Bits & Bytes Computer Store

What's the best format for my pictures

http://www.pcworld.ca/news/column/a225b73e0a0104080036ef21e94a0a30/pg0.htm

Why is JPEG so popular? When is it better to use TIFF or RAW formats? PCworld.ca gives you all the information you need to choose the right format and make sure your memories get digitally immortalized without loss of quality.

The next time you start pining for the good old days of computing, keep this in mind: in 1995 we had to negotiate hundreds of image file formats, and no two imaging programs spoke the same language. These days, with just a handful of common file types for digital photos, we’re living on easy street. Even so, it’s rarely obvious which file format is best for a given image. Here’s a look at the strengths and weaknesses of the three most common digital-photo formats.

Go mainstream with JPEG: This format is the default that digital cameras use to save pictures, and every photo editing or viewing program can read it. Because you’re able to adjust JPEG’s compression level, you can make your files smaller, trading off image quality for portability.

If you’re a casual photographer who shoots, prints and shares without much serious editing in between, stick with JPEGs. Just be sure to set your camera to capture pictures at the lowest compression, which equates to the highest image quality. You can always reduce the quality later to shrink the file size, but you can’t bring the lost image data back.

JPEG does have a downside. Every time you make a change to a photo and save it, you’re reducing the quality of the image. It’s like making a photocopy of a photocopy: Eventually the loss of detail will become obvious (often painfully so), even if you always employ the highest quality setting available.

TIFF maintains quality: The TIFF image-compression format is revered because it’s lossless—no information is lost during the compression (as opposed to JPEG’s “lossy” compression). TIFF files are larger than comparable JPEGs, but nary a pixel or a shade of lavender is lost when you create, edit or save a TIFF.

With TIFF, you’ll neither have to deal with the extra baggage that accompanies the RAW format (which we’ll get to in a moment) nor worry about JPEGs throwing away some colour information every time you save a photo. For best quality, configure your camera to save shots as TIFF files, and keep saving them that way afterward. Or save pictures on your camera at the best JPEG quality and then, after you edit them on your PC, choose File, Save As and select TIFF. You might lose an almost imperceptible bit of quality with the first JPEG save, but once the file is a TIFF, the quality is locked in.

There is a drawback, however: TIFF files are much larger than JPEGs, and the TIFF format is not as universal as JPEG. You’ll still need to save a copy of the TIFF image as a JPEG if you want to share it via email or to place it on the web.

Photo fanatics love RAW: To wring every last drop of quality out of your photos, use your camera’s RAW mode (if it has one). RAW is lossless, and it offers more colour depth—12 bits of colour per pixel, compared with 8 bits per pixel for JPEG and TIFF. This lets you extract more detail from your photos in such editing programs as Adobe Photoshop and Photoshop Elements. Your camera saves RAW files before any white balance, sharpening or other effects are applied. It’s an unprocessed source file that offers you unlimited creative freedom.

Unfortunately, every camera maker has its own flavour of RAW, and sometimes different models from the same camera vendor vary in their handling of RAW. For example, Nikon calls its RAW files “NEF”, while Canon uses both “CRW” and “CR2” RAW files also require more work on your part. You’ll have to apply white balance, tweak the colours, and perhaps add sharpening to the image. And, since you can’t save your changes to RAW files, you’ll have to keep two copies of your photos—the original RAW version and the edited JPEG or TIFF file. Still, photo fanatics wouldn’t have it any other way.

Try an alternative format: PNG is now the default image-file format for screens captured by Macs, and nearly all browsers can open them. In addition, every photo editing program offers its own proprietary format. Photoshop’s PSD, for instance, is lossless, and it preserves layers, so you can return to an editing project right where you left off. However, such proprietary formats usually can’t be opened outside of the program that created them, so you’ll eventually need to save the files as JPEGs to share them.

Clean Machine. Does one exist?

http://www.infoweek.ca/index.php?page=shop.product_details&flypage=shop.flypage&product_id=2241&option=com_virtuemart&vmcchk=1

by Thomas Claburn

Since Friday, more than half a million Trojan horse programs disguised as media files have been detected on consumer PCs, according to McAfee Avert Labs.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, a McAfee Avert Labs researcher, in an e-mailed statement. “We have never before had a threat this significant that arrives as a media file.”

The Trojan malware, Downloader-UA.h, was added to the McAfee database several days ago. In the past 24 hours, it has been detected by McAfee VirusScan Online on more than 119,000 computers out of almost 436,000 scanned, an infection rate of 27%. Other malware McAfee is tracking exhibits an infection rate in the 1% to 5% range.

The malware does not affect computers running Mac OS X.

The malicious media files appear to be either MP3 audio files or MPEG video files and can be found on file-sharing services like LimeWire and eDonkey. McAfee believes they were placed there by cybercriminals.

When a user tries to play one of the infected media files, he or she is prompted to download a file called PLAY_MP3.exe, Schmugar explained in a blog post. The file does not contain music or video as advertised. Rather, the Trojan program — Downloader-UA.h — presents users with an end-user license agreement. If the user agrees to the terms set forth in the 4,800-word EULA, he or she consents to the installation of NetNucleus’ Mirar Toolbar adware, and the Trojan downloads the adware “FBrowsingAdvisor” and “SurfingEnhancer,” which serve pop-up and pop-under ads.

“In the end you’re left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads,” Schmugar wrote.

In December 2006, NetNucleus threatened to sue security company Sunbelt Software for categorizing its Mirar software as adware. Mirar, the company insisted in a letter, “is a bona fide search tool that collects keywords from Web sites to direct users towards similarly themed sites.” A month later, Sunbelt’s attorney responded, insisting in a letter that Mirar’s designation as adware was accurate.

Web becoming the distribution point for malicious code: Symantec

http://www.echannelline.com/canada/story.cfm?item=DLY040808-1

8-April-2008 
by Vanessa Ho

Volume XIII of Symantec’s Global Internet Security Threat Report (ISTR) reports that the Web has quickly become the attack vector of choice.

Symantec’s Global ISTR provides a six-month update of Internet threat activity and includes analysis of network-based attacks, a review of known vulnerabilities and highlights malicious code activity. It also discusses numerous issues related to online fraud, including phishing and spam.

According to Michael Murphy, vice president and general manager of Symantec Canada, the biggest change in this volume of the report has been attacks to the Web moving from something to watch out for to something that is now is in the realm of reality.

“One of the seismic changes in this threat report is the first real evidence that threats are targeting Web applications almost exclusively while attacks to computers and operating systems has slowly fallen off the screen,” said Murphy.

He added that attacks of today are focused on web applications, Web content and Web sites because that’s where people are hanging out and that’s where data is being collected.

“The ubiquitous nature of the Web and Web applications is why attackers are using it as an attack vector and the expansion of social networking sites are more than ever a conduit attackers are trying to exploit,” Murphy noted.

The report indicated that social networking Web sites have been easy targets for criminals to spoof and because these sites are trusted by users, phishing attacks mimicking them may have a better chance of success.

Murphy indicated that the top four phishing sites that the report observed were social networking sites like MySpace and Facebook.

“The end user is always going to be the weakest link and the attackers are leveraging that because they want to dupe the individual to capture data. If you cull enough data from somebody you can create an identity [that can] be worth a lot of money. The commercialization is what drives the attackers,” he added.

In terms of this underground economy, volume XIII of the ISTR noted that bank accounts were the number one goods and services being sold followed by credit cards and full identities. While Murphy said the pricing of these haven’t changed since the last report, the bulk purchases of bank accounts and the like has.

Another new finding is that attackers are moving away from mainstream developed countries to regions or countries like Peru where security practices, legislation and infrastructure are not well developed.

Other attack trends include Symantec observing an average of 61,840 active bot network computers per day, a 17 per cent increase from the first half of 2007. Canada saw an average of 7,344 active bot infected computers per day. Toronto, Montreal and Calgary were the top bot cities.

Volume XIII also broke out attack trends in terms of malicious activity via ISPs.

Murphy stressed that this doesn’t mean that it’s the ISPs propagating the attacks but their subscribers with IP addresses assigned by them that are the attackers.

But he added that these statistics prove that ISPs can do a better job in educating their customers in the area of security.

“It not about just about offering technology but helping customers understand the challenges facing them and how they can protect themselves beyond anti-virus to include anti-phishing, personal firewall and data loss prevention,” said Murphy.

In terms of vulnerabilities, the Mozilla family of browsers had the highest number of vulnerabilities during this reporting period at 88, a 60 per cent increase over the last report. The window of exposure for these vulnerabilities was three days. While Microsoft showed fewer reported vulnerabilities, its window of exposure was the longest at 11 days.

As well, Symantec documented 239 browser plug-in vulnerabilities in the last six months of 2007 compared to the first six months where browser plug-in vulnerabilities were 237. During the last half of 2007, 79 per cent of those vulnerabilities affected ActiveX components, down from 89 per cent in the first half.

“As much as browsers have become secure, plug-ins have not and patches have not been readily available,” said Murphy.

New in this report is the observation of malicious code trends that noted in the last six months of 2007, seven per cent of the top 50 malicious code samples modified web pages, up three percent from the first half of 2007. In the second half of 2006, none of the top 50 malicious codes samples attempted to modify web pages on compromised computers.

“This is almost a reverse to old school stuff,” said James Quin, senior research analyst with Info-Tech Research Group. “Web site defacement was one of the first types of cyber attacks done just for notoriety and now the same threat is being turned around for monetary gain.”

In the second half of 2007, 40 per cent of malicious code that propagated did so as shared executable files, a significant increase from 14 per cent during the first half of the year.

“Most file sharing is peer-to-peer and SMTP [and are targets] because this is where individuals are most socially engineered,” said Murphy.

While spam has grown 71 per cent from 65 per cent in the previous volume of the report, Murphy noted that spam is becoming less about selling product but more as a conduit for social engineering phishing attacks.

“As long as spam is still lucrative and fast growing, it will still be used,” he added

As for what to watch for in the future, Murphy said there is an increasing trend in the industry to adopt whitelisting.

He explained that whitelisting is list of all applications or things that are good that can get onto a person’s network or computer. Traditionally, blacklisting was used. Blacklisting is a list of all things that are bad that needs to be prevented from entering a network or system.

But now with over a million distinct threats that are out there today, Murphy said it would take a lot of time and effort to maintain a blacklist that long and be portable enough so that a device with enough computing power can hold the list to detect malicious threats.

He added the problem with a whitelist is determining what makes the list but Murphy still believes that whitelisting is the way to go considering how threats are growing.

“Symantec is working on how to best to integrate whitelisting but not at the expense of blacklisting as they have to co-exist together.”

Another trend to watch is the rapid and widespread growth in external storage devices like USB sticks, cellular phones, audio players and cameras that can pose a risk to enterprise data loss.

Growing Crimeware-as-a-Service (CaaS) industry caters to cybercriminals

http://www.connectitnews.com/canada/story.cfm?item=5572

Crimeware-as-a-Service (CaaS) is the latest business model for cybercriminals, according to Finjan Inc.’s Q1 2008 Web Security Trends Report.

The report, which outlined the findings of Finjan’s Malicious Code Research Center, said that criminals have started to use online cybercrime services instead of dealing with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites themselves.

“Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,” said Finjan CTO Yuval Ben-Itzhak.

Operating in parallel with legitimate mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.

During 2007, the MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC showed how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.

“Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions,” Ben-Itzhak said. “Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper ‘product’ localized for it.”

According to Finjan, the next phase in the commercialization process of Crimeware will be creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.

Concludes Ben-Itzhak: “The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities.”

Finjan is a global provider of web security solutions for the enterprise market.

New Threat Report reveals infected websites remain active longer

http://www.connectitnews.com/canada/story.cfm?item=5555

In ScanSafe’s recent Global Threat Report, the web security-as-a-service company revealed that web threats including viruses, Trojans, password stealers and other forms of malware are becoming more prevalent and that compromised websites remain live for a longer period of time than before.

ScanSafe scanned more than 80 billion web requests and blocked 800 million web threats in 2007 on behalf of corporate customers in more than 50 countries across five continents.

ScanSafe’s analysis found a 61 percent increase in malware during the second half of 2007. 21 per cent of all the malware blocked by ScanSafe in 2007 was zero-day malware —new malware for which there is no existing patch or anti-virus signature.

According to Mary Landesman, senior security researcher with ScanSafe, the biggest reason why malware increased by 61 percent was its move to the web.

“The web allows this sort of thing,” said Landesman. “In the past, the web was a one-way medium but Web 2.0 has become widely adopted to make it [more] dynamic with third-party content.”

She added that web applications required to drive this interaction often have vulnerabilities or lack of validation. As well, there are not enough security conscious web developers out there to write more secure code.

In addition to viruses, Trojans, password stealers and other forms of malware becoming more prevalent, ScanSafe noted that an increasing number of legitimate sites are unknowingly hosting malware and compromised sites are remaining infected longer — in some cases more than two months.

The most frequently encountered malware is designed to steal passwords and other sensitive financial information from bank accounts and even online games — putting corporate and personal financial information at greater risk and opening businesses to legal liability and compliance risks.

“Malware is now a criminal business and with any business they are looking for an ROI. If they compromise a legitimate website, they can get millions of potential victims. That’s why the web is a favored medium,” Landesman noted.

ScanSafe also noted that there has been a significant increase in the amount of time a site is delivering malware. In the second half of 2007, malware on infected sites remained live for an average of 29 days, a 62 per cent increase from 18 days during the first half of the year.

Additionally, zero-day threats have an even longer shelf life once they compromise a website. Websites infected with zero-day malware remained live an average of 61 days in the second half of 2007, up 190 per cent from 21 days during the first half of 2007.

“This goes towards the amount of effort these attackers are putting in new threats and points to perhaps the need for signatures to be delivered in a timely fashion,” said Landesman.

The average time to life for all malware blocks over the course of the year was 24 days.

The report also noted that the complex network of advertising providers and advertising affiliates has made it increasingly easier for attackers to surreptitiously insert malicious advertising. One rogue partner and a large number of sites can begin delivering malware, potentially exposing millions. In 2007 several high profile sports sites unwittingly served malicious ads, including the websites for the National Hockey League, Major League Baseball, TheSun.co.uk, MySpace.com and PhotoBucket.com.

Landesman added that it would be difficult to shut down websites that are known to be compromised as there are legal and jurisdiction issues, and some ISPs may not be on board with this.

She stressed that the best protection from compromised websites is for users to do real-time scanning of web traffic as well as keep security patches up-to-date and use traditional solutions like anti-virus.

“There is not enough awareness of the move of threats to the web and not enough awareness that this is another vector that enterprises need to be concerned about more than any of the other traditional malware.”