Originally published at The Parallax.
Tag Archives: featured1
Creating a culture of cybersecurity at work
With the digital threatscape proliferating exponentially – i.e. phishing emails increased almost 800 percent quarter-to-quarter in Q1 2016, to 6.3 million, while ransomware soared 300 percent year-over-year on its way to a billion-dollar-a-year problem – it’s important to remember that effective cybersecurity rests on three pillars – products and services, processes, and people. Simply throwing more money and resources at cybersecurity is not the answer: People are the key, and everybody has a role to play in effective cybersecurity.
Misconfigured server reveals Cerber ransomware targets users in Europe and North America
Cerber ransomware is a highly effective ransomware family that has been developed by professional cybercriminals. Fortunately for us, even professional cybercriminals make mistakes – like misconfiguring their servers. Twitter user and researcher @Racco42 noticed the mistake . Through this misconfiguration, we were able to take a closer look at their statistics and learn more about who they are targeting and who are not targeting.
Eddy Willems Interview: Smart Security and the “Internet of Troubleâ€
For this week’s guest article, Luis Corrons, director of PandaLabs, spoke with Eddy Willems, Security Evangelist at G Data Software AG, about security in the age of the Internet of Things.
Luis Corrons: Over the course of your more than two decades in the world of computer security, you’ve achieved such milestones as being the cofounder of EICAR, working with security forces and major security agencies, writing the entry on viruses in the encyclopedia Encarta, publishing a book, among other things. What dreams do you still have left to accomplish?
Eddy Willems: My main goal from the beginning has always been to help make the (digital) world a safer and better place. That job is not finished yet. To be able to reach a wide public, from beginners to more experienced internet users, I wrote my book ‘Cybergevaar’ (Dutch for Cyberdanger) originally in my native language. After that it has been translated into German. But for it to have a maximum effect, I really want it to be published in the most widely spoken languages in the world like English, Spanish or even Chinese. That really is a dream I still want to accomplish. It would be nice if we could make the world a little bit safer and at the same time make life a little bit harder for cyber criminals with the help of this book.
Another ambition that fits into my dream of making the world a safer place, is to get rid of bad tests and increase the quality of tests of security products. Correct tests are very important for the users but also for the vendors who create the products. Correct tests will finally lead to improved and better security products and by that finally to a safer world. That’s the reason why I am also involved in AMTSO (Anti Malware Testing Standards Organization). There is still a lot to do in that area.
LC: Since the beginning of 2010 you’ve been working as a Security Evangelist for the security company G Data Software AG. How would you define your position and what are your responsibilities?
EW: In my position as Security Evangelist at G DATA, I’m forming the link between technical complexity and the average Joe. I am responsible for a clear communication to the security community, press, law enforcement, distributors, resellers and end users. This means, amongst other things that I am responsible for organizing trainings about malware and security, speaking at conferences and consulting associations and companies. Another huge chunk of my work is giving interviews to the press. The public I reach with my efforts is very diverse: it ranges from 12 year olds to 92 year olds, from first time computer users to IT security law makers.
LC: Data that’s been collected over the years leads us to conclude that 18% of companies have suffered malware infections from social networks. What measures can be taken to avoid this? Are social networks really one of the main entry points for malware in companies?
EW: Social networks are only one vector of many infections mechanisms we see these days. Of course we can’t deny that social networks are still responsible for even some recent infections: end of November a Locky Ransomware variant was widely spread via Facebook Messenger. But still Facebook, Google, LinkedIn and others have some good protective measures in place to stop a lot of malware already. Surfing the web and spammed phishing or malware mails are still the main entry points for malware in companies. Delayed program and OS updating and patching and overly used administration rights on normal user computers inside companies are key to most security related problems.
LC: What do you believe to be the greatest security problem facing businesses on the Internet? Viruses, data theft, spam…?
The weak link is always an unaware or undertrained employee. The human factor, as I like to call it.
EW: The biggest security threat to businesses are targeted phishing mails to specific employees in the company. A professional, (in his native language) well-written created phishing mail in which the user is encouraged to open the mail and attachment or to click on a specific link, has been seen in a lot of big APT cases as the main entry point to the whole company. These days even a security expert can be tricked into opening such a mail.
Another great threat is data breaches. Most of those are unintentional mistakes made by employees. A lack of awareness and a lack of understanding of technologies and its inherent risks are at the base of this.
Both of these risks boil down to the same thing: the weak link is always an unaware or undertrained employee. The human factor, as I like to call it.
LC: Criminals are always looking to attack the greatest amount of victims possible, be it through the creation of new malware for Android terminals or through older versions that may be more exposed. Do cybercriminals see infecting old devices the same way as infecting new devices? Which is more lucrative?
EW: Android has become the number 2 OS platform for malware after MS Windows. Our latest G DATA report saw an enormous increase in Android related malware in 2016. G DATA saw a new Android malware strain every 9 seconds. That says enough about the importance of the platform. Current analyses by G DATA experts show that drive-by infections are now being used by attackers to infect Android smartphones and tablets as well. Security holes in the Android operating system therefore pose an even more serious threat. The long periods until an update for Android reaches users‘ devices in particular can aggravate the problem further. One of the bigger issues is that lots of old Android devices will not receive any updates anymore, bringing the older devices down to the same level of (no) security as Windows XP machines. Cybercriminals will look to the old and new Android OS in the future. Malware for the old Android versions will be more for the masses, but malware for the new versions Android versions needs to be more cleverly created and are more lucrative if used for targeted attacks on business or governmental targets.
LC: In this age of technological revolution through which we are now living, new services are invented without giving a second thought to the possibility that it may be put to some ill-intentioned use, and are therefore left under-protected. Has the Internet of Things become the main challenge with regard to cybersecurity? Does the use of this technology conflict with user privacy?
EW: I wrote about the Internet of Things already a couple of years ago at the G DATA blog where I predicted that this platform would become one of the main challenges of cybersecurity. In my opinion IoT stands more or less for the Internet of Trouble. Security by design is dearly needed, but we’ve seen the opposite unfortunately in a lot of cases.
Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security.
IoT is seriously affecting our privacy unfortunately. The amount of data IoT devices are creating is staggering and that data is being reused (or should we say misused). You’ve undoubtedly agreed to terms of service at some point, but have you ever actually read through that entire document or EULA? For example, an insurance company might gather information from you about your driving habits through a connected car when calculating your insurance rate. The same could happen for health insurance thanks to fitness trackers. Sometimes the vendor states in the EULA that he isn’t responsible for data leakage. It brings up the question if this is not conflicting with the new GDPR (General Data Protection Regulation).
I am convinced the Internet of Things will bring about much that is good. I can already hardly live without it. It is already making our lives easier. But IoT is much bigger than we think. It’s also built into our cities and infrastructure. We now have the opportunity of bringing fundamental security features into the infrastructure for new technologies when they are still in the development stage. And we need to seize this opportunity. That is ‘smart’ in my opinion. Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security. I only hope the world has enough security engineers to help and create that Smart security.
LC: New trends such as the fingerprint and other biometric techniques used with security in mind are being implemented, especially in the business world. What’s your opinion about the use of these methods? For you, what would the perfect password look like?
EW: Simple, the perfect password is the password I can forget. In an ideal world, I don’t need to authenticate myself with other tools anymore except part(s) of my body. It’s unbelievable how long it takes to implement this in a good way. The theory is there for ages and we have the technology now, it’s only not perfect enough which makes it costly to implement in all our devices. After that comes the privacy issues related to it, which possibly will postpone the implementation again.
We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it. So we will always need to have a combination of authentication factors.
LC: Your book Cybergevaar pitches itself as a sort of information manual on IT security for the general public, offering various tips and advice. What were some of the greatest challenges in outlining a book aimed at every kind of Internet user? What piece of advice on display is most important for you?
EW: One of the big challenges in writing the book was leaving out most of the technical details and still remaining on a level that everyone, including experts and non-technical people, wants to read. I tried to keep a good level by including lots of examples, personal anecdotes, expert opinions and a fictional short story. Keeping all your programs and OS up-to-date and using common sense with everything you do when using your computer and the internet is the best advice you can give to everybody! The real problem most of the time is, as I mentioned before, the human factor.
LC: There’s been some talk of a “new reality”, the omnipresent Internet in every aspect of our lives. From your perspective, is this phenomenon truly necessary?
EW: IoT is just the beginning of it. I think we are very near to that ‘new reality’ even if you don’t like it. Our society will be pushed to it automatically, think about Industry 4.0 and Smart cities. In the future you will only be allowed to buy a car with only these specific Smart features in it or you will not be allowed to drive in specific cities. A smart cooking pan that automatically tracks calories and records your delicious recipes as you cook in real time will only work with your new internet connected Smart cooking platform. The omnipresent internet is maybe not really necessary but you’ll be pushed to it anyway! The only way to escape it will be maybe a vacation island specifically created for it.
We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it.
LC: What have been for you the worst security violations that have marked a before-and-after in the world of cybersecurity? Do you have any predictions for the near future?
EW: The Elk Cloner virus and the Brain virus back in the eighties … everything else is just an evolution of it. We probably wouldn’t have this interview if nothing had happened 30 years ago or … maybe it was only a matter of time? Stuxnet was built to sabotage Iran’s Nuclear program. Regin demonstrates even more the power of a multi-purpose data collection tool. Both built by state agencies showing that malware is much more than just a money digging tool for cybercriminals. And of course the Snowden revelations as it showed us how problematic mass-surveillance is and will be and how it reflects back to our privacy which is slowly fading away.
Malware will always be there as long as computers -in whatever shape or form they may be around, be it a watch, a refrigerator or a tablet- exist and that will stay for a long time I think. Cybercrime and ‘regular’ crime will be more and more combined (eg. modern bank robberies). Malware will influence much more our behavior (eg. buying, voting, etc) and ideas resulting in money or intelligence loss. Smart devices will be massively misused (again) in DDoS and Ransomware attacks (eg. SmartTv’s). And this is only short-term thinking.
The only way forward for the security industry, OS makers, application vendors and IoT designers, is to work even closer together to be able to handle all new kind of attacks and security related issues and malware. We are already doing that to some extent, but we should invest much more in it.
The post Eddy Willems Interview: Smart Security and the “Internet of Trouble” appeared first on Panda Security Mediacenter.
Now Hackers Can Spy On Us Using Our Headphones
Hackers can access your data through your headphones
Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.
Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?
All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.
Now even your headphones can spy on you
Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.
The headphone technology
The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.
As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.
Privacy vulnerability
Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”
The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.
As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.
So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.
The post Now Hackers Can Spy On Us Using Our Headphones appeared first on Panda Security Mediacenter.
Facebook to help you find free public Wi-Fi. But is it secure?
Facebook, the social giant that many people check obsessively, is testing a new, handy feature to help their users find free public Wi-Fi directly via their Facebook mobile app. The tested feature is available only for selected iOS users in various countries.
“To help people stay connected to the friends and experiences they care about, we are rolling out a new feature that surfaces open Wi-Fi networks associated with nearby places,” a Facebook spokesperson told Mashable.
We believe that being connected gives us flexibility and great opportunities, but before you actually connect to any public Wi-Fi recommended by Facebook, double check its security and speed. You can do it for free, using Avast Wi-Fi Finder.
How does Facebook’s Find Wi-Fi work?
Once you click on the Find Wi-Fi feature, you will see an actual map with a Wi-Fi spots, showing you the distance and directions towards the public free Wi-Fi hotspots available in your area.
Image source: Venturebeat
What about privacy and security?
At this point there is little information available about the Find Wi-Fi feature. There are many speculations on why Facebook is even releasing it. One of the strongests is related to the company’s mission to help people access the internet (even if it’s through its platform). Other theories involves collecting information about business and its users.
And then there’s the whole targeted advertising thing — getting you to free hotspots around the city could impact the ads that you’re shown within your Facebook experience, selling you on hanging out at more popular local merchants and restaurants, comments Ken Yeung
We don’t want to speculate, we just follow the available facts. One of our tasks as a security company is to raise questions about safety and privacy of users’ data. Facebook will use this feature to collect data about users for advertising purposes.
It will not only show you the business offering free Wi-Fi, but also how long it’ll take to get there and the network you can connect to. Facebook recommends that you give the app permission to access your location history, claiming it will “allow Facebook to build a history of precise locations received through your device.”
What about safety?
We know that open Wi-Fi hotspots are great: they allow you to access the Internet when you travel to new places. But losing your personal data is not worth it.
“Many of us have found ourselves in situations when traveling or working remotely in which we’re unable to find reliable and secure Wi-Fi. With the Avast Wi-Fi Finder, consumers are now able to find a safe and fast Wi-Fi connection whether you’re at the gym, hotel, airport, bus station, library or café.” said Gagan Singh, president of mobile at Avast.
What is the added value of the Avast Wi-FI for the users? Our technology checks for the vulnerabilities of the Wi-Fi Hotspot such as:
- If the Wi-Fi hotspot is infected or exposed to a DNS attack
- Other devices connected to the network, to verify its security
- If the router of the hotspot is protected by a strong password and not accessible from the Internet, so upon accessing the hotspot, your device won’t be vulnerable to hackers
- If the hotspot itself it protected by a secure password
Last but not least: for the maximum protection of your data, we recommend you use VPN protection.
In February 2016, we ran an experiment at the Barcelona Airport and gathered more than 8 million data packets, proving that open Wi-Fi hotspots are risky. We learned the following information:
- 50.1 percent had an Apple device, 43.4 percent had an Android device, 6.5 percent had an Windows Phone device
- 61.7 percent searched information on Google or checked their emails on Gmail
- 14.9 percent visited Yahoo
- 2 percent visited Spotify
- 52.3 percent have the Facebook app installed, 2.4 percent have the Twitter app installed
- Avast could see the identity of 63.5 percent of the devices and users
“Many individuals recognize that surfing over open Wi-Fi isn’t secure. However, some of these same people aren’t aware that their device might automatically connect to a Wi-Fi network unless they adjust their settings,” said Gagan Singh, president of mobile at Avast.
To make sure that your connection is secure regardless of the Wi-Fi hotspot settings and avoid looking extensively for recommended, secure hotspot, we recommend that you use Avast SecureLine VPN.
Five New Year’s Resolutions to Strengthen Your Company’s Security
Now that we’ve taken stock of the year we’re leaving behind, it’s time to establish some resolutions for the year that lies ahead. As in any other field, there’s always something to do when it comes to cybersecurity. The latest report from Accenture, “The State of Cybersecurity and Digital Trust 2016” revealed that 69% of businesses have suffered an attempted or realized data theft over the course of last year. Malware and DDoS attacks figure among the biggest concerns of executives surveyed by the consultancy.
Business managers now have 12 months ahead of them in which to improve security strategies and avoid these much-feared risks. We’d like to propose a few guidelines to improve the protection of corporate systems in 2017.
1. Get On Board the HTTPS Train
The majority of websites visited with Firefox and Chrome in 2016 were already using the HTTPS communication protocol. HTTPS guarantees a secure connection by identifying devices and encrypting data. Every day, the number of websites and applications that use this method increases. But there are still a few stragglers. For this reason, Apple is requiring app developers to incorporate this protocol and Google will publicly mark websites that don’t use it. If you haven’t yet, now’s the time to make the move over to HTTPS for your website, and make sure that the applications and websites visited at your company are using it as well.
2. Be Proactive and Know the Risks
The threat of cyberattacks is no longer limited to big corporations. Nowadays any small or mid-sized company is fair game. Criminals are using new and increasingly sophisticated tools and strategies. Better safe than sorry, as the cliché goes. One of the first orders of business is to get a threat detection and prevention program, regularly conduct a system analysis in search of anomalies, and keep your IT team constantly up to date on the latest developments in the field.
3. Invest in Cybersecurity
The Accenture report points out that corporate budgets for cybersecurity are not enough, according to surveys conducted with employers. Investments in this area have to do with more than just security contractors. Worker training programs in IT security or the purchasing of specialized software also require funding.
4. Keep an Eye on Authentication
2016 was not Yahoo’s year. The company had to admit to the breach of 500 million users’ accounts. This attack, the most notorious one in recent months, has set off many alarms. Crucially, it raises the concern about password security in and out of corporate networks. It’s important to create complex passwords, use systems that require more than one login, and adopt multi-step authentication methods. The road to achieving this goes by way of building awareness in your workforce.
5. Come Up With a Contingency Plan
In case a threat makes it past your prevention measures, it’s always good to have a contingency plan in place. This should be a very thorough and well-designed plan that takes into account every possibility. Everything from DDoS attacks and ransomware to the disappearance of a company laptop. This document would establish response protocols to grapple with data breaches and other incidents, distribute damage control responsibilities to the team, and designate measures to be taken, among other things.
These are just a few possible suggestions. The list could go on and on, depending on each individual company’s weak points. A thorough revision of the security flaws that came to light in 2016 will be highly useful for making next year better, and, of course, protecting your IT infrastructure and never letting your guard down.
The post Five New Year’s Resolutions to Strengthen Your Company’s Security appeared first on Panda Security Mediacenter.
“Eye Pyramidâ€, the Cyber-Espionage Malware that has Italy Reeling
This Tuesday, the Italian state police dismantled a cyber-espionage ring spearheaded by a brother and sister that sought to exert control over public institutions and administrations, professional studios, employers, and politicians. The network was able to access confidential information by installing a virus on victims’ computers, stealing information sensitive to financial institutions and state security.
Among those affected are former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of confidential information. Mayors, cardinals, regional presidents, economists, employers, and law enforcement officials are also on the list.
How Eye Pyramid Works
The investigation has been dubbed “Eye Pyramid”, after the particularly invasive malware that the suspects used to infiltrate the systems of the people they spied on.
These intrusions appear to have first surfaced in 2012, reaching 18,327 users with the theft of 1,793 passwords using a keylogger. This comes out to be around 87GB data. The method of infiltration was simple given the serious nature of the attack: the cybercriminal sent an email, the recipient opened it, and upon opening the email a software was installed on the device, giving access to its secret files.
Older versions of the malware with unknown origins (although possibly linked to Sauron) were probably used in 2008, 2010, 2011, and 2014 in various spear phishing campaigns.
In a hyperconnected world, with mounting tension between cybersecurity and cyber-espionage — we’ve recently seen a crossfire of accusations exchanged between major powers like the US, China, and Russia — these attacks appear to have special relevance to state security and the dangers it faces in the cyber world.
Advanced Persistent Threat, or How to Avoid a Cybernetic Nightmare
This attack, unprecedented in Italy, will continue to be under investigation and, according to authorities, may end up revealing connections to other cyberattacks carried out in other countries.
Protecting your confidential and sensitive data from cybercriminal networks and attacks such as ATPs is crucial in combatting the growing professionalization of cybercrime.
Advanced threats are no longer an issue when you’ve got an advanced cybersecurity solution like Adaptive Defense 360, the platform that connects contextual intelligence with defense operations to stay ahead of malicious behaviors and data theft. Protection systems are triggered and jump into action before the malware even has a chance to run.
Thwarting potential threats before they become a real problem is the only way to rest easy knowing that your information has not ended up falling into the wrong hands.
The post “Eye Pyramid”, the Cyber-Espionage Malware that has Italy Reeling appeared first on Panda Security Mediacenter.
How to share your internet mobile connection safely
Are you aware of the dangers of sharing your internet mobile connection?
Most smartphones have a built-in function that allows you to share the mobile internet connection with other people nearby. Acting very much like a traditional WiFi hotspot, mobile internet connection sharing turns your phone into a hub – authorised devices can then connect to your phone and share the data connection.
This “mobile hotspot” feature is particularly useful when your friends cannot get a reliable connection to their mobile network. Or when you need to get online with your laptop really quickly while “out and about”.
But just as you (should) secure your home network to prevent abuse and deter hackers, you need to take a few extra steps to keep yourself safe. If someone does manage to hack your mobile hotspot they may be able to steal the data stored on your phone – or run up a large phone bill simply by using up your data allowance.
Here are our top tips for boosting your security.
1. Use a ‘secure’ passphrase
When someone tries to connect to your mobile hotspot, they will be prompted to enter a password – which is exactly the same procedure as connecting to any other secure WiFi network. This password needs to be “complex” to prevent hackers from guessing it.
Android and iOS both generate long, complicated passwords by default, but it is worth checking your own settings to confirm. You must resist the urge to replace the password with something simple though – if you make it too easy for your friends to get connected, you also make it easier for hackers to jump online.
The Apple iPhone mobile hotspot requires a password at least eight characters long, but you should consider choosing something even longer that uses a combination of upper and lower case letters, mixed with numbers and punctuation marks (like ! Or ?) to deter dictionary attacks from “guessing” the password. The same password tip applies to smartphones running Android.
2. Disable by default
You can toggle the mobile hotspot function on and off – so it’s only available when you actually need it. You should always ensure the hotspot is toggled off when not in use to reduce the risk of unauthorised connections.
A few extra taps on the screen to enable the hotspot may be annoying – but nowhere near as frustrating as an unexpectedly high phone bill run up by people abusing your mobile data connection.
3. Keep an eye on your screen
Both Android and iOS provide helpful on-screen indicators to show when your mobile hotspot is switched on, and how many devices are currently connected. You should keep an eye on that indicator – it will help you spot when someone is connecting without your permission.
If you do detect an unauthorised connection, turn the hotspot off, and change the password immediately. This will help to prevent your connection being hijacked again.
Using these three tips, you can greatly reduce the risk of becoming another mobile fraud victim. For more help securing your mobile device, download a free trial of Panda Mobile Security.
The post How to share your internet mobile connection safely appeared first on Panda Security Mediacenter.
Porn filter: is it enough to protect our children?
UK to create new porn filter – but is it enough to protect your kids?
The UK government has recently announced a range of new measures intended to help “police” the internet, identifying and prosecuting cybercriminals and terrorists for instance. In among the proposals of the digital economy bill are plans to restrict access to pornographic websites that breach specific guidelines.
Under the proposal, any websites depicting sex acts that would breach the regulations used by the British Board of Film Classification (BBFC) to issue certificates for movies will be banned. This ban will apply to all UK users – not just children.
Moves to improve online safety
This new filter is part of continued government efforts to protect children from accessing pornography online. Previous measures include “age gateways” on porn sites that will demand proof that the user is over-18 before allowing access.
The reality is that children are being exposed to (or choosing to access) more inappropriate images than ever before. Parents, teachers and healthcare professionals are increasingly concerned about what the long term effect of this exposure is, which explains these new initiatives to restrict access.
Will it work?
Already there are many people raising objections to this latest proposal, claiming that a block on certain websites is unfair to adults who are allowed to view pornography. Other complaints focus on the fact that many of the “banned” sex acts are completely legal for consenting adults to engage in. These objections have little bearing on children, but they could force the government to water down their proposals in the long term.
More problematic is the fact that web filters imposed by central governments around the world almost always have loopholes that are exploited by criminals to carry on as normal. It is entirely possible that a UK content filter will have similar gaps in coverage. Alternatively the use of anonymous web proxies will allow determined users to circumvent these safeguards.
Children need multiple layers of protection online
The proposed web filter will act as a robust baseline protection for your kids as they surf the web. But it will not be sufficient to keep them completely safe.
True internet security relies on using multiple layers of protection to keep unwanted content out. So it makes sense to install a secondary web content filtering tool like Panda Internet Security to catch anything that makes it through the government’s filters.
Panda Internet Security
Panda Internet Security has the added benefit of being able to detect and block attempts to circumvent security. If one of your kids tries to use an anonymous proxy for instance, the filter will detect and prevent access. You also have the added benefit of industry leading anti-malware protection included as part of your subscription.
Whether the government’s proposed porn filter is ever put in place remains to be seen. But there is nothing to stop you from installing your own filter to protect your children right now.
Click here to download a free trial of Panda Internet Security today.
The post Porn filter: is it enough to protect our children? appeared first on Panda Security Mediacenter.