Options.

2. Click the Spelling tab.

3. Tick the box marked Always check spelling before sending.

4. Click OK.

That’s it! Now, when you click Send, Outlook’s spell-checker will immediately appear, giving you a chance to fix those “Hey, Rick, you are so stoopid” kinds of mistakes.

Of course, by default, Outlook uses squiggly red lines to indicate misspellings as you type, but I know many folks who prefer to just bang away at the keys and then fix the mistakes at the end. Me, I don’t make speling mistakes, so I don’t really need either feature.

Rick Broida, PCworld

In other words, disconnect the power cords from both, wait about 10 seconds, and then plug them back in. In a minute or two, your network will be up and running again, and your Internet access might be its good old speedy self. I say “might be” because there are loads of other possible culprits for pokey Internet connections.

For example, you might have a spyware problem. Windows’ Internet settings might be FUBAR (or at least less than optimal). If you’re connecting via a wireless router, there could be range issues.

In most cases, however, it’s probably just a router and/or modem in need of rebooting. For the record, my neighbor told me the power-cycling trick worked like a charm. Hmm, maybe I should send him a bill? Nah, I’ll just give him a link to Hassle-Free PC. Feel free to do likewise for friends and relatives who need answers to common PC problems!

Rick Broida, PCWorld