Security issues rarely crop up at a convenient time. When you’re dealing with an intruder or a malware attack, you, your IT staff, and your help desk usually need answers fast.
There’s plenty of great security information on the Internet, but there’s also a heaping helping of snake oil and hype. So don’t waste time sifting through search results. Instead, bookmark these four sites, where you can count on accurate, trustworthy, and timely information.
When it comes to your network’s health, you can’t tell the players without a scorecard. That’s why every one of the big security software companies has its own encyclopedia of viruses, Trojans, and other forms of malware. The MMPC is Microsoft’s jumping-off spot for all its security resources—and it has many.
You might not think of Microsoft as a security company, but its security division is the equal (in size and in technical depth) of the biggest independent security companies. For enterprises, it sells the Microsoft Forefront security product line; for consumers and small businesses, the same engine powers the free Microsoft Security Essentials program. Microsoft’s engineers and security researchers have a unique view of Windows that most third-party security firms lack; that makes their blogs, articles, and reference libraries valuable resources.
Pro tip: The MMPC has an interesting and active (but not too active) Twitter feed. If your job requires that you stay on top of PC security issues, you’ll learn a lot from @msftmmpc.
The bigger your network, the more alert you have to remain. Think of the free Secunia Advisories page as the web equivalent of an early warning system, alerting you to new vulnerabilities that have been discovered in the products you use daily. Secunia alerts cover every operating system you can think of—server and desktop—as well as productivity software, web browsers and plug-ins, mail servers, and even (ironically) antivirus software.
If you’re considering a trial deployment of a new piece of software, a stop at Secunia is essential. You can search for advisories by product and by vendor or scroll through listings by date. A five-step color-coded rating helps you assess how urgently you need to address a particular advisory.
Secunia’s Software Inspector products (free for consumers, with a more robust paid version for corporate customers) are extremely effective at keeping third-party programs up to date. That’s an important tool in a world where operating systems are updated frequently and automatically. Most exploits these days try to attack weaknesses in widely used programs that are less likely to be up to date.
Pro tip: The language of security bulletins can be dense, filled with acronyms, obscure terms, and references to standards that most civilians never see. Debabelize the jargon with Secunia’s Terminology page, where you can compare a CVE to a CVSS and learn the differences between Moderately Critical and Extremely Critical.
You’ve just found a suspicious file on your network. Maybe it came in when a user downloaded a file, or maybe it rode in as an email attachment. What you don’t want to do is execute any file you suspect of being malware. That’s a job for security professionals.
Fortunately, you can outsource that job. For free. Send the sample to ThreatExpert. Leave your email address in the handy web form. Within a few minutes, you get back a report containing technical details of exactly what that suspicious file did when it was executed in the controlled ThreatExpert environment: Were any files created or modified? Ports opened? Registry keys created? These details can be invaluable signposts if you’re trying to help your IT staff figure out how to clean up a malware mess.
Pro tip: Want a real-time global view of PC security? Browse through and search the 200 most recent submissions on the ThreatExpert Reports page. Click any report to see details, which you can use to alert Help desk staff about symptoms to watch for in the field.
If one antivirus scan is good, 43 simultaneous scans must be 43 times as good, right? That’s the theory behind VirusTotal, which offers nearly instant web access to that many scanning engines, with the absolute latest definition files for each one. So you can see whether antivirus programs from Norton, McAfee, Microsoft, and others recognize a file as malicious.
Security professionals use VirusTotal to see how the competition is classifying a new threat. But anyone can upload a file to be checked. If you see a suspicious download that slips past your filters, you can find out quickly whether it’s safe or hostile. Bookmark the link for the scan results and recheck the scan results for that file over a period of a few days to see how quickly different security vendors react to the threat. You might be surprised. You might even choose to change security vendors.
Pro tip: You don’t need to upload a file to check it. If the suspicious file s available via the web, submit a link and VirusTotal will download and analyze it. Or calculate a unique hash for a file (using a tool like fileTweak Hash and CRC) and then search for that value in the VirusTotal database.