Windows XP—still used by many—has long been promiscuous in its relationships. That is, it’s constantly seeking out new wireless partners to talk to. One result of this is that your wireless connection can simply disappear as XP thinks that another connection is more desirable and dumps its current relationship.

Another downside to the promiscuity is apparent when you’ve taken your laptop from its normal surroundings and it begins calling out for all the relationships it’s had in the past. “Linksys, are you there? home123, what about you? Anchor Free? Anyone?” A savvy hacker sitting a few tables away in your local Starbucks can sniff the network and see the plaintive calls of your computer; in a few seconds he can configure his computer to appear to yours as the router it’s searching for and in another fifteen seconds or so he’s passing your traffic to the hotspot that you thought you were using.

As you continue to surf the Internet and check your e-mail, you have no idea that this hacker is seeing everything you do, right down to the contents of your e-mail messages and your e-mail account passwords.

I’ve been warning my customers for some time to disable Wireless Zero Configuration, the Windows service that is the cause of this promiscuity. However, if you don’t want to take this step, Microsoft has released an update that will keep your computer from airing its sordid past. This update is not found in the usual Windows Updates, so you will need to download and apply this update manually.

While most of the articles on OfficeMedic.com dealing with security focus on threats from outside your network, this article points out the danger from within. For example, how do you protect against the unauthorized copying of data on your computers—particularly as a business owner—when the user is allowed to access that data? iPods and flash drives are commonplace; how do you keep your employees or the night-time janitorial staff from plugging one in and downloading your financials or marketing plans?

A recent article on PCMag.com reviews several “endpoint security” products—software that restricts access not just to your USB ports, but also Firewire, serial, and parallel ports; CD, DVD, and Zip drives; WiFi, Bluetooth, and infrared ports; and more. If you’d like to skip the write-up and go directly to the Editor’s Choice, this link will take you to DeviceLock. The software is $35 for a single computer (Windows Vista not available at this time) and a free, thirty-day trial is available.

Sorry for the alphabet soup but what you need to know is if you’re using the older WEP encryption for your wireless network connection, it’s just about as bad as not using encryption at all. As this article explains, a network “protected” by WEP can be cracked in as little as one minute.

OfficeMedic recommends that you immediately switch to WPA encryption which, when used with a sufficiently strong password, is not vulnerable to hackers. You may need a new wireless router or access point to enable WPA; OfficeMedic can recommend an appropriate unit and we provide installation as well.

If you’re a Mac user and had Michael Tsai’s SpamSieve installed, you likely weren’t affected by the latest e-mail trojan masquerading as a video clip. Our own computers registered 15 of these messages stopped by the spam filter.

Unlike many computer techs, I won’t say “don’t open e-mail attachments.” But I’m tempted to. I suppose I could say, “Don’t open e-mail attachments unless you know exactly what it is and the person that sent it to you told you in a separate conversation that it was coming.” If so, you can probably rest assured that it’s not a virus or spyware that will not only infect your computer, but also begin attacking other computers.

No matter how well you’re protected, your behavior can compromise your computer’s safety. Safe computing begins with you, not your computer.

PC Magazine has reviewed eight of the leading security suites in a must read for anyone considering buying an all-in-one security solution. As a surprise to me, PC Mag rated Norton Internet Security 2007 ranked high on their list; I find that Norton accounts for many of my customers’ slow computers&mash;and misses many viruses that a light-weight anti-virus like AVG catches.

Not surprisingly, however, McAfee Total Protection ranked poorly. It’s all-but-the-kitchen-sink approach provides modules that, at best, are of dubious value and, at worst, don’t play well together or don’t work well at all.

The Editor’s Choice this time around is ZoneAlarm Internet Security Suite 6.5, which seems to jibe with members’ reviews on PCMag.com. (Kaspersky Internet Security 6 was also a member favorite.)

My view? Security suites add complexity to your system and are the major cause of system slowdowns. As each vendor races to complete a checklist and add features to stay ahead of competitors, users are faced with buying new hardware to accommodate the software and spending more time configuring the suite. Users are often better off with light-weight (and free) alternatives that simply work.

Today yet another attack has been found against Microsoft Internet Explorer that turns unprotected computers into unwilling slaves of the attacker, hijacking them to become members of massive bot networks. No action is required on the user’s part is required, other than surfing to a malicious website.

The exploit is amplified because it’s a zero-day exploit—taking advantage of a flaw in Internet Explorer within a day of the flaw being discovered. The flaw is present in fully-patched computers running Windows XP SP2 and IE 6.0 and, as of yet, Microsoft has not issued a security update. (The next scheduled update is on October 10.) So what can you do?

Rather than suggest that you use another browser, this time I’ll point out that behavior is the first defense when it comes to computer and internet security. Reports are that this current flaw is being taken advantage of by various porn sites. Other vectors for similar exploits include illegally-downloaded music and software and attachments in e-mail messages.

In each instance, the user is involved in risky behavior that exposes their computer to the exploit. Putting aside the morality of viewing pornography and stealing music, the fact is that these behaviors heighten the risk that you will be exposed to virus and spyware infestation. Consequences of that behavior include the loss of data, identity theft, and more. Can you afford the cost of your behavior? (And parents should immediately talk to their children about this issue.)

Just say “no!”

Disclaimer up front: I’m a Mac user. Have been for 18 years and I prefer to run the Mac OS. That said, my recommendation, for the home and casual user looking to buy a computer, to buy a Macintosh is based on what I see every day in the field, expunging viruses and spyware from my customers’ machines. This wouldn’t occur if they would use a more secure operating system, and in most cases there is no compelling reason to use a Windows machine.

A recent article at InfoWorld gives some hard facts about Windows’ vulnerabilities that left my blood cold. How is the average user to protect himself against the malware arrayed against him?

Ouch! News like this has got to sting: eEye Digital Security has found a security vulnerability in consumer security products put out by McAfee, including McAfee Internet Security Suite 2006, McAfee VirusScan, and McAfee AntiSpyware.

As yet, McAfee has not patched the vulnerability, which would allow an attacker to run malicious code on your computer, effectively bypassing the protection the product provides. If you’re using a McAfee product, be sure that your subscription is active so that you will receive the latest updates to remove this threat.

In a scant 31 days from now, Microsoft will put to rest three operating systems, one of which is eight years old. Windows 98, Windows 98SE and Windows Millenium Edition will reach their end-of-support date on July 11, 2006.

It’s important to realize that Microsoft will no longer be releasing security updates for these operating systems. Does this mean your computer is in danger if you continue if you don’t upgrade? Some would say no, since virus and spyware writers are not targeting these operating systems.

However, in a security bulletin dated last month, Microsoft has acknowledged that there is at least one critical security flaw in these older systems that they will not be fixing, even though the same flaw exists for Windows 2000 and XP and will be fixed for those OSes. The bulletin states “it is not feasible to make the extensive changes necessary…to eliminate the vulnerability.” It is reasonable to assume that future threats that target Windows XP will also affect older operating systems, just as this latest threat does.

If you’re using one of these legacy OSes, Microsoft’s recommendation that you take steps to protect their data by upgrading to Windows XP is good, although we’d recommend that you make that upgrade through a purchase of new hardware as well. If your computer is running Windows 98, it’s at least 5 years old; Windows XP will run much better on a new machine (and may not run at all on your old unit).

Of course, if it’s not feasible to upgrade your computer (if, for example, your software won’t run under Windows XP), OfficeMedic suggests that you simply disconnect your computer from the Internet and from any network. With no connection to another computer, your system will likely remain free of viruses and spyware, at least until they are able to propogate via power lines.

Don’t know how long this will be available, but Computer Associates is offering a free, one-year trial of its anti-virus software, eTrust EZ Antivirus.

Although I usually recommend the always free AVG Anti-Virus, I have used EZ Antivirus and heartily recommend for those who don’t qualify for AVG Free Edition.