Word Processing Software

Word Processing Software
Word processing software is one of the more widely used types of application software. Word processing software, sometimes called a word processor, allows users to create and manipulate documents containing mostly text and sometimes graphics . Millions of people use word processing software every day to develop documents such as letters, memos, reports, fax cover sheets, mailing labels, newsletters, and Web pages.
Word processing software has many features to make documents look professional and visually appealing. Some of these features include the capability of changing the shape and size of characters, changing the color of characters, applying special effects such as three-dimensional shadows, and organizing text in newspaper-style columns. When using colors for characters, however, they will print as black or gray unless you have a color printer.
Most word processing software allows users to incorporate in documents many types of graphical images, such as digital pictures and clip art. Clip art is a collection of drawingsphotos, and other images that you can insert in documents, a user inserted an mage of the Statue of Liberty in the document. Word processing software usually includes public-domain images. You can find additional pubic-domain and proprietary images on the Web or purchase them on CD or DVD. With current word processing software, you easily can modify the appearance of an image after inserting it in the document.
 All word processing software provides at least some basic capabilities to help users create and modify documents. Defining the size of the paper on which to print and specifying the margins that is, the portion of the page out-side the main body of text, including the top, the bottom, and both sides of the paper are examples of some of these capabilities. If you *roe text that extends beyond the right page
Margin, the word processing software auwuuu-kafly positions text at the beginning of the next IDE. This feature/ tailed word-wrap, allows users to type words in a paragraph continually with¬out pressing the ENTER key at the end of each line. When you modify paper size or margins, the word processing software automatically www raps text so that it fits in the adjusted paper size and margins. document is displayed in windows.

Take advantage of this incredible deal and see New York City this fall for only $1,250. The five-day visit includes both airfare and lodging.
As you type more lines of text than can be dis¬played on the screen, the top portion of the docu¬ment moves upward, or scrolls, off the screen. Savtling is the process of moving different por¬tions of the document on the screen into view.

What is APPLICATION SOFTWARE?

APPLICATION SOFTWARE

With the proper software, a computer is a valuable tool. Software allows users to create letters, memos, reports, and other documents; design Web pages and diagrams; draw and alter images; record and enhance audio and video clips; prepare and file taxes; play single player or multiplayer games; compose e-mail messages and instant messages; and much more. To accomplish these and many other tasks, users work with application software. •Application software consists of programs designed to make users more productive and/or assist them with personal tasks. Software listed in one category may be used in other cate¬gories. For example, desktop publishing pro¬grams, which are categorized as graphics and multimedia software, often are used for busi¬ness or personal reasons.
Application software is available in a variety of forms: packaged, custom, Web-based, open source, shareware, freeware, and public domain.
•Packaged software is mass-produced,
copyrighted retail software that meets the
needs of a wide variety of users, not just a
single user or company. Microsoft Office 2007
and Adobe Photoshop are examples of
packaged software. Packaged software is
available in retail stores or on the Web.

•Custom software performs functionsSTVrifir a hnsineee or irnJucH-v Crtnrol a company cannot find packaged software
that meets its unique requirements. In this
case, tne company may use programmers to
develop tailor-made custom software, which usually costs more than packaged software.
• Web-based software refers to programs hosted
by a Web site. Users access and interact with
Web-based software from any computer or
device that is connected to the Internet. Many
Web sites provide free access to their programs;
some charge a fee. Types of Web-based soft¬
ware include e-mail, word processing, tax
preparation, and game programs. Web-based
programs are discussed in more depth later
in the chapter.
• Open source software is software provided
for use, modification, and redistribution. This
software has no restrictions from the copyright
holder regarding modification of the software's
internal instructions and its redistribution.
Open source software usually can be down¬
loaded from the Internet, often at no cost.
• Shareware is copyrighted software that is
distributed at no cost for a trial period. To
you send payment to the program developer. Shareware developers trust users to send
payment if software use extends beyond me stated trial period. In some cases, a scaled-down version of the software is distributed free, and payment entitles the user to the fully functional product.
• Freeware is copyrighted software provided at
no cost by an individual or a company that
retains all rights to the software. Thus,
programmers typically cannot incorporate
freeware in applications they intend to sell.
The word, free, in freeware indicates the
software has no charge.
•Public-domain software has been donated
for public use and has no copyright restrictions. Anyone can copy or distribute public-domain software to others at no cost.
Thousands of shareware, freeware, and public-domain programs are available on the Internet for users to download. Examples include communications programs, graphics programs, and games. These programs usually have fewer capabilities than retail programs.
After you purchase or download software, you install it. During installation, the program may ask you to register and/or activate the software. Registering the software is optional and usually involves submitting your name and other personal information to the software manufacturer or devel¬oper. Registering the software often entitles you to product support. Product activation is a technique mat some software manufacturers use to ensure the software is not installed on more computersthan legally licensed. Usually, the software does not function or has limited functionality until you acti-vate it via the Internet or telephone. Thus, activation is a required process for programs requesting it. Registering and/or activating the software also usually entitles you to free program updates for a specified time period, such as a year.

Picture Yourself Using Software

This is a busy semester for you. Besides a full load of classes, you have joined your school's Hospitality Club. In addition, your brother has enlisted you to help plan your grand-Retouching some of their old photos and tracking the party’s budget. You plan to use software on your notebook computer and smart phone to assist with these tasks.Before geography class, you check e-mail on your notebook computer. You have a message from a fellow club member asking if you have finished the flyer for the Hospitality Club's upcoming dance, along with a reminder for tomorrow's meeting. Using word proces­sing software, you put the finishing touches on the flyer and then respond to the e-mail message, including the flyer as an attachment. You enter the meeting date in your appointment calendar in your smart phone, send a text message to a friend, and then return to your notebook computer. You then use your photo editing software to finish retouching your grandparents' wedding photo. Next, you use personal finance software to enter the latest figures for your grandparents' party. Deciding you have worked enough today, you spend some time using computer software to fly an airplane.

Installing and Running Programs

Installing and Running Programs
The instructions in a program are stored on torage media such as a hard disk or compact iisc. When purchasing software from a com-mter store, you typically receive a box that rtcludes a CD(s) or DVD(s) that contains the Program. If you purchase software from a Web site on the Internet, you download the program; that is, the program is transferred from the Web site to the hard disk in your computer.
Installing is the process of setting up soft-ware to work with the computer, printer, and other hardware components. When you buy a computer, it usually has some software pre-installed on its hard disk. This enables you to use the computer the first time you turn it on. To begin installing additional software from a CD or DVD, insert the program disc in a CD or DVD drive and follow the instructions to begin installation. When you download a purchased program, the Web site typically provides instructions for how to install the software on your hard disk.
Once software is installed, you can run it. When you instruct the computer to run an installed program, the computer loads it, which means the program is copied from storage to memory. Once in memory, the computer can carry out, or execute, the instructions in the program so that you can use the program.illustrates the steps that occur when a user installs and runs a program that assists students with homework.

COMPUTER SOFTWARE AND THEIR TYPES

COMPUTER SOFTWARE

Software, also called a program, consists of a series of instructions that tells the computer what to do and how to do it.

You interact with a program through its user interface. The user interface controls how you enter data and instructions and how information m displayed on the screen. Software today often has a graphical user interface.

Srstra Software

System software consists of the programs that con¬trol or maintain the opera¬tions of the computer and its devices. System software serves as the interface between the user, the appli¬cation software, and the computer's hardware. Two types of system software are the operating system and utility programs.

UTILITY PROGRAM 

 A utility program allows a user to perform maintenance-type tasks usually related to managing a computer, its devices, or its programs. For example, you can use a utility program to transfer digital photos to a CD or DVD. Most operating sys¬tems include several utility programs for managing disk drives, printers, and other devices and media. You also can buy utility programs that allow you to perform additional computer management functions.

Application Software

Application software consists of programs designed to make users more productive and/or assist them with personal tasks. A widely used type of application software related to communications is a Web browser, which allows users with an Internet connection to access and view Web pages. Other popular application software includes word processing software, spreadsheet software, database software, and presentation graphics software.

Many other types of application software exist that enable users to perform a variety of tasks. These include personal information management, note taking, project management,

How To download computer drivers?

When I bought my new laptop, there are several things made me happy and there are certain things that made me exhausted. What were they? Well, the first thing I was happy since I could buy a laptop with my own money. I bought it with the money I earned via blogging and internet trading so I was proud to share this little story for you. I was also happy because now I have a 4GB of Ram in my own laptop! It works so fast and there no lag every time I do multi tasking (doing multiple activities on one computer at a time).

But, what makes me exhausted? Well, the only thing that made me exhausted with is about the missing drivers. I was unable to find the windows drivers which are needed if I want to play something like music, videos or other multimedia stuffs. There are several missing drivers that I needed likesound drivers, printer drivers and also Ethernet drivers. When I didn’t have those drivers it means that I couldn’t do anything on my laptop. Although I could download those computer drivers on the internet, it still wasted my energy. You don’t have to search on search engine to find compatible computer drivers, just visit driveraccess.com and you’ll any drivers you need.

How To download computer drivers?

When I bought my new laptop, there are several things made me happy and there are certain things that made me exhausted. What were they? Well, the first thing I was happy since I could buy a laptop with my own money. I bought it with the money I earned via blogging and internet trading so I was proud to share this little story for you. I was also happy because now I have a 4GB of Ram in my own laptop! It works so fast and there no lag every time I do multi tasking (doing multiple activities on one computer at a time).

But, what makes me exhausted? Well, the only thing that made me exhausted with is about the missing drivers. I was unable to find the windows drivers which are needed if I want to play something like music, videos or other multimedia stuffs. There are several missing drivers that I needed likesound drivers, printer drivers and also Ethernet drivers. When I didn’t have those drivers it means that I couldn’t do anything on my laptop. Although I could download those computer drivers on the internet, it still wasted my energy. You don’t have to search on search engine to find compatible computer drivers, just visit driveraccess.com and you’ll any drivers you need.

Introduction Of TCP Optimizer And Internet Explorer Optimization

Introduction

The TCP Optimizer is a program designed to provide an easy, intuitive interface for tuning TCP and IP related parameters in the Windows Registry. It takes into account all related RFCs, the Microsoft TCP/IP implementation oddities, verifies all Registry locations for the same TCP/IP parameters (ICS Sharing, AOL protocol MTU, etc), only ads the necessary Registry parameters, and overall aids in making the whole "tweaking for speed" experience a breeze. It is downloadable from here: SG TCP Optimizer.

In the following chapters, you will find short descriptions of all the settings and all aspects of the functionality of the TCP Optimizer. In addition to this documentation, you can also check the TCP Optimizer FAQ, as well as the SG Tweaking forum. We'd also appreciate any feedback about the program, please contact the webmaster or post in our forums with any suggestions for additions or changes to either the program or this documentation.

 Using the program

If you do not feel like reading the entire documentation below, or you simply need the tweaks NOW, without spending time in learning the meaning of all those settings, you can use the Optimizer by following these short instructions:

- Choose your maximum Connection Speed from the slider bar (the maximum available bandwidth, in kilobits per second)

- Choose your Network Interface, or check to Modify All Network Adapters

- Pick "Optimal settings" from the radio-buttons near the bottom of the program

- Click on the "Apply changes" button and reboot

The Optimizer can do all the rest for you (including a backup of the current registry settings, so you can revert the changes if you wish). The new version of the program includes a preview of all changes after hitting the "Apply changes" button and before actually editing the Windows Registry.

You can also use the Optimizer to easily apply custom values, test with different settings, and learn a bit more about tweaking and TCP/IP in general. We strongly recommend getting familiar with the settings, and learning what aspects of your connection they affect first. Also, note that some of the program tabs (Largest MTU, BDP, Latency) can be used as a learning tool without making any changes to the Windows Registry.

The 3 radio buttons at the bottom of the program show the relevant "Current settings" as set in the Windows Registry, the Optimizer recommended "Optimal settings", or allow for "Custom settings" for the more advanced user to test with different values.

Note: You should be logged in with an account with administrative privileges to be able to write to some of the Registry keys and use the program to its full potential.

 Network Adapter selection - you should have a list of all present network interfaces in the system. When you select an adapter, using this pull-down menu, its IP address will be shown in the lower-right of this section. Note you can also choose to modify all network adapters at the same time, or tweak without modifying any of their settings.

You also have the option to type a a custom MTU value (that will be used to recommend RWIN). Generally, MTU can safely be set at 1500, however some types of connections, and some routers use smaller values. It is only necessary to edit the MTU value in such special cases. For example, the maximum MTU value for Windows XP PPPoE encapsulation is 1480 (even though other PPPoE implementations can use as high as 1492).

Note: In some rare cases, it is possible that your desired network device is not correctly identified by the Optimizer. That does not affect the program performance much, and you should simply choose "Modify All Network Adapters" in such cases. We'd also appreciate you contacting us with the exact device, so we can improve the program.

Advanced Settings 

This tab contains additional tweaks, that have a smaller, but still noticeable effect on TCP/IP performance. Generally, the tweaks on this page are not directly related to throughput. Some of the tweaks in this section of the Optimizer might be related only to specific aspects of networking, such as Web, or LAN browsing, hostname resolution speed, etc.

Internet Explorer Optimization

By default, the HTTP 1.1 specs allow for only 2 concurrent connections to a Web server. That means, while downloading a web page you can only get 2 files at a time. Note that a single page usually includes tens (sometimes hundreds) of images, each initiating a separate request to the server. Increasing the default to ~10 can provide a considerable visible boost in web page loading time, especially for broadband internet connections. There are two parameters in this section, MaxConnectionsPerServer, and MaxConnectionsPer1_0Server, corresponding to HTTP 1.1 and 1.0, respectively. We recommend setting both to the same number, between 4 and 10.

Host Resolution Priority 

This section improves DNS and hostname resolution in general. It helps web pages load faster, and has negligible effect on downloads. For more information on what/how this tweak operates, check our Host Resolution Priority Tweak article. We recommend using the Optimal values (5,6,7,8).

Introduction Of TCP Optimizer And Internet Explorer Optimization

Introduction

The TCP Optimizer is a program designed to provide an easy, intuitive interface for tuning TCP and IP related parameters in the Windows Registry. It takes into account all related RFCs, the Microsoft TCP/IP implementation oddities, verifies all Registry locations for the same TCP/IP parameters (ICS Sharing, AOL protocol MTU, etc), only ads the necessary Registry parameters, and overall aids in making the whole "tweaking for speed" experience a breeze. It is downloadable from here: SG TCP Optimizer.

In the following chapters, you will find short descriptions of all the settings and all aspects of the functionality of the TCP Optimizer. In addition to this documentation, you can also check the TCP Optimizer FAQ, as well as the SG Tweaking forum. We'd also appreciate any feedback about the program, please contact the webmaster or post in our forums with any suggestions for additions or changes to either the program or this documentation.

 Using the program

If you do not feel like reading the entire documentation below, or you simply need the tweaks NOW, without spending time in learning the meaning of all those settings, you can use the Optimizer by following these short instructions:

- Choose your maximum Connection Speed from the slider bar (the maximum available bandwidth, in kilobits per second)

- Choose your Network Interface, or check to Modify All Network Adapters

- Pick "Optimal settings" from the radio-buttons near the bottom of the program

- Click on the "Apply changes" button and reboot

The Optimizer can do all the rest for you (including a backup of the current registry settings, so you can revert the changes if you wish). The new version of the program includes a preview of all changes after hitting the "Apply changes" button and before actually editing the Windows Registry.

You can also use the Optimizer to easily apply custom values, test with different settings, and learn a bit more about tweaking and TCP/IP in general. We strongly recommend getting familiar with the settings, and learning what aspects of your connection they affect first. Also, note that some of the program tabs (Largest MTU, BDP, Latency) can be used as a learning tool without making any changes to the Windows Registry.

The 3 radio buttons at the bottom of the program show the relevant "Current settings" as set in the Windows Registry, the Optimizer recommended "Optimal settings", or allow for "Custom settings" for the more advanced user to test with different values.

Note: You should be logged in with an account with administrative privileges to be able to write to some of the Registry keys and use the program to its full potential.

 Network Adapter selection - you should have a list of all present network interfaces in the system. When you select an adapter, using this pull-down menu, its IP address will be shown in the lower-right of this section. Note you can also choose to modify all network adapters at the same time, or tweak without modifying any of their settings.

You also have the option to type a a custom MTU value (that will be used to recommend RWIN). Generally, MTU can safely be set at 1500, however some types of connections, and some routers use smaller values. It is only necessary to edit the MTU value in such special cases. For example, the maximum MTU value for Windows XP PPPoE encapsulation is 1480 (even though other PPPoE implementations can use as high as 1492).

Note: In some rare cases, it is possible that your desired network device is not correctly identified by the Optimizer. That does not affect the program performance much, and you should simply choose "Modify All Network Adapters" in such cases. We'd also appreciate you contacting us with the exact device, so we can improve the program.

Advanced Settings 

This tab contains additional tweaks, that have a smaller, but still noticeable effect on TCP/IP performance. Generally, the tweaks on this page are not directly related to throughput. Some of the tweaks in this section of the Optimizer might be related only to specific aspects of networking, such as Web, or LAN browsing, hostname resolution speed, etc.

Internet Explorer Optimization

By default, the HTTP 1.1 specs allow for only 2 concurrent connections to a Web server. That means, while downloading a web page you can only get 2 files at a time. Note that a single page usually includes tens (sometimes hundreds) of images, each initiating a separate request to the server. Increasing the default to ~10 can provide a considerable visible boost in web page loading time, especially for broadband internet connections. There are two parameters in this section, MaxConnectionsPerServer, and MaxConnectionsPer1_0Server, corresponding to HTTP 1.1 and 1.0, respectively. We recommend setting both to the same number, between 4 and 10.

Host Resolution Priority 

This section improves DNS and hostname resolution in general. It helps web pages load faster, and has negligible effect on downloads. For more information on what/how this tweak operates, check our Host Resolution Priority Tweak article. We recommend using the Optimal values (5,6,7,8).

Structured Query Language (SQL) Helper

The Structured Query Language (SQL) forms the backbone of most modern database systems. These links provide the best resources on the Net for neophytes and expert database administrators alike!

Counting Values in a Database Table with the SQL COUNT Function

The COUNT() function in SQL allows you to count database records based upon a variety of criteria. You can use it to count all records in a table, count unique values in a column or count the number of times records occur that meet certain criteria. This tutorial takes a brief look at each of these scenarios.

Combining Query Results with the UNION Command

SQL’s UNION command allows you to combine the results of two or more database queries that are not necessarily linked through a database relationship. For example, imagine that you have a school database and wish to use it to create a master contact list for all students, faculty and staff. Looking at your database, you discover that the records corresponding to each of these constituencies appears in separate database tables.

Structured Query Language (SQL) Helper

The Structured Query Language (SQL) forms the backbone of most modern database systems. These links provide the best resources on the Net for neophytes and expert database administrators alike!

Counting Values in a Database Table with the SQL COUNT Function

The COUNT() function in SQL allows you to count database records based upon a variety of criteria. You can use it to count all records in a table, count unique values in a column or count the number of times records occur that meet certain criteria. This tutorial takes a brief look at each of these scenarios.

Combining Query Results with the UNION Command

SQL’s UNION command allows you to combine the results of two or more database queries that are not necessarily linked through a database relationship. For example, imagine that you have a school database and wish to use it to create a master contact list for all students, faculty and staff. Looking at your database, you discover that the records corresponding to each of these constituencies appears in separate database tables.

Built a secure software

This article is taken from US-CERT

External faults that threaten the software’s dependable operation are seen as a security issue when (1) the faults result from malicious intent or (2) the faults, regardless of their cause, make the software vulnerable to threats to its security. According to Bruce Schneier in Beyond Fear [Schneier 06], “Security is about preventing adverse consequences from the intentional and unwarranted actions of others.”

Enhancing the Development Life Cycle to Produce Secure Software [DHS/DACS 08] defines secure software as follows:

To be considered secure, software must exhibit three properties:

1. Dependability: Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host.
2. Trustworthiness: Trustworthy software contains few if any vulnerabilities or weaknesses that can be intentionally exploited to subvert or sabotage the software’s dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner.
3. Survivability (also referred to as “Resilience”): Survivable—or resilient—software is software that is resilient enough to (1) either resist (i.e., protect itself against) or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible, and (2) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate.
   

The objective of secure software development is to design, implement, configure, and sustain software systems in which security is a necessary property from the beginning of the system’s life cycle (i.e., needs and requirements definition) to its end (retirement). Experience has taught that the most effective way to achieve secure software is for its development life cycle processes to rigorously conform to secure development, deployment, and sustainment principles and practices. Organizations that have adopted a secure software development life cycle (SDLC) process have found almost immediately upon doing so that they have begun finding many more vulnerabilities and weaknesses in their software early enough in the SDLC that they are able to eradicate those problems at an acceptable cost. Moreover, as such secure practices become second nature over time, these same developers start to notice that they seldom introduce such vulnerabilities and weaknesses into their software in the first place.

This article is taken from US-CERT you can read more from

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Built a secure software

This article is taken from US-CERT

External faults that threaten the software’s dependable operation are seen as a security issue when (1) the faults result from malicious intent or (2) the faults, regardless of their cause, make the software vulnerable to threats to its security. According to Bruce Schneier in Beyond Fear [Schneier 06], “Security is about preventing adverse consequences from the intentional and unwarranted actions of others.”

Enhancing the Development Life Cycle to Produce Secure Software [DHS/DACS 08] defines secure software as follows:

To be considered secure, software must exhibit three properties:

1. Dependability: Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host.
2. Trustworthiness: Trustworthy software contains few if any vulnerabilities or weaknesses that can be intentionally exploited to subvert or sabotage the software’s dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner.
3. Survivability (also referred to as “Resilience”): Survivable—or resilient—software is software that is resilient enough to (1) either resist (i.e., protect itself against) or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible, and (2) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate.
   

The objective of secure software development is to design, implement, configure, and sustain software systems in which security is a necessary property from the beginning of the system’s life cycle (i.e., needs and requirements definition) to its end (retirement). Experience has taught that the most effective way to achieve secure software is for its development life cycle processes to rigorously conform to secure development, deployment, and sustainment principles and practices. Organizations that have adopted a secure software development life cycle (SDLC) process have found almost immediately upon doing so that they have begun finding many more vulnerabilities and weaknesses in their software early enough in the SDLC that they are able to eradicate those problems at an acceptable cost. Moreover, as such secure practices become second nature over time, these same developers start to notice that they seldom introduce such vulnerabilities and weaknesses into their software in the first place.

This article is taken from US-CERT you can read more from

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Software Life Cycle Security Guide

This article is taken from US-CERT

“Security enhancement” of the SDLC process mainly involves the adaptation or augmentation of existing SDLC activities, practices, and checkpoints, and in a few instances, it may also entail the addition of new activities, practices, or checkpoints. In a very few instances, it may also require the elimination or wholesale replacement of certain activities or practices that are known to obstruct the ability to produce secure software.

The key elements of a secure software life cycle process are

• security criteria in all software life cycle checkpoints (both at the entry of a life cycle phase and at its exit)
• adherence to secure software principles and practices
• adequate requirements, architecture, and design
• secure coding practices
• secure software integration/assembly practices
• security testing practices that focus on verifying the dependability, trustworthiness, and sustainability of the software being tested
• secure distribution and deployment practices and mechanisms
• secure sustainment practices
• supportive tools
• secure software configuration management systems and processes
• security-knowledgeable software professionals
• security-aware project management
• upper management commitment to production of secure software
  

Organizations can insert secure development practices into their software life cycle process either by adopting a codified secure software development methodology, such as those discussed in Section 3.6 of Enhancing the Development Life Cycle to Produce Secure Software [DHS/DACS 08], and the SDLC Process content area of Build Security In, or through the evolutionary security enhancement of their current practices, as described in Sections 4-10 of Enhancing the Development Life Cycle to Produce Secure Software and in the Best Practices and Knowledge sections of Build Security In.

These, as well as the other Best Practices, Knowledge, and Tools articles on Build Security In support organizations in making progress toward achieving these goals. Those responsible for ensuring that software and systems meet their security requirements throughout the development life cycle should review, select, and tailor BSI guidance as part of normal project management activities. Additional Resources on BSI and the references below provide additional, experience-based practices and lessons learned that development organizations need to consider.

This article is taken from US-CERT you can read more from

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Software Life Cycle Security Guide

This article is taken from US-CERT

“Security enhancement” of the SDLC process mainly involves the adaptation or augmentation of existing SDLC activities, practices, and checkpoints, and in a few instances, it may also entail the addition of new activities, practices, or checkpoints. In a very few instances, it may also require the elimination or wholesale replacement of certain activities or practices that are known to obstruct the ability to produce secure software.

The key elements of a secure software life cycle process are

• security criteria in all software life cycle checkpoints (both at the entry of a life cycle phase and at its exit)
• adherence to secure software principles and practices
• adequate requirements, architecture, and design
• secure coding practices
• secure software integration/assembly practices
• security testing practices that focus on verifying the dependability, trustworthiness, and sustainability of the software being tested
• secure distribution and deployment practices and mechanisms
• secure sustainment practices
• supportive tools
• secure software configuration management systems and processes
• security-knowledgeable software professionals
• security-aware project management
• upper management commitment to production of secure software
  

Organizations can insert secure development practices into their software life cycle process either by adopting a codified secure software development methodology, such as those discussed in Section 3.6 of Enhancing the Development Life Cycle to Produce Secure Software [DHS/DACS 08], and the SDLC Process content area of Build Security In, or through the evolutionary security enhancement of their current practices, as described in Sections 4-10 of Enhancing the Development Life Cycle to Produce Secure Software and in the Best Practices and Knowledge sections of Build Security In.

These, as well as the other Best Practices, Knowledge, and Tools articles on Build Security In support organizations in making progress toward achieving these goals. Those responsible for ensuring that software and systems meet their security requirements throughout the development life cycle should review, select, and tailor BSI guidance as part of normal project management activities. Additional Resources on BSI and the references below provide additional, experience-based practices and lessons learned that development organizations need to consider.

This article is taken from US-CERT you can read more from

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Secure Software Developement.

This Article is taken from US-CENT

The following principles should guide the development of secure software, including all decisions made in producing the artifacts at every phase of the software life cycle.

Minimize the number of high-consequence targets. 

The software should contain as few high-consequence targets (critical and trusted components) as possible. High-consequence targets are those that represent the greatest potential loss if the software is compromised and therefore require the most protection from attack. Critical and trusted components are high-consequence because of the magnitude of impact if they are compromised. (This principle contributes to trustworthiness and, by its implied contribution to smallness and simplicity, also to dependability.)

Don’t expose vulnerable and high-consequence components. 

The critical and trusted components the software contains should not be exposed to attack. In addition, known vulnerable components should also be protected from exposure because they can be compromised with little attacker expertise or expenditure of effort and resources. (This principle contributes to trustworthiness.)

Deny attackers the means to compromise.

The software should not provide the attacker with the means by which to compromise it. Such “means” include exploitable weaknesses and vulnerabilities, dormant code, backdoors, etc. Also, provide the ability to minimize damage, recover, and reconstitute the software as quickly as possible following a compromising (or potentially compromising) event to prevent greater compromise. In practical terms, this will require building in the means to monitor, record, and react to how the software behaves and what inputs it receives. (This principle contributes to dependability, trustworthiness, and resilience.)

Always assume “the impossible” will happen. 

Events that seem to be impossible rarely are. They are often based on an expectation that something in a particular environment is highly unlikely to exist or to happen. If the environment changes or the software is installed in a new environment, those events may become quite likely. The use cases and scenarios defined for the software should take the broadest possible view of what is possible. The software should be designed to guard against both likely and unlikely events.

Developers should make an effort to recognize assumptions they are not initially conscious of having made and should determine the extent to which the “impossibilities” associated with those assumptions can be handled by the software. Specifically, developers should always assume that their software will be attacked, regardless of what environment it may operate in. This includes acknowledgement that environment-level security measures such as access controls and firewalls, being composed mainly of software themselves (and thus equally likely to harbor vulnerabilities and weaknesses), can and will be breached at some point, and so cannot be relied on as the sole means of protecting software from attack.

Developers who recognize the constant potential for their software to be attacked will be motivated to program defensively, so that software will operate dependably not only under “normal” conditions but under anomalous and hostile conditions as well. Related to this principle are two additional principles about developer assumptions.

1. Never make blind assumptions. Validate every assumption made by the software or about the software beforeacting on that assumption.
2. Security software is not the same as secure software. Just because software performs information security-related functions does not mean the software itself is secure. Software that performs security functions is just as likely to contain flaws and bugs as other software. However, because security functions are high-consequence, the compromise or intentional failure of such software has a significantly higher potential impact than the compromise or failure of other software.

This Article is taken from US-CENT You Can Read More From

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Secure Software Developement.

This Article is taken from US-CENT

The following principles should guide the development of secure software, including all decisions made in producing the artifacts at every phase of the software life cycle.

Minimize the number of high-consequence targets. 

The software should contain as few high-consequence targets (critical and trusted components) as possible. High-consequence targets are those that represent the greatest potential loss if the software is compromised and therefore require the most protection from attack. Critical and trusted components are high-consequence because of the magnitude of impact if they are compromised. (This principle contributes to trustworthiness and, by its implied contribution to smallness and simplicity, also to dependability.)

Don’t expose vulnerable and high-consequence components. 

The critical and trusted components the software contains should not be exposed to attack. In addition, known vulnerable components should also be protected from exposure because they can be compromised with little attacker expertise or expenditure of effort and resources. (This principle contributes to trustworthiness.)

Deny attackers the means to compromise.

The software should not provide the attacker with the means by which to compromise it. Such “means” include exploitable weaknesses and vulnerabilities, dormant code, backdoors, etc. Also, provide the ability to minimize damage, recover, and reconstitute the software as quickly as possible following a compromising (or potentially compromising) event to prevent greater compromise. In practical terms, this will require building in the means to monitor, record, and react to how the software behaves and what inputs it receives. (This principle contributes to dependability, trustworthiness, and resilience.)

Always assume “the impossible” will happen. 

Events that seem to be impossible rarely are. They are often based on an expectation that something in a particular environment is highly unlikely to exist or to happen. If the environment changes or the software is installed in a new environment, those events may become quite likely. The use cases and scenarios defined for the software should take the broadest possible view of what is possible. The software should be designed to guard against both likely and unlikely events.

Developers should make an effort to recognize assumptions they are not initially conscious of having made and should determine the extent to which the “impossibilities” associated with those assumptions can be handled by the software. Specifically, developers should always assume that their software will be attacked, regardless of what environment it may operate in. This includes acknowledgement that environment-level security measures such as access controls and firewalls, being composed mainly of software themselves (and thus equally likely to harbor vulnerabilities and weaknesses), can and will be breached at some point, and so cannot be relied on as the sole means of protecting software from attack.

Developers who recognize the constant potential for their software to be attacked will be motivated to program defensively, so that software will operate dependably not only under “normal” conditions but under anomalous and hostile conditions as well. Related to this principle are two additional principles about developer assumptions.

1. Never make blind assumptions. Validate every assumption made by the software or about the software beforeacting on that assumption.
2. Security software is not the same as secure software. Just because software performs information security-related functions does not mean the software itself is secure. Software that performs security functions is just as likely to contain flaws and bugs as other software. However, because security functions are high-consequence, the compromise or intentional failure of such software has a significantly higher potential impact than the compromise or failure of other software.

This Article is taken from US-CENT You Can Read More From

https://buildsecurityin.us-cert.gov/bsi/547-BSI.html

Software Security Guide

The main objective of software assurance is to ensure that the processes, procedures, and products used to produce and sustain the software conform to all requirements and standards specified to govern those processes, procedures, and products. Software security and secure software are often discussed in the context of software assurance. Software assurance in its broader sense refers to the assurance of any required property of software. For software practitioners at the National Aeronautics and Space Administration (NASA), software assurance refers to the assurance of safety as a property of software. Similarly, in other communities, software assurance may refer to assurance of reliability or quality. In the context of this article, software assurance is concerned with assuring the security of software.

An increasingly agreed-upon approach for assuring the security of software is the software security assurance case, which is intended to provide justifiable confidence that the software under consideration (1) is free of vulnerabilities; (2) functions in the “intended manner,” and this “intended manner” does not compromise the security or any other required properties of the software, its environment, or the information it handles; and (3) can be trusted to continue operating dependably under all anticipated circumstances, including anomalous and hostile environmental and utilization circumstances—which means that those who build the software need to anticipate such circumstances and design and implement the software to be able to handle them gracefully. Such circumstances include

• the presence of unintentional faults in the software and its environment
• the exposure of the operational software to accidental events that threaten its security
• the exposure of the software to intentional choices or actions that threaten its security during its development, deployment, operation, or sustainment
  

Software is more likely to be assurably secure when security is a key factor in the following aspects of its development and deployment:

• development principles and practices: The practices used to develop the software and the principles that governed its development are expressly intended to encourage and support the consideration and evaluation of security in every phase of the software’s development life cycle. Some secure development principles and practices for software are suggested later in this article.
• development tools: The programming language(s), libraries, and development tools used to design and implement the software are evaluated and selected for their ability to avoid security vulnerabilities and to support secure development practices and principles.
• testing practices and tools: The software is expressly tested to verify its security, using tools that assist in such testing.
• acquired components: Commercial off-the-shelf (COTS) and OSS components are evaluated to determine whether they contain vulnerabilities, and if so whether the vulnerabilities can be remediated through integration to minimize the risk they pose to the software system.
• deployment configuration: The installation configuration of the software minimizes the exposure of any residual vulnerabilities it contains.
• execution environment: Protections are provided by the execution environment that can be leveraged to protect the higher level software that operates in that environment.
• practitioner knowledge: The software’s analysts, designers, developers, testers, and maintainers are provided with the necessary information (e.g., through training and education) to give them sufficient security awareness and knowledge to understand, appreciate, and effectively adopt the principles and practices that will enable them to produce secure software.

Software Security Guide

The main objective of software assurance is to ensure that the processes, procedures, and products used to produce and sustain the software conform to all requirements and standards specified to govern those processes, procedures, and products. Software security and secure software are often discussed in the context of software assurance. Software assurance in its broader sense refers to the assurance of any required property of software. For software practitioners at the National Aeronautics and Space Administration (NASA), software assurance refers to the assurance of safety as a property of software. Similarly, in other communities, software assurance may refer to assurance of reliability or quality. In the context of this article, software assurance is concerned with assuring the security of software.

An increasingly agreed-upon approach for assuring the security of software is the software security assurance case, which is intended to provide justifiable confidence that the software under consideration (1) is free of vulnerabilities; (2) functions in the “intended manner,” and this “intended manner” does not compromise the security or any other required properties of the software, its environment, or the information it handles; and (3) can be trusted to continue operating dependably under all anticipated circumstances, including anomalous and hostile environmental and utilization circumstances—which means that those who build the software need to anticipate such circumstances and design and implement the software to be able to handle them gracefully. Such circumstances include

• the presence of unintentional faults in the software and its environment
• the exposure of the operational software to accidental events that threaten its security
• the exposure of the software to intentional choices or actions that threaten its security during its development, deployment, operation, or sustainment
  

Software is more likely to be assurably secure when security is a key factor in the following aspects of its development and deployment:

• development principles and practices: The practices used to develop the software and the principles that governed its development are expressly intended to encourage and support the consideration and evaluation of security in every phase of the software’s development life cycle. Some secure development principles and practices for software are suggested later in this article.
• development tools: The programming language(s), libraries, and development tools used to design and implement the software are evaluated and selected for their ability to avoid security vulnerabilities and to support secure development practices and principles.
• testing practices and tools: The software is expressly tested to verify its security, using tools that assist in such testing.
• acquired components: Commercial off-the-shelf (COTS) and OSS components are evaluated to determine whether they contain vulnerabilities, and if so whether the vulnerabilities can be remediated through integration to minimize the risk they pose to the software system.
• deployment configuration: The installation configuration of the software minimizes the exposure of any residual vulnerabilities it contains.
• execution environment: Protections are provided by the execution environment that can be leveraged to protect the higher level software that operates in that environment.
• practitioner knowledge: The software’s analysts, designers, developers, testers, and maintainers are provided with the necessary information (e.g., through training and education) to give them sufficient security awareness and knowledge to understand, appreciate, and effectively adopt the principles and practices that will enable them to produce secure software.

Get 100% Free Top 10 Internet Security Software Programs Review

Top 10 Internet Security Software Programs

Internet Security is something, which is known to most, understood by many, but actually cared and understood by very few computer users. The Internet Security threats are evolving by each passing day. Online Threat definitions and signatures change not by days, but several times in a day. In such situations, you need to have a comprehensive Internet Security to protect yourself from any kind on online security threat.

Gone are the days, when you used to rely on a stand alone anti-virus software and it was understood to be enough for protecting you against most Internet Security threats. Now you need an all-round security, and so, the concept of Internet Security Suites has evolved.

These Internet Security Software provide you an all-round protection from Viruses, Spyware, Adware, Trojans, Phishing attempts, Browser Hijackers, Wireless Network attacks, Browser vulnerabilities, and everything else. We have compiled a list of the Top 10 Internet Security Software at present.

Please understand that this list claims by no means to be complete and accurate from all perspectives. A review of a software is always a subjective matter. A feature, which appeals us, may not be liked by somebody else. This list is as per what we observed and tested.

PC Tools Internet Security: All-in-one security suite featuring the award-winning anti-spyware (Spyware Doctor), anti-virus, firewall and spam protection. PC Tools Internet Security Suite offers powerful anti-spyware, anti-virus, firewall and spam protection in one application. Detects, removes and blocks all types of spyware, adware, viruses, Trojans, worms, keyloggers and other online threats. A complete package.

Norton Internet Security 2009: This product is from Symantec, the world leader in online security. They are known for producing quality security software that has protected computers and families for years. Norton Internet Security is packed with an award-winning antispyware and antivirus features into an attractive, user-friendly interface. This is a great option for someone who wants maximum security with little hassle.

CA Internet Security: CA Internet Security Suite Plus provides comprehensive protection against Internet threats that can jeopardize your privacy and diminish PC performance. It also helps ensure your important files, photos, music, and PC settings are safe, by letting you easily back them up, restore them, or transfer them to a new PC.

Bit Defender Total Security 2009: BitDefender Total Security 2009 is a great too at protecting your PC against viruses, spyware and other web threats that can infiltrate your computer. BitDefender is easy to use for the novice when run on the default configuration, but it can sometimes be difficult to configure when it comes to any advanced functionality or custom configurations.

Panda Internet Security 2009: Panda Internet Security 2009 is a security suite that lets you use the Internet w ith complete peace of mind. It protects you from viruses, spyware, rootkits, hackers, online fraud, identity theft and all other Internet threats. The anti-spam engine will keep your inbox free from junk mail while the Parental Control feature ensures your children can use the Web safely. And thanks to the new Collective Intelligence technology, the solution is now much faster than previous versions.

Kaspersky Internet Security 2009: Complete Protection for your PC. The all-in-one security solution that offers a worry-free computing environment for you and your family. Kaspersky Internet Security 2009 has everything you need for a safe and secure Internet experience.

Zone Alarm Internet Security: ZoneAlarm pioneered the personal computer firewall used by over 60 million people worldwide, and their parent company, Check Point Software, invented the enterprise firewall used by every member of the Fortune 100. They know how to keep the bad guys out. Lots of programs can remove viruses and spyware. But once you’ve been infected, it may be too late to protect yourself. ZoneAlarm Internet Security Suite prevents malicious software from infecting your computer in the first place with multiple layers of protection.

Trend Micro Internet Security Pro: Trend Micro Internet Security Pro, formally known as PC-cillin, is a vast offering of useful security and PC upkeep utilities for the home user that will keep your system clean and running well. A system tuner that offers the ability to back up your system state, clean your registry, delete tracking cookies and remove browsing history is part of the Pro Services portion of Trend Micro’s program as well as several other offerings.

Norman Security: Norman Security Suite is a set of security programs to guard you against Internet threats such as viruses, worms, trojans, spyware and hackers. The different programs will protect you against inappropriate content, rootkits and other hostile activity against you and your computer, whether you are using on-line banking, chatting, emailing, playing, or just surfing the Internet.

McAfee: This software suite has proven itself time and time again against some of the most rigorous tests, including ICSA, West Coasts Labs Levels 1 & 2 and Virus Bulletin 100%. Each of these tests came to the same conclusion—McAfee Internet Security Suite will protect your computer and your personal information from the dangers that lurk on the web.