Melody-Jane

My job is to ensure that F-Secure products have a high standard of quality and are easy to use. I work closely with the software designers, architects and engineers at F-Secure. I’m also interested in new technologies, media and anything even remotely related to the internet.

Follow me on:

latest posts from Melody-Jane

The internet is full information, but how many of us want access to all of it? There are some things online that we can live without seeing. There are also certain categories of website that are used more often by spammers and scammers and sometimes you might find yourself too easily distracted by browsing the web when you should be working. This is when using parental control on yourself can be useful. When you have our internet security product with parental control installed you can get a little help with your self-discipline, if you want it, or provide an extra layer between yourself and internet content that you do not want to see. Parental control has two blocking methods, one of them time-based and the other category based. If there are types of website that you do not wish to see you can set up a category based block for yourself: If you tend to lose track of the time and browse past your ideal bed time then you can use the time limits in parental control to make a warning page appear if you try to access a new page after, say, 1am: If you set it up for yourself you still know the password and retain control over your browsing. You can extend the time limit in half hour chunks if you want a little longer. You won't find yourself blocked from the internet if you don't really want to be as you can either whitelist specific sites or override the block by entering the password. It's a nice way to give yourself a little reminder and to ask yourself the question "Do I really want to surf here?"

Nov 4, 2010

I was recently became very concerned for the online security of my friend. Fresh out of a long-term relationship, she is full of energy at the thought of new romantic prospects and all the flirtation that she is free to indulge in now. However, she is a little out of practice and a little under-confident. So it's perfectly natural that the first place she looks for romance is on the Internet. Her choice alarmed me, but not because I think that it is wrong to begin dating via the internet; I've tried it myself and I know of many success stories. The thing that worries me about my friend is that she goes about it the wrong way and has an oblivious attitude to the pitfalls of looking for a partner online. I tried to warn her, but she's so romance struck that she doesn't care. That's bad news. My friend has discovered that there are an awful lot of people seeking romance and flirtation online and that some of them are very forward indeed. First she was contacted by a very nice, interested man, who turned out to be married. ( It's a good thing she searched for him on Facebook.) Yet this hasn't  discouraged her from trusting people. She still responds to messages from 'friendly' strangers on her instant messaging client or unsolicited Facebook friend requests, particularly when the messages seem to be from young men who cannot flatter her enough. No, no, no. I'm happy for her to have as much fun online as she wants to, but I really wish she would be more savvy about the risks. The main issue with online dating is the scams that target the love-struck victims. I found a good list of these on Hot Scams. (As an aside, the dubious-looking Google Ads for dating sites that show on the Hot Scams pages both disturb and amuse me. They are exactly the kinds of link that you should run through F-Secure's online link checker before you click on them). Dating scams are getting more and more common. Your new 'love' will try to get you to call them (on a premium rate number), to bail them out of trouble, to share your bank details, to send them a phone (so that they can call you) and so on. They won't do it immediately. They will get you hooked first. Once you are hooked, they can convince you to help them rob you. Next up, there is a small chance that by giving your details away to a stranger online you could put yourself at risk. Perhaps you would make a good target for bribery. For example,  you are flirting while married or have a job that requires you to maintain a spotless reputation. Or else, perhaps things will go too far and what you thought was just internet flirting leads to your having a stalker who tracks you down and tries to advance the relationship offline beyond what you could have expected . In addition to the financial threats and the small chance that you will put yourself in physical danger, falling prey to many of these dating scams can be embarrassing. Imagine your friends finding out you were one of the women who fell for the US Army scam; or having to be as brave as the woman who admitted to losing 10,000 dollars because she fell in love online; or having to tell your boss that the intimate conversations that were e-mailed to him were part of a bribery attempt. It's easy to assume that you would never be that unwise, but things look different when you are falling in love. On a more positive note, as I mentioned, I do know of online romance success stories - romances started through games, interest groups and even local dating sites. These are examples of people who did things right. They took their time getting to know one another, met in a safe public place and built their trust and relationship over time. I'm still going to suggest that my friend goes to the pub or joins a group offline. I'm sure her self-confidence will increase soon. Then she'll be able to enjoy the benefits of dating in-person, where she has more experience and is a bit more savvy. CC image by slettvet. slettvet

Oct 26, 2010

Two months ago I disabled my Facebook account. My friends keep asking me why and I didn't know what to tell them. At the time I felt like I was acting on a whim, but in hindsight I can think of a number of reasons why I might have quit: Micro-blogging was not fun any more Managing my settings and content took too much time I wanted to get to know people in person I wanted people to get to know me in person, but only if I like them I wanted to cut out people I don't want to know more easily There's too much passive-aggressive behavior on Facebook I had forgotten how to surf the internet for interesting content I checked Facebook far too often The novelty had completely worn off I am sick of the way I overhear "Facebook" in every conversation Nice things about having quit Facebook: I began to phone my family rather than check their status Friends who were quiet on Facebook turned out to be chatty via e-mail It was a surprise to find out which friends made an effort to stay in touch I felt like I had a lot more peace and time to myself I visit a broader range of interesting web sites, as per my pre-Facebook days Annoying things about having quit Facebook: People forget to invite you to events then ask why you were not at them You realize how many e-mail addresses and phone numbers you do not have Some friends just do not know how to keep in touch, so you have to give them up You're the last to hear a lot of social news So many conversations revolve around Facebook that you often find yourself excluded You can't spot bad photos posted online and ask your friends to remove them It's harder to share interesting links with your friends That's all I have so far. Let me know if I have missed anything. I do realize that most of my Facebook concerns are not security concerns. Asides from managing my settings and photos, my reasons for quitting Facebook are of a more social nature.  I'd also like to point out that all of the good things about having quit Facebook have far more value than the petty annoyances, even though the list is a bit shorter. The fact that I don't have to worry about one more aspect of my internet security is an added bonus. If I were a celebrity, perhaps I would have to make myself a placeholder account like that of Mikko Hypponen, who probably has completely different reasons for not being on Facebook than I. Best, Melody-Jane CC image by momo.

Oct 21, 2010

A lot of people out there seem to be creeped out at the thought that they might have a stalker following their online activities. They want to know who is viewing their profiles, looking at their photos, reading their status updates and how often. On Facebook, there have been many applications advertised to let you find this information and all of them are fakes. It's a good thing, too. These applications may satisfy your curiosity, but they treat all of the friends that you added to your profile as potential stalkers. Even if it were possible to find a Facebook application that reveals your profile views, by using that application to find stalkers you would become the very thing that you were trying to avoid. You'd be stalking your friends' online activities and snooping on actions that they believed were their own, private actions. Recently, professional site LinkedIn have removed anonymity from profile views, based on a user setting. MySpace have a similar feature: if you want to see who views your profile, you must let them see your activity. If you consider how frequently Facebook is changed, it seems that there is every chance that Facebook will add the same feature in the future. Facebook also have a disturbing policy of enabling new settings by default. It hasn't happened yet, but it is a reason to be vigilant. If you want to sacrifice your privacy in order to satisfy your curiosity it should be your choice and the choice of those who do not want to sacrifice their privacy should be respected as well. So, do you have a stalker? The first thing to get clear in a discussion about stalking is what stalking actually is. That way we can avoid persecuting and humiliating innocent people with the reputation-damaging label "stalker". A stalker is not someone who views your social profiles. It is not someone who views your page a lot. It is not someone who views your photos and it is not even someone who downloads them. None of these activities automatically make someone a stalker. If you are really being stalked it is a serious matter. It is illegal in at least some countries, as a form of threat and harassment. The US legal definition states that not only do you have to be followed, but it is "with the intent to place that person in reasonable fear of death or serious bodily harm" (I suggest you read the whole definition here). Cyber stalking also involves high levels of harassment, distress and the intent to track down and meet a person in the physical world. To reduce the chance that someone can trace you in the physical world you can read our guides on using location-based Facebook and how to use Twitter safely. I have to suggest that before you accuse someone of being a stalker you should think very carefully. Are you really under threat of death or injury just because someone views your photos online? Photos that you published yourself? Because when you put things online, your social profiles, your location, your pictures, your thoughts, your job description, you are publishing it. If you are reading this and you do have a real stalker, if you are living in fear of physical harm, then contact local law enforcement. Now that I have that warning out of the way, I can give you some practical tips in case you are curious about how much your profiles are getting viewed. I know that a lot of people have encountered this blog by searching for ways to discover so-called stalkers or to find out how to track people online better. I know because I can see how searchers came to this site. Yes, I can see that. If you look around you can find there are several sites and services that give you viewing statistics. I already mentioned the features in MySpace and LinkedIn, which allow you to see the details of your viewers so long as you are willing to reveal your details to them. That's a nice way to do it. Blogging sites offer statistical views of how many views you have for each post and where the posts have been linked. This is still somewhat anonymous, but that should be fine. It is still a lot of information. YouTube even have a little statistics area that can be opened up from underneath each video that tells you the age, gender and country of the video's viewers and which link or search brought them to the video. Facebook? The best advice I can give you is this: Why don't you just ask? Ask your friends and they might even tell you. You can also use common sense: Find out who comments most often and who 'likes' the most photos and status updates; the chances are that they view your profile the most often and that they are also very active Facebook users. Of course, going through your Facebook Friends' list and removing anyone you do not trust personally is always a good idea. Here on Safe and Savvy we have a lot of posts related to online privacy. If you are still curious then take a look at our archives and subscribe to our RSS Feed.

Oct 14, 2010

Recently a controversy erupted over Facebook Phonebook, an app that shares users' phone numbers without permission. Generally, Facebook can only share your number if you posted it and made it public via your privacy settings. However, by synching with your smartphone's contacts, this app can share a phone number that has not been published.  (This link will show you exactly how to hide your number on Facebook, though it won't prevent your friends from possibly sharing your number with Phonebook.) All of this talk has led me to wonder:  should I put my phone number online? I don't know about you, but I am really paranoid when it comes to putting my details online. I don't just worry about the ultra-sensitive information, like bank details and card numbers. I worry about my identity, my name, date of birth, my address and my phone number. I've given the issue some thought to try to work out what it is that I am worried about and whether I am being a little too cautious. After all, I have found it useful to look up my friends' phone numbers on social media sites when my phone has let me down, so why should I withhold the same information from them? I am quite security conscious, so I probably have less to worry about than the average internet user. But what might the average internet user have to worry about? Banking scams By far the most common threat is that which gives a criminal direct access to your finances. Your bank details can be stolen in a number of ways. There is no point in making it even easier by broadcasting your account numbers, card numbers or passwords. Other information, like your address and number, might be useful if it comes paired with your bank details, but they are not usually needed for criminals to make a profit from your account. Social sabotage By social sabotage I mean anything that could ruin your reputation with your peers. You can socially sabotage yourself by allowing your boss to see a photo of you hosting a late night party in the office. Your (one time) friend can publish the picture without your consent. Both of these problems are common and they are a reason to be careful about who you invite into your social circles and of what you say and do. A lesser problem is that your account is hacked and your reputation is ruined by an action supposedly performed by you. This is not as common. It is most likely to happen if you have immature friends, rebellious children or a jilted ex-partner and can be prevented by having a completely secret and impossible-to-guess password. Identity theft This is where you would have to worry about putting your address and phone number online. It is not very likely to happen though. It is most likely to happen as part of a banking scam and for that, as already mentioned, your phone number and address tend to be of secondary importance compared to your card numbers and account details. The other thing you should know is that if anyone wants to find your address and phone number online, the chances are that they already can. It doesn't matter if you did not publish them anywhere yourself. Phone directories are online and have been for some time. I found three services in Finland alone that claimed to be able to give me the personal details of people I know if I logged in to their services. For the USA, there are sites like Spokeo. These sites do not only give out your phone number and address, regardless of whether you know their existence, but they often collate other data. They will tell other people what you have posted in Yahoo! Groups (the titles of these posts are visible even if the group is private). They will gather your date of birth, gender, relationship status. Some may even gather photos of you. Your house. Your children. Whatever seems to be related to you online. All this information is out there already. These sites just make it easier to find. Most of the time no-one is going to use those sites and there is no need to worry. If you are paranoid then you can search for yourself and hunt down all the places your information is being leaked from. Usually the only reason to be this paranoid about your data is if you know that someone is out to get you! By this I mean that you are involved in a legal matter or that your livelihood relies on your reputation. Data loss There's a very small chance that this problem will occur to you as an act of sabotage. You'll suffer the loss of information from your online accounts, finding it deleted one day. This is most likely to happen because someone who is very close to you is angry with you. If this is happened to you, though, it is the second thing you should consider. Before you rush to accuse someone of tampering with your accounts be aware that it is far more likely that an error with the software or website you use has caused your data to vanish. Always check with customer services first or search the internet to see if anyone else has the same problem at the same time. Espionage Do you hold a crucial place in a business? Are you a government official? Are you a rebel to a strict governmental regime? Perhaps you're a celebrity? Have a stalker? Messy divorce? No? Then you probably won't ever have to worry about this. If you ever intend to answer 'yes' to the above questions then it is a good idea to become more security savvy. Reading this blog is a good start, well done. If you can answer 'yes' already, then you might be one of the few who are justified in being really paranoid and withholding most or all personal details from the online world. At the very least, seek advice relative to your position. If you've skipped to the end looking for a summary, then the answer to whether you should put your phone number (or address) online is: It depends. It is probably online already, but that does not mean that many people will know where to look for it. If you are going to broadcast it in many public places, think very carefully about who that public is. There's no need to give all of your jilted lovers your new number, or to invite calls from the Rick Astley Fan Club that you left all those joking insults with. If that's the kind of thing you get up to, keep your personal details to yourself. If you are going to put your phone number and address into a web form, think carefully about the legitimacy of the site you are on. Is it Amazon or amateur porn? If it is not a bona fide company, then do not give away your details. If your address and bank details are requested, by all means be suspicious and double-check everything. To be safe, never give away more details than the bare minimum required by a service. It doesn't hurt if you refuse to use online services that are not essential to you if they ask for too many details. Finally, if you want to respond to this article, please don't call me! Leaving a comment on the blog will do nicely. Melody-Jane. CC image by nathanmac87.

Oct 7, 2010

For a long time, I had an old, basic mobile phone, good for the occasional call or text message. There was no software available for backing up my phone on my PC, and I would write all my contact numbers in a physical address book in case I ever lost my phone. Now I have a smartphone and I am still adjusting to it. It is my calendar, my notebook, my dictaphone, my camera and I even use it for making the occasional call. It seems like smartphones have replaced at least 15 different devices. I have it backed up. However, I don't explore its features the way I would if I were placed in front of a personal computer. I've been holding back. I hate to say it, but I even held back with exploring my F-Secure security settings. I've been an exploratory computer user for years, poking around just to 'see what happens' and trusting that no serious or irreversible side-effects will occur. Yet with my phone I  held back until a few weeks ago when, in anticipation of our new and improved Mobile Security offering, which is now available for Android, I finally took the time to explore the settings. I'd known my firewall and anti-virus updates were up and running, which is another reason why exploring had not been so urgent for me. What I had not activated were the anti-theft settings. The best bit! Phones get lost, damaged and stolen far more often than they suffer virus attacks right now. In the future this is bound to change, but for now I think it's a good idea to ensure you have your anti-theft settings in place. I opened the anti-theft settings in my own phone and looked at the screen telling me about the locking and wiping functions. The idea was simple, great even. All I had to do was read a few lines of explanation to find that my phone would only lock if I sent a special text message, and I could even wipe the SIM card if I knew for sure that it had been stolen. There was no default pass code to look up in a manual, I could set it myself first time and give it a pass code that no-one could guess but me. I enabled the Anti-Theft on my mobile phone in no time at all and it was easy. F-Secure Anti-Theft also has a "Locate" feature. If I ever lose my phone I know exactly what to do to find it: I just text #locate#<and my pass code here> to my own number. I'm so keen to try it that I might have to hide my phone somewhere and test it out.

Jul 12, 2010

As we may have mentioned, F-Secure headquarters are in Helsinki, where we have had an exceptionally snowy winter. A few weeks ago, the amount of snow that had been cleared from the roads and pavements onto the curbs in between reached its peak. Literally. I used my phone to take an image of the F-Secure headquarters on my way into work: [caption id="attachment_389" align="aligncenter" width="225" caption="We'll climb any mountain to get to work"][/caption] The image is so striking that I wanted to share it. My fellow bloggers and I thought of how this image could relate to the work we do here. The consensus was that it was a great metaphor for the piles of viruses that we handle in F-Secure Labs each day. The average number of virus samples that we process each day is a number around 100,000. Per day. Wow. Sean from Labs points out that while these viruses are "individual, like snowflakes", they do fall into categories. Sometimes they are from the same criminal gangs, sometimes they are the same type of virus from a different gang. Sometimes they are almost the same virus, but altered in small ways to try and fool anti-virus technologies. We really would be 'snowed under' if it weren't for the technology that our lab technicians build for us to catch and analyze all of them. Just imagine having to sit down with a magnifying glass and check every snowflake in the photo. Instead, we use technology to do that for us, to give us up-to-date information on what our virus protection services need to block in order to protect our customers. Our technicians have to build that technology, keep it smart, feed it, and so on! It's a good thing that they are up to the task. With their help and expertise, we can protect our customers whatever the (virus) weather. What do you think of the image? Do you think the virus metaphor fits, or is it more like an icy firewall, protecting the f-secure premises? Or something else? Let me know!

Mar 25, 2010

In popular vampire mythology, it is claimed that vampires cannot cross the threshold of your home uninvited. I’ve heard the same theory bandied around in relation to computer viruses. It isn’t uncommon to hear reasonably tech-savvy people downplay the chances of malware (malicious software) reaching your computer uninvited. It would be nice if it were true, but unlike vampires, computer viruses and attacks are not mythological. They are usually developed by people with criminal intent and unlike vampires, they do not care whether you have invited them in or not. There are a lot of vampires in the media right now and it seems a good time to make it clear why treating viruses like vampires just won’t do. 1. Vampires need to be invited in. There are computers connected to the internet that scan for unprotected computers in order to exploit them.  The least you should have is a firewall to stave off this kind of attack. Still, a firewall alone is not enough. 2. All it takes to discourage vampires is garlic. A firewall on its own is not enough to protect you from all threats and neither is that free anti-virus your friend recommended to you. The people behind computer attacks are often pretty smart people and they have money as motivation. They've found more ways in this connected lifestyle to compromise your personal computers and gadgets than traditional anti-virus can tackle alone. 3. Vampires can't walk around in clear daylight. If you’re actually going to use your computer for web browsing then you need protection against malicious entities that can be hiding behind perfectly legitimate web pages. It’s not just sites touting free downloads, music lyrics or pornography that pose a danger; sometimes large and trustworthy organizations have their pages stealthily hijacked. All it can take is a visit to the web page for you to have been stealthily hijacked, too. You also have to consider what kind of email you are receiving and whether they are really clean. Not all spam mails are poorly worded stories about troubled Nigerian princes. Some malicious messages can look like they are from a company or person you know. It’s not just e-mails that can lead you to believe your friends and colleagues are out to get you, either. You might also get an innocent-looking malicious link if someone you know has had their Facebook, Twitter, or instant messenger account compromised. It is also worth remembering that you can get infected without being connected. Be careful of what you are plugging into your computer. USB “memory” sticks, music players and external hard drives are common tools and can all have viruses on them. 4. Vampires can be eliminated with a simple stake through the heart. Cleaning up a system that has been infected may not be as simple. If you've been subject to a really bad infections you can lose irreplaceable files or have to revert your computer to its original pristine condition, losing everything on it in the process. You can't easily restore the damage done to trust between yourself and friends or business partners if you inadvertently send them infected files, either. For those of you who want a little more than my word on the matter, I’ve hunted down a few interesting links on the subject and staked them to this page: A day in the life of an average user, Gabor Szappanos (Virus Bulletin, Jan 09) You have to register with Virus Bulletin to read this, but I found it worth the time. This article puts an anti-virus company’s claim to the test, concerning how much malware the average computer user is bombarded with during a day of computer use. Gabor finds that, in his tests, the computer user was infected by a successful network worm attack at an average rate of every six minutes and he recorded 34 attacks that were a result of simply being connected the internet. Botnets and How to Avoid Them, University of Calgary. This is a succinct guide to protecting your computer and yourself, and what it is that you are protecting yourself from. A firewall alone is not enough, Rik Ferguson (InfoSecurity Magazine, Oct 09) This article is a technical, business-oriented statement of the very same thing I am trying to communicate with this blog post. Malware Statistics Update, Niels Provos (Google Security, Aug 09) Google provide some data on how many malware sites are out there. If you know of any more good research on this subject, please let me know. Cheers, Melody-Jane

Feb 24, 2010