Tuesday, September 02, 2014

Anti-virus vs Internet Security. What is the Difference? Which One is the Best?

People often ask me what the difference is between an anti-virus package and an Internet security suite. The basic difference between the two is that an anti-virus package can only protect you against malware, while an Internet security suite protects you against various kinds of cyber attacks. In order to explain the difference a little bit better, lets take a look at the development of anti-virus applications over the years.

A little bit of history
I take you back to 2005, when guys like Mike Healan were advocating the clear distinction between adware and spyware. Back then, you had a scanner for each type of malware, as a matter of fact, the term malware was seldom used in those days. You had a separate scanner for adware, spyware and viruses. As time went by, the need arose for a single scanner, that can protect you against several types of malware. I believe ewido Networks was one of the first companies to release such a scanner, namely ewido Anti-Malware. Ironically ewido changed the name of their product from ewido Anti-Spyware to ewido Anti-Malware and later changed it back to ewido Anti-Spyware. This was most likely more of a marketing strategy than anything else.

Grisoft (now known as AVG Technologies) acquired ewido Networks and incorporated the features of ewido's products into their own line of products. One of these products were called AVG Anti-Malware, which was basically a combination of AVG Anti-Virus and AVG Anti-Spyware. Companies like Lavasoft, who originally focussed on anti-adware software alone, later added anti-virus and Internet security suites to their line of products.

The standalone anti-virus application
Today the term 'anti-virus' refers to software that protects you against all kinds of malware, but a decade ago you were vulnerable against any kind of malicious software that did not fall under the limited definition of a virus. I prefer to use malware as the collective term for all kinds of malicious software, but the word 'virus' seems to have stuck over the years and it is no longer limited to the technical definition of a virus, it now includes trojans, spyware, backdoors, downloaders, etc. I believe most people associate viruses with all kinds of malware and therefore the anti-virus companies decided to stick with this term.

So there you have it, an anti-virus application will protect you against all kinds of malware, including potentially unwanted programs (which is a topic on its own), but it does not protect you against all kinds of threats. This is were an Internet security suite comes in.

The Internet Security Suite
An Internet Security suite basically consists of 3 main components, a malware protection shield, a firewall and a spam filter. Anti-virus companies realised that although an anti-virus shield prevents malicious code from being executed, it remains a reactive and not a proactive means of fighting malware. Whether the malware is dormant or active, it needs to enter the system in order to be detected by the anti-virus software. So in order to take a proactive approach in the fight against malware, you need to catch the malware at the main entry points to the system, namely the network and e-mail (removable storage came into the equation at a later stage).

Obviously, a firewall is not just there to detect malware before it enters your system, it also prevents unauthorised access to the system from the outside and it ensures that the information that leaves your system, is transmitted through the proper channels by applications that has the necessary authorisation to do so. A firewall works on a basic set of rules, but is more heuristic in nature compared to an anti-virus scanner that needs an up-to-date malware signature database in order to detect the latest malware.

Spam filters (or mail scanners) have become redundant over the years, due to the increased effectiveness of online mail services against spam (or dangerous e-mails containing malicious attachments). Cloud computing makes it much more effective to filter out the junk at server level, so e-mail clients have less spam to deal with. Client-based spam filters have evolved into a second layer of spam protection, catching the ones missed by the server-side spam filter. Apart from filtering unsolicited junk mail and malware, it also keeps you safe from e-mail scams like advance fee fraud and phishing. Although client-based spam filters are redundant these days, they are still very useful if you access your e-mail via an e-mail client like Outlook or Thunderbird.

Many Internet security suites goes far beyond a malware scanner, firewall and spam filter. Some include parental controls, identity theft protection, instant messaging scanners, link scanners for your browser and some even have an isolated area that you can use for online banking and shopping. Other suites have special sandboxing features through which you can run an application in an isolated virtual environment, preventing the application from accessing critical areas of your system. This allows the user to evaluate the behaviour of an unknown or suspicious application before granting it full access to the system.

The main aim of an Internet security suite is to provide comprehensive protection against various threats, not just malware. It should be there when you browse the Internet, do online shopping, read your e-mails, download files, chat to your friends, connect to a local network, execute an application, always ready to intervene whenever it detects a threat to the integrity of your system or data. When you need more than just malware protection, you need an Internet security suite.

Making the right choice
So the question arises, how do I know if I need more than just malware protection? Is an Internet Security suite really necessary for home use?

To answer these questions, you need to ask yourself, how much information do I need to protect? Do you use your PC for a lot of financial purposes, do you shop online or transact with your bank quite a lot. Do you store a lot of personal and sensitive information on your home computer, information that could cause financial losses if leaked to the wrong people? If you answered yes to any of these questions, it might me a wise move to get an Internet Security suite.

Price is always a factor. An Internet Security suite may cost more than a standalone anti-virus application, but avast! INTERNET SECURITY for example (at the time of writing this article), is only $5 more than avast! PRO ANTIVIRUS and for that you get a firewall and a spam filter extra.

But what about the free version, why pay for something if you can get it for free? Remember, the free version only has basic protection against malware, which is much better than no protection at all, but the free version only applies to home use, most free anti-virus applications prohibits their use in a commercial environment. Secondly, even if it is only for home use, you will not be protected against all the threats covered by the paid version.

So here are the pros and cons of Internet Security suites and standalone anti-virus applications:

Standalone Anti-virus Pros
  • Cheaper than Internet Security suites
  • Less components means better performance
  • Paid version provides better protection than free version
Standalone Anti-virus Cons
  • Does not provide comprehensive protection against all threats, only malware
  • Might clash with 3rd party firewalls and spam filters

Internet Security Suite Pros
  • Provides comprehensive protection against several kinds of threats
  • Easy to maintain, central control, no clashes between components

Internet Security Suite Cons
  • Costs more than a standalone anti-virus, but only a fraction more
  • May cause performance issues due to the vast number of components

If you run a business, I highly recommend an Internet Security suite, especially if your data is an important asset to you. Most home users will be fine with a standalone anti-virus application, but as soon as you start to use the Internet for financial purposes or store a lot of important information on your home computer, you might want to consider an Internet Security suite.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Monday, April 21, 2014

Windows XP, End Of Life or End Of The World? How Can I Stay Safe on Windows XP?

I guess by now you have heard that Microsoft ceased support for Windows XP on the 8th of April 2014. In some circles this is old news, the April 2014 End Of Life was already known in September 2010, when Microsoft announced that Windows XP will no longer be sold after 22 October 2010. Many people mistook this date as the date when Windows XP machines will stop functioning and this is mainly due to the manner in which the end of life date was announced, many sources made it sound like the end of the world for Windows XP users. But is this really the end of the world? In this article we will look at whether you should upgrade to a newer version of Windows and how you can stay safe not only on Windows XP, but on every other operating system as well.

First of all, your Windows XP machine will not stop functioning, but will continue to operate as it always did. The only difference is that you will no longer receive any Windows Updates because Microsoft will no longer develop patches for Windows XP after 8 April 2014. According to Microsoft, existing updates and fixes will still be available, but I guess after some years Microsoft might even pull these from their servers. The biggest concern by Microsoft is your security and to quote from their end of life page; PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system”. Technically, this might be true, because should a hacker discover a flaw in a core component of Windows XP, it could be exploited to circumvent any security measures on a Windows XP machine and Microsoft will not be fixing that flaw. But is it fair to say that every XP machine should not be considered to be protected? In my humble opinion, no! There are a couple of things you can do to make sure your Windows XP computer is safe and secure.

I've read quite a lot of articles about Windows XP coming to end of life and from the comments on these articles, it is clear that a lot of people are not really worried about this. Some people feel that Windows XP is a very old system and people should have upgraded ages ago, while other believe that Windows XP still caters for all their needs and that they can continue to use the system without any foreseeable risk or problems. I am one of those people who have used Windows XP for years (and still do to a certain extent) without a single phone call to Microsoft for support. Whenever I ran into problems I always found a solution on the Internet and chances are you will still find solutions to Windows XP problems, because forums and articles will remain on the Internet for years. Computer repair shops will still have people with the necessary expertise to troubleshoot issues on Windows XP and many issues on Windows XP can still be addressed by a system restore or a re-installation, so it is not as if these tools are going to vanish now that Windows XP has reached its end of life.

The stark reality remains that at some stage it might be necessary to upgrade to a newer version of Windows, because certain hardware might not work on Windows XP, for example in the near future you might not be able to connect your mobile phone to your Windows XP machine. This has already been seen with the Nokia Lumia phones (running Windows Phone off course, so it is no surprise that support for Windows XP is pathetic). In order to connect a Nokia Lumia phone to a Windows XP machine, you need to install Service Pack 3 with Microsoft Windows Media Player 11. The lack of hardware support on Windows XP will boil over to many devices including DVD players, printers and graphics cards, because the manufacturers will no longer develop drivers for these devices. But the chances of installing a new DVD player or the latest graphics card in an old machine, running Windows XP is fairly grim. I still use an old Pentium 4 machine with an AGP slot for my graphics card, so I won't even be able to install a PCI Express card on that machine, so why would I worry about Windows XP drivers for a PCI Express card if I can't even install the hardware on the machine? Still, some people are running Windows XP on fairly new machines, so when they decide to buy new hardware in the future, they may be forced to upgrade to a newer Windows version because there won't be any drivers to run the hardware on Windows XP and I think this should be the only reason to move away from Windows XP.

Many companies still run Windows XP on their computers because their in-house software was developed on Windows XP and upgrading to Windows 7 or even Windows 8 is not financially viable at the moment. I can also speak out of experience. Years ago I developed a program in Windows 98 and had to make some modifications to it to make it work under Windows XP. I know comparing Windows 98 to Windows XP is not the same as comparing Windows XP to Windows 7, but it remains a pain in the neck to port your software to a new operating system. I could afford making the modifications, because I did not make any money from this software and I did not have any loss in production while I made these modifications, but certain companies cannot afford the downtime, so they opt to stay on Windows XP. If your software works well in Windows XP and you can continue to run your business using Windows XP, why upgrade? If it is not broken, why fix it? But in the end, I will still advise companies to develop Windows 7 or 8 solutions on the sideline, while running your in-house software on the Windows XP machines in the mean time. Should the time come when you are forced to upgrade, you will be ready to make the transition without too much effort. This is easier said than done for small and medium enterprises, who do not have the necessary manpower and financial resources to make such a transition, so they opt to stay on Windows XP for as long as possible. However, when your business model depends on software running on Windows XP alone, I think it is time to consider other alternatives, because you might face bankruptcy in the face if you are forced to leave Windows XP.

Right, so in a business environment, it might be necessary to upgrade to a newer version of Windows, but what about the individual, the normal man on street? I believe they have the least to worry about. If you are a happy Windows XP user, why upgrade now? When the time comes where a upgrade is inevitable, you will most likely have to buy a new PC, because older PC's can hardly handle Windows 7, so what are the chances of running a future version of Windows on a Celeron, Pentium 4 or Dual Core? (Yes I know, technically you can run Windows 7 for example on a Pentium 4 or Dual Core, depending on the size of the processor and RAM, but in the end they perform pretty poor when compared to running Windows XP on these systems). What about the Windows XP user who has a newer computer that can handle Windows 7 or 8 quite well? The question is not really about what your computer can handle, the question is, is it necessary to upgrade, merely out of a security point of view? I guess it depends on who you are and what you do on your computer. Unless you are a celebrity or high profile figure, chances are small that you are going to be targeted by hackers, but you still run the risk of getting infected by malware, leaking out personal and sensitive information to the creators of the malware. In order to get infected by malware you need to do something to introduce the malware to your system and even if the malware is exploiting a certain unpatched vulnerability in Windows XP, the malware still needs access to your system to make use of that vulnerability. So if you do not browse questionable and dangerous websites, if you are not “click-happy” (clicking on every link you see) and ignore strange and suspicious looking e-mails you have a lower risk introducing malware to your system.

So it boils down to clever computer use in general and not a specific operating system, so here are a couple of tips to keep you safe and secure on your PC (whether you are on Windows XP, Windows 7, Windows 8 and in some instances these tips are even good practice for Linux users).

PC Safety Tip #1: Only browse trustworthy websites

The hardest part for this tip is how to identify a trustworthy website. This discussion is a whole article on its own, but generally speaking, stay away from sites involved in piracy, pornography or advertised through spam. Rather stick to well-known sites with a good reputation and as a rule of thumb, use your gut feeling, if something is bothering you on a website, rather stay away from it.

PC Security Tip #2: Do not be “click-happy” but rather “click-vigilant”

Do not click on every single link or ad you see on the Internet or in an e-mail. You should NEVER click on any link in a suspicious e-mail and stay away from ads making unrealistic promises, or claiming that you have a new message, or that there are problems on your PC that needs fixing, or that you are the quadrillionth visitor to their site and that you have won a boat trip to the Bahamas. Use your common sense and once again follow your gut, if it sounds to good to be true... it probably is.

PC Security Tip#3: Uninstall all 3rd party software that you do not use

This is a very useful tips for Windows XP users, because you automatically close down vulnerabilities in your system by removing unused software. Over time we install a lot of programs and some of them is only used once to perform one specific task. If you do not think you are going to use a specific program again, rather uninstall it.

PC Security Tip#4: Refrain from adding programs to your system tray / Windows startup

Not all programs give you the option of adding it to the system tray, but normally these programs load at startup, so if you want to remove them, remove them from the Windows startup. As a rule of thumb, if you are not using it constantly and if it is not a security program, remove it from your Windows startup. Rather launch it when you need it, than having it run in the background, filling up your memory and introducing vulnerabilities to your system. Disable stuff like the Adobe and Java Updaters and rather update them manually. Do not leave your GPS updating software running in the background, rather launch the updater when you actually want to update your GPS. Refrain from leaving programs like TeamViewer running in the background, especially if you do not need remote access to that computer on a constant basis.

PC Security Tip#5: Do not install browser toolbars or plugins / add-ons

For Windows XP users, this is a must, especially if you want to make sure you are closing down any possible weaknesses in your system. Browser plugins and toolbars are the most vulnerable parts of your browser and is normally exploited to do drive-by installs. These plugins and toolbars are normally developed by 3rd party developers and do not go through all the security standards and checks that the browser's own components had to go through.

Plugins are normally useless, unless it is a plugin for a specific, useful purpose like a dictionary. Try to stay away from all browser plugins or add-ons, but if you really need to use a browser plugin, make sure it is from a trustworthy developer and that the plugin is widely used.

While there are exceptions to plugins, browser toolbars are always useless, even the ones developed by anti-virus companies. I haven't come across a single toolbar that made my life easier. They are normally used for ads and change stuff in your browser that you never asked them to do. So stay away from browser toolbars, period.

PC Security Tip#6: Do not open attachments from unknown senders

You should not even open attachments from known senders if the e-mail look suspicious. I've seen malware sending itself to everyone on the victim's address book, so it may appear as if your best friend sent you a photo, but the attachment is actually an executable (EXE) file containing malware. Use care when opening e-mails.

PC Security Tip#7: Never let your browser save your passwords

This is once again a little common sense and good practice. The safest storage space for a password is your brain, but we all tend to forget our passwords sometimes, so rather store it in some offline location or device. Never store your passwords on a device that has Internet access and make sure the device is encrypted. I am not a big fan of a password manager, but if you have to use one, once again, use it on a computer without Internet access.

PC Security Tip #8: Only use trusted USB drives on your PC and disable Autorun

You should not trust any USB drive unless you use it yourself and even if you use it yourself, do not plug it into a computer that doesn't have an anti-virus on it. If you have to borrow it to a friend, colleague or family member, make sure you scan it with an anti-virus scanner before using it again. Use a tool like Panda's USB Vaccine to protect the USB from getting infected with Autorun malware. This tool can also be used to disable the Autorun feature on your PC altogether, which is a must for Windows XP users. Do not take any chances with USB drives on your Windows XP machine, you are more likely to get infected by a USB drive than being infected by a malicious e-mail.

PC Security Tip #9: Use an alternative browser and dump Internet Explorer

Microsoft might have stopped developing patches for Windows XP but alternative browser developers will continue to support Windows XP for quite some time. So I suggest a browser like Firefox, Chrome or even Opera. Remember, these developers will continue to update and fix their browsers, but Microsoft will no longer patch Internet Explorer 8 (which is the latest version you can install on Windows XP). Support for IE8 died when Microsoft pulled the plug on Windows XP.

PC Security Tip #10: Use an up to date anti-virus and firewall solution

Why did I not mention this as the first tip, it seems pretty important to have this in place before anything else, right? Well, that's not entirely true. If you follow tips 1 to 9 down to the last letter, without any compromises, I will even go so far as to say that you can remain safe and secure without any anti-virus software. I am not promoting the use of a PC without anti-virus software, I'm merely illustrating the point that you can minimise the risk of becoming a cyber crime victim, by having some good PC security habits.

It is not good enough to have an anti-virus application as your only line of defence against cyber attacks, these days you also need a good firewall on your PC (especially Windows XP users). Your best bet would be an Internet Security suite like avast Internet Security, but if you cannot afford the paid version, at least use a free anti-virus and firewall application.

Most people are running their Internet connections through a router these days. Make sure you are utilising the firewall features of your router and if possible, use a router with NAT (Network Address Translation) capabilities. Having a software firewall on your PC, combined with a NAT router is a great way of controlling both inbound and outbound traffic on your computer.


Windows XP is an old system, you can't argue that fact, but it has been and always will be a great and stable operating system. At some stage you will have to upgrade to something newer, but it has to be your own decision. I don't have a problem with Microsoft pulling the plug on Windows XP, but I have a problem with Microsoft bullying their loyal users into upgrading, by using scare tactics through claims that all Windows XP machines are suddenly insecure.

Should you upgrade immediately? Not necessarily, you can continue to use Windows XP for as long as it does the job for you. The purpose of this article is to illustrate that PC security is not only vested in a secure operating system, but also through safe and secure computer usage practices and habits. It is not the security flaws on its own that makes an operating system insecure, but the way you use that operating system, where those security flaws can be exploited.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Thursday, January 03, 2013

Buying a Verifiable Degree Online – Is It Legal?

A couple of weeks ago I got an e-mail from someone asking me if the website Verifiabledegree.com was legitimate or not. So I decided to check the site out and see what it was all about. I almost fell off my chair when I saw the load of hogwash on this site and the lies they are trying to sell, so I thought it would be a good idea, not only to discuss the content of this specific website, but also buying university degrees in general.

At first glance this website should already give you loads of warning signs. On the main page there is not only this cheesy image of a girl studying (no offence to the girl in the photo), but the site is poorly designed with several parts overlapping each other. If these guys were really serious about making a good impression they would have spent more time on the design of this website:

So they say their degrees are:
  • Reliable, legal and official: That would be a no-brainer. Who wants an unreliable, illegal and unofficial degree?
  • Secure: What does that mean? Will they send it to you in a fireproof safe?
  • Confidential: So does that mean you can't show your degree to anyone, because it is confidential?
  • Registered: Another no-brainer, what is the use of an unregistered degree, if there is such a thing anyway.
  • Recognised: Any degree can be recognised it all depends on by whom. It will bring you no joy if it is only recognised by the guy who will pay you $1 an hour.

On their main page they also have the following text in an image:

Now this is very odd, especially if you take into account the importance of having your website crawled by the search engines. Everyone wants to rank high on Google, Yahoo and Bing, but you can't do this if you put all your important keyword rich text in an image. They either do not now how to optimise their website for search engines or they do not want to be found by them. So lets take a look at what they are saying here. You can get a degree from ANY university worldwide, within DAYS! Well I can already tell you about a dozen universities who will never hand out degrees like candy. So this is just a downright lie. How in the world can something like this be legal and above board? As a matter of fact, I can't see how anyone in his/her right state of mind can believe in junk like this. I think you have a better chance of losing weight with one of those ridiculous weight-loss pills than getting a legal university degree through these guys.

Lets take a look at the first paragraph on their "About" page:

"We help you purchase a university degree online. You can get a university degree very quickly that is verifiable, legal, accredited, and registered. You don’t need to attend any college or university, don’t need to do any coursework or assignments, and pass any examination."  

No coursework, assignments or exams? That sounds too good to be true... wait a minute it is too good to be true. If it was really possible to obtain a verifiable, legal, accredited and registered university degree, just by paying a couple of bucks (okay, maybe a couple hundred), why is there still so many conventional universities in business where you actually study and write exams? Big names like Stanford, Cambridge, Oxford, Harvard, etc. would have been obsolete by now if this was for real.

At the bottom of the main page they also have the following "About Us" statement:

"For 20 years, Verifiabledegree.com continues its mission to help individuals build their dreams by providing degrees that are fast, authentic, verifiable. reliable, and 100% legitimate. With over 100 linkages to accredited universities worldwide, it gives hope to those who want to upgrade lifestyle, change career, build confidence, and create a better future"

Over 100 linkages to accredited universities worldwide? I thought you guys said I could get a degree from ANY university in the world? According to some sources on the web there are over 9,000 universities world-wide, so over 100 linkages is cutting it a bit short.

They also have a Reputation page where the picture becomes more clear about who these guys really are. According to this page, instant degrees review have said some nice things about them. Who is instant degrees review? Well, they link the text "instant degrees review" with the Wikipedia page for Bachelor of Fine Arts, so much for linking to the page of the reviewer. One interesting piece of text on this page is the following two sentences:

"The instant degrees review will also tell you that confidentiality is guaranteed by the institutions offering the instant degrees. It is also a legally binding on your part never to reveal the link between the institution providing you the instant degree and the name of the institution from which you graduate."

Right, so that is where the confidentiality part comes in. You are not allowed to say that you bought a degree from University ABC through Verifiabledegree.com. Who in this world will ever be so dumb to buy a degree and then spill the beans about the source of the degree during a job interview. Someone as dumb as that should not even be allowed to buy a degree. By the way, what is a legally binding? Is it some sort of glue only sold by lawyers?

On their FAQ page you will find more inconsistencies about their services, for example:

Q: Do I have the right to know the name of the university where I got the accredited online degree?
A: Based on the confidential agreement with the university, we cannot release the name of the university or college to you. However, we guarantee that the degree is authentic, accredited, verifiable and legal. This is also to protect the privacy of our existing customers. We are 100% confident that our service is extremely secured.

Wait a minute, we just learned that you are not allowed to reveal the link between the institution providing the instant degree and the name of the institution from which you graduated, but how on earth can you do that if you don't even know from which university you graduated. Just imagine what your degree certificate will look like. "From the University of .... um... we can really say. This is to certify that .....". Yeah, that is going to help a lot to get that job you always wanted. Employers will never notice this, right?

Q: What makes you different from other university online degree services?
A: We had been in business for more than 20 years and we became online in 2000. Thousands of our customers had acquired their accredited online degree through us. We provide transcript, student records, reference letter, appreciation letter, acceptance letter and graduation letter. In addition, we can also offer lawyer certification and notarization (no lawyer will be that dumb if the paper is diploma mill). If you want, we can also provide graduation grown and hood for your graduation from our list of universities. We can also provide several public universities degree for you (extra fees may apply). Please check out if other providers can do this.

This is where the site starts to sound like a 419 scammer. Just read the answer again. We became online in 2000, who speaks like that? We provide transcript, sounds like some indigenous tribal leader. Why would you need a lawyer to certify and notarize an original, legitimate degree certificate, that is already adequately valid in its own right? If you need a lawyer to certify it, then there must be something wrong with it. "(no lawyer will be that dumb if the paper is diploma mill)", there they go with that tribal tone again. But they are right, no lawyer will be that dumb, only one who bought his/her law degree.

Last, but not least, they can provide your graduation grown (or perhaps hey meant gown) and hood that matches the colours of the so-called university where you apparently graduated. Why would you want something like this? The answer is simple, so that you can take a bunch of fake photos in your graduation gown and hood. Can't you see what these swindlers are doing, they are cooking up fake academic records. All these records do not matter anyway. Employers don't give a damn about your student records, acceptance, appreciation or any reference letter for that matter, they are only interested in your qualification and a valid, legitimate, original certificate to prove that you obtained it in an honest way. Do you really think your graduation gown is going to convince your employer that you deserve that promotion? For all we know you could have worn that gown in your high school Batman play.

On their Reasons To Get Degrees page, found under the Services section of the website, that makes no logical sense anyway, they also make the following claims:

  • Free verification? Isn't that the purpose of the official degree certificate issued by the university?
  • Perfect supporting documents: The cooked up stuff I mentioned earlier.
  • Not a diploma mill? According to Wikipedia a diploma mill "is an unaccredited higher education institution that offers bogus academic degrees and diplomas for a fee". This site fits that description perfectly.
  • You do not sell life experience degrees, but you make the following statement on the very same page: "To get instant degrees, people are required to sign a work experience declaration. Using a credit system, it is then converted into a degree. A network of legally established colleges and universities are involved in the process of issuing instant degrees and this service has grown massively over the last decade." So you just call it work experience, same difference.
  • Not a scam? Why would you want to make such a statement? If you offer honest and legitimate services there is no need to convince people that you are not a scam. It is normally a sign of a scam when people go to great lengths to convince you to the contrary.
  • No bad reputation and no negative news? Well, you don't have a good reputation or any positive news either. If they have been in the business for over 20 years, why haven't I heard about them before?

So what about ordering and payment options? On their Shipping and Payment FAQ page they have the following interesting questions and answers:

Q: What is your payment scheme?
A: We accept one-time fee only. We don’t ask for additional fees.

Anyone will expect to pay in advance to obtain a degree, so why the need for a question like this? Are they trying to tell us that this is Advance Fee Fraud?

Q: Where do you accept payments if we get your degree online?
A: We accept these payments from
  • Western Union
  • Alertpay (in special occasion)
Do I need to say any more. There is a reason why some pages sounded like a 419 scammer. Western Union is a very popular payment method used by scammers.

Q: Do you accept credit cards?
A: Yes, we do. If you get your degree online, it is even better to use your credit card for fast service.

That is the last thing you should do. Do you also get that sense of eagerness from these guys to get their hands on your credit card information?

When we move on to the ordering page itself, you will notice that it is not SSL encrypted. This means your personal and credit card information will be transmitted over an insecure connection. If this was really legitimate company, they would have gone through the trouble of purchasing an SSL certificate so that you can (1) verify that they are safe to buy from and (2) that your information will be encrypted during the transaction. It is very important to note, that being in the possession of a valid SSL certificate, does not make the vendor necessarily absolutely trustworthy, but the absence of one on a site where you need to enter sensitive information, tells you that they are not concerned about the safety of your information.

A hilarious part of the ordering page is the section where you can choose your grades to be shown on your academic transcripts. From an A+ to an F. Who would want to buy a degree with an F on all of the transcripts? I would rather study and aim for a C than paying money to get an F. The choice of grades do not affect the price of the degree, so whether you choose an A+ or an F, you still pay the same amount and that's perhaps the most ridiculous part of this site. So what about the price. According to their site an Honorary Doctorate degree, with all the fake transcripts, gown, hood, etc. will cost $1190. That is a lot of money for an F, but hey look on the bright side, the graduation cap comes in different sizes, so you are sure to find a cap that will fit.

The link to the Contact page is www.verifiabledegree.com/get-degree-online. On any conventional website, you would have seen the word “contact” somewhere in that link, but this link has absolutely no connection to a contact page (most of the linking structure on this website makes no sense at all). So whoever designed this website... must be a retard. The contact page only has a simple contact form. There is not even an e-mail address and for a company, who has been in business for 20 years, I find it a bit odd that they do not have a physical address or a telephone number listed on this page. This means, they do not want to be found and what kind of people do not want to be found, the kind who wants to take your money and run away.

As expected the WHOIS information for this domain is protected by whoisprivacyprotect.com, so I had a feeling in my gut that it would have been a waste of time looking up the WHOIS information.

So we had a look at this website and I think it is clear that these people are a bunch of crooks. But what about buying university degrees in general. I think it is just unethical and dishonest. Don't you think it is unfair to hold the same title as someone else, who studied 5 years and paid thousands of dollars to obtain the degree through blood, sweat and tears, while you only had to pay $1190, did not even open a book and got your qualification within two weeks? Sure, $1190 is a lot of money, but it is nothing compared to the amount of money you need to complete a 5 year study course. Just imagine how poor the quality of our workforce would be if everyone could buy a degree, wouldn't that beat the whole purpose of a formal education. The whole idea behind a degree is not that piece of paper, but it is to educate yourself in a specific area and to lay a proper foundation so that you are qualified to follow a specific career. Of course nothing replaces experience, but without the education, you can't expect to get very far.

Apart from being dishonest and unethical, just think about the dangers of appointing unqualified people in important posts. Strangely enough, Verifiabledegree.com does not sell any medical, aviation, emergency service or military related degrees, but they do sell degrees in engineering, law and accounting. These are very professional fields of work, with a lot of responsibilities. Imagine a structural engineer with a purchased degree, assigned to the construction of 10 story building or a large bridge, or an accountant with a purchased degree assigned to the finances of a large corporation listed on the New York Stock Exchange. What about a lawyer with a purchased degree assigned to defend an innocent person accused of murder and facing the death penalty? Just think about the chaos if we let unqualified people do the jobs of people who took years of studies and experience to develop and hone their skills. And who said it all stops when you get your degree, most professional careers require continual professional development, to stay ahead of your game. How do you expect someone with a purchased degree to do continual professional development without the foundation of a proper education? It is practically impossible.

The reality is, people do buy fake degrees, unqualified people are placed in positions due to things like affirmative action and employment equity. In South Africa we have first hand experience of people who have the necessary qualifications (not really sure how they got them), but they can't do the job and even worse, people appointed in certain positions of responsibility without any formal education, but that is not the subject of this discussion. You can't honestly buy a degree, you have to earn it through hard work and perseverance. This is how it always was and how it always will be until the end of time, it is as simple as that.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Wednesday, January 02, 2013

What's New at Cyber Top Cops?

First of all, may 2013 be a prosperous year for all of you. Yes, the holidays are coming to an end (for some the holidays already ended) and for most people it will be back to work and school very soon. Although I had a great vacation I also had a very busy one. In between the relaxation and quality time with family and friends, I also spent some time working on new projects here at Cyber Top Cops. I am really exited about these projects because I believe they will make us more effective in the battle against cyber crime. So lets take a look at what is new at Cyber Top Cops

Although this is not a new project, I have made some improvements to it. These improvements were mainly made behind the scenes, so you won't really notice anything different, but I have upgraded our scam example publishing tool which makes it possible for me to process scam examples quicker and easier.

This new project is a visible enhancement to the SHPAMEE Project. Although it is still in it's baby shoes, I believe this will add a lot of value to the spam examples we publish on our site in the future. The main idea behind this project was to get all the information collected about a cyber criminal during an investigation, out to the public. The main focus of this project is 419 scams at the moment, but the infrastructure of this project allows us to do much more than just 419 scammers. It is not really a project completely on its own, but it is rather tightly integrated into the SHPAMEE Project. At the bottom of each e-mail example you will see a heading “Related Cyber Criminal Profiles”. The system uses keywords from the e-mail example and searches the Cyber Criminal Profile database for cyber criminals that could possibly be related to the specific e-mail example on display. For an example of how this works, visit the following spam example page:

When you click on one of the profile links, it will take you to a profile page for that specific cyber criminal. It will highlight all similarities between the cyber criminal and the example page, in red, so that you can see why this cyber criminal was flagged as a related cyber criminal for that specific spam example.

In the spam example mentioned above you will find Mrs Kwesi Jane as the first related cyber criminal. At the bottom of the cyber criminal profile page you will find a cross reference back to the spam example and any other spam example the cyber criminal might be linked to, as well as a list of other cyber criminals related to the one on display. When you click on any of these related cyber criminal links, it will take you to the related cyber criminal's page where the similarities between the current cyber criminal and the related cyber criminal will be highlighted.

The database is almost non-existent, with only 4 active profiles at the moment. These 4 initial profiles were used to test the functionality of the system and now that the infrastructure is in place for more cyber criminal profiles, we can expand the database over time. A 419 scam example only tells you so much about the cyber criminal involved, but the new Cyber Criminal Profile system allows us to tell you so much more about a specific scam, not just about the main peanut in the packet, but also about everyone else involved in a scam (or at least every other alias used by a scammer). Who knows what kind of links this system will identify when we add more profiles to the database?

Most of my time went into this project. Over the years we have collected hundreds of malware samples, submitted by members of the public through our Malware Sample Upload Form as well as samples collected from spam e-mails and links reported through our Malware Site Report Form. But working through these samples and links was quite a tedious task, so I developed a system to make my life easier and at the same time provide feedback about the samples we have analysed so far. The malware sample information pages provide very basic information about the sample and which malware scanners you can use to remove it from your system, but I will add more information to these pages as time goes by.

This database is not just about a bunch of information pages. Visitors can also upload files to compare it to our database and if no match is not found, you can submit the sample for further analysis. I have also added an RSS feed, to keep interested parties up to date when we add new samples to our database. This feed can also be a great way for visitors to get some feedback about a malware sample submitted for analysis.

A lot of effort went into these projects and I really hope it will serve the Internet community well. I would like to see these projects as work in progress, because I am never done with them, every now and then I get an idea to expand or enhance a project or sometimes I just find a way to do the same thing, only better and more effective. But to make these projects more effective we need the help of the Internet community. We need you to report cyber crime!

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Saturday, September 08, 2012

Are You Utilising Your Internet Security Suite To Its Full Potential?

A lot of people have Internet security suites installed on their computers, but many people have no idea how much protection their Internet security suite really can offer. For long it has been the perception that an Internet security suite is basically an anti-virus combined with a spam filter and a firewall. That's true, these are the basic components of an Internet security suite, but as time went by, security software vendors had to develop additional, value added tools, in an attempt to stay ahead of the cyber criminals. Most people only rely on the automatic features that are enabled by default, mostly those running in the background, but some Internet security suites have a wide variety of useful tools, just lying around without ever being used. In this article I will highlight those tools in a couple of popular Internet security suites to make you aware that your Internet security suite can do so much more.

I will start off with my favourite Internet security suite, namely avast! Internet Security.

avast! has a great feature called the Sandbox component. This allows you to run suspicious programs in a virtual environment, sandboxing the program completely and preventing it from making any changes to your computer. This is useful for testing out software from unknown vendors, because a program, that is for instance not digitally signed, is not necessarily a malicious program, but you have the comfort of testing it in a protected environment before allowing it access to your system. The Sandbox component automatically kicks in when avast! identifies a suspicious program, but you can use this feature on any executable file by right-clicking the file and choosing “Run in sandbox” from the context menu.

The SafeZone desktop environment is another underrated feature of avast! Internet Security. It works basically the same as the Sandbox, but in a broader context, it not only protects the browser, but creates a complete virtual desktop environment where you can conduct online transactions safely and privately.

The last feature I would like to mention for avast! Internet Security is the Site Blocking feature. So, what makes this feature worth mentioning? Basically the ability to block sites based on specific keywords. This can be utilised as a small parental control tool, by blocking not only specific inappropriate sites, but sites containing certain keywords in their URL's. This is in no way a replacement for a comprehensive parental control tool, but if you don't have parental control tools on your computer, this tool may come in very handy.

Outpost Security Suite Pro may not have the virtual environments of avast!, but it has a great tool that protects sensitive information from being transferred from your computer, over an insecure connection. It is called the ID Block feature. This is a handy little tool, but you need to use it very carefully. The idea behind this tool is to remove parts of your sensitive information before transmitting it over an insecure connection. This means the ID Block feature will not interfere when you are entering credit card information on a secure page, that uses SSL encryption to transfer your information over the Web. So how does it actually work? You need to add your sensitive information to the ID Block feature so that it can know what to look for. You will not enter your complete credit card number or social security number for instance, only a significant portion of it, so that the ID Block feature can replace that part with asterisks (*), when the information is transferred over an insecure connection like e-mail, unencrypted web pages or an instant messaging program, that doesn't use SSL to encrypt your information. You can also use the ID Block to protect parts of your passwords, so that you never enter them inadvertently on an unencrypted page.

Outpost Security Suite Pro also has a site blocker called the Site and Ads Blocker. Apart from blocking websites as a whole, you can also block unwanted elements on a web page. The site blocker can also be used as a parental control tool, just like the Site Blocking feature of avast!

Perhaps the most underused tool of Outpost Security Suite Pro is the File & Folder Lock. This tool prevents any other program from modifying, deleting, moving or renaming a specific file or folder, so it basically works like a read-only file or folder, the only difference is you can't remove the lock if you don't know the master password of the security suite. This is a very useful feature for files and folders containing important information that is seldom or never changed. This can also be applied to important program and system files to prevent malware from patching them with malicious code.

It has been a while since I reviewed Kaspersky Internet Security, but the latest version seems to have two new features.

The first one is the Safe Money mode, it works basically like avast!'s SafeZone component, but not as a separate virtual environment but it is a special secure mode inside your browser.

The second new feature is the Secure Keyboard, a virtual keyboard you can use on banking and shopping sites when you have to enter credit card, banking or other sensitive information. This prevents key loggers from stealing important information because they monitor the keys being pressed on your physical keyboard and since you are not using it in these cases, you are no longer exposed the dangers posed by these spyware programs.

Kaspersky Labs was one of the first security software vendors to introduce an integrated parental control tool in their Internet security suite. Although it is not the most comprehensive parental control tool, it has enough features to help the parent perform most parental controlling tasks, like exercising control over applications, games and websites used by your children and blocking, limiting or logging your children’s communications, as well as blocking the transfer of private data, such as phone or credit card numbers.

There are many other good Internet security suites that I did not discuss here, but you should be able to identify a certain pattern here. Most Internet security suites have additional features that include some virtual environment where you can conduct online transactions safely, an identity theft protection feature and some form of web filtering feature. The message I'm trying to get across here is to pay attention to the additional features of your Internet security suite, you paid for this stuff, so why not use it? Don't wait until something bad happens, use all the security tools at your disposal, better be safe than sorry.

If you need any help with the features discussed in this article, feel free to leave a comment on the blog, or e-mail me with your questions.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.