Internet of Things is Creeping into the Average Lives of Consumers

Internet of Things Gone Wild

Thanks to rapid innovation, our lives are getting easier. But there is a price to be paid. The Internet of Things is creeping into the average lives of consumers in unexpected ways, creating new vulnerabilities even in what was once the safety of our own homes.

There’s the report late last week from California-based security firm Proofpoint uncovering the first proven Internet of Things-based attack that hijacked such smart household equipment as home routers, smart TVs, and even one unsuspecting and apparently innocent refrigerator to generate spam. The attack, which took place between December 23 and January 6, generated over 750,000 “malicious email communications” and involved over 100,000 “everyday consumer gadgets.”

Each of the below developments has been built to automatically collect data about users and send that data to others. The developers insist this data is being used to enhance the consumer experience in some way; but what they don't often reveal is all the ways that data is being used to help them make money or achieve some other objective.

Take a look at these examples and think twice before you volunteer your personal information by purchasing one of these "smart" products.

• LG markets a fridge that sends a text when the milk runs out, and this article says experts have long warned such a gadget is an attractive "soft target" for hackers. In fact, in one recent attack on 100,000 smart gadgets, 750,000 spam emails were sent to their owners.
  
• Google's smart contact lenses check in and report on your health, monitoring things like gluclose levels in your tears. One commenter's question was intended to be sarcastic, but in every joke there is a grain of truth. He asked: Will it send the wearer's glucose levels directly to the NSA or does that only happen after the contact lens syncs with Google's cloud? The fact is, if the lenses can report glucose levels, it is also technically possible to program them to report on many other types of activities, as well as more of your body contents and characteristics.
  
• Wearables devices monitor physical activity and connect wirelessly to online services charged with collecting data on the wearer. If insurance companies were able to collect and use this data for their underwriting purposes (which now let employers charge employees different health insurance rates based on whether they exercise, eat right or make healthy choices), these devices could spell disaster for insurance costs... not to mention the potential impacts if employers, potential employers, family members, etc. obtain the data.    
  
• Video baby monitors send signals far and wide. To test the vulnerability of these smart gadgets, a Miami TV reporter attached one of these baby-monitor receivers to the dashboard of his car. In just a few minutes, he was able to pick up images of babies and bedrooms. Traditional audio montiors are vulnerable, as well. During the summer of 2013, ABC News reported on a Houston couple who heard cursing and lewd remarks coming from their 2-year-old's baby monitor. It had been hacked.
  
• A clip-on camera takes a still image every 30 seconds in an effort to "record your life." How often have you come across a photo of yourself that if taken out of context could cause others to jump to the wrong conclusion (college days, anyone)? Worse, what happens when someone with a clip-on camera enters a public restroom or locker room and takes pictures of people (or children) in various stages of undress?

New malware "Mirage" targeting energy firms

Malware targets individuals via "spear-phishing" e-mails bearing tainted PDF files

Researchers have uncovered a new cyberespionage campaign being waged on a large Philippine oil company, a Taiwanese military organization and a Canadian energy firm, as well as targets in Brazil, Israel, Egypt and Nigeria. 

The malware being used is called "Mirage" and it leaves a backdoor on the computer that waits for instructions from the attacker, said Silas Cutler, a security researcher at Dell SecureWorks' Counter Threat Unit (CTU). Victims are carefully targeted with so-called "spear-phishing" e-mails with attachments that are "droppers" designed to look and behave like PDF documents.

However, they are actually standalone executable files that open an embedded PDF file and execute the Mirage trojan. The malware disguises its "phone home" communications to resemble Google searches by using Secure Socket Layers (SSL) in order to avoid detection, Cutler wrote in a report this week.

Researchers were able to take over domains being used in the campaign that were no longer registered or had expired and they used them to set up a "sinkhole" designed to receive any communications from infected computers. By pretending to be a command-and-control server they learned that there were about 80 unique IP addresses that appeared to be infected, involving as many as 120 individual computers.

"Deeper analysis of the phone-home requests and correlation with social networking sites allowed CTU researchers to identify a specific individual infected with Mirage. It was an executive-level finance manager of the Phillipine-based oil company," the report says.

Researchers couldn't say what data the attackers were aiming for, but it's not difficult to speculate given that countries are vying for oil and gas exploration rights in the South China Sea. It's unclear who is behind the campaign, but whoever sponsored it is "well funded and very active," said Joe Stewart, director of malware research at Dell SecureWorks.

While he declined to speculate who sponsored the campaign, the report said proxy software used on some of the command-and-control servers was created by a member of a Chinese hacker group called the "Honker Union of China." 

"We interrupted their command chain, so we don't know what documents they're looking for," he said. "Typically it's competitive information." The researchers believe that whoever is responsible also played a part an espionage campaign earlier in the year that targeted Vietnamese oil companies and government ministries, an embassy, a nuclear safety agency and others in various countries.

The command-and-control IP addresses used in the Mirage campaign belong to the China Beijing Province Network, as did three of the IP addresses used in the earlier "Sin Digoo" malware campaign, according to the researchers. This is the latest in a number of reports of international cyberespionage that have cropped up in recent years, with energy, defense and critical infrastructure firms increasingly being targeted.

15 minute Video: Stuxnet: Computer worm opens new era of warfare

Stuxnet took the world by storm two years ago

Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe.

The worm was different from previous viruses: it wasn't designed to steal money, identities, or passwords. Instead, the malware targeted the controls at industrial facilities such as power plants, inspiring talk of a top secret, government-sponsored cyberwar.

At the time of its discovery in June 2010, the assumption was that espionage lay behind the effort, but subsequent analysis uncovered the ability of the malware to control plant operations outright--specifically an Iranian nuclear facility.

In addition to showing that a cyberattack could cause significant physical damage to a facility, it also raised concerns that future malware, modeled after Stuxnet, could target critical infrastructure, such as power and water-treatment plants in the United States.

NIST Releases Final Smart Grid 'Framework 2.0' Document

Framework will provide an expanded view of the architecture of the Smart Grid

An updated roadmap for the Smart Grid is now available from the National Institute of Standards and Technology (NIST), which recently finished reviewing and incorporating public comments into the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0.

The 2.0 Framework lays out a plan for transforming the nation's aging electric power system into an interoperable Smart Grid—a network that will integrate information and communication technologies with the power-delivery infrastructure, enabling two-way flows of energy and communications.

The final version reflects input from a wide range of stakeholder groups, including representatives from trade associations, standards organizations, utilities and industries associated with the power grid.

Refer here to read further details or here to download the document.

SCADA Security System protects industrial infrastructure

Norman Announces New SCADA Security System to Protect Industrial Infrastructure

With recent Stuxnet malware attacks on industrial software and systems, manufacturers, utilities and industries are seeking sophisticated security solutions to protect SCADA systems used for monitoring and control of industrial infrastructure.

To meet the challenge against advanced persistent threats like Stuxnet, Norman ASA - www.norman.com, has developed the Norman SCADA Protection (NSP) system to protect against cyber attacks from malware such as trojans, worms and viruses that can cause millions of dollars of damage and disruption to production and services delivery.

SCADA (supervisory control and data acquisition) describes computerized industrial control systems (ICS) that monitor and control industrial and infrastructure processes. SCADA systems can be found in manufacturing environments, public transportation systems, power generation and distribution, nuclear plants, pipelines, in oil and gas industries and in maritime environments.

According to government studies, SCADA networks have been designed to maximize functionality - and are engineered for performance, reliability, flexibility and safety, while security has been weak to non-existent.

"SCADA environments are without a doubt one of the biggest challenges in security today. Many industries are poorly protected against cyber threats to their infrastructure," said Audun Lodemel, vice president, Marketing. "Norman's NSP solution is the industry's most comprehensive solution focused on the advanced persistent threats targeting SCADA networks."

NSP is a part of the Norman Network Protection (NNP) product family, which is a high performance anti-malware protection system, designed to provide security to corporate and industrial networks.

Easy to install and easy to use, NNP family solutions are engineered to protect manufacturers, SMB, financial institutions, health care and government agencies seeking the strongest malware protection.

More information about Norman SCADA Protection can be found at www.norman.com.

Intrusion Detection for Embedded Control Systems

Digital Bond's SCADA Security Scientific Symposium (S4)

S4 did include one paper from academia, IDS for Embedded Control Systems presented by Jason Reeves of Dartmouth College and the TCIPG effort. Jason and a TCIPG team had previously developed a research product called Autoscopy and have recently enhanced it in Autoscopy Jr.

The primary purpose of Autoscopy Jr. is to detect rootkits on embedded control systems while limiting the overhead to less than 5%. The primary method is to monitor the sequence of executed instructions in a learning phase and then detect behavior that is indicative of rootkits. Jason refers to it as something akin to function level whitelisting.

It’s a detailed technical talk worth watching if you are interested in the future of IDS in PLC’s, RTU’s and other field devices. The performance testing showed it was under the 5% threshold and there were ways to improve the performance further by identifying the most resource intensive Kprobes.

The effectiveness is an open question. The team did test this against 15 rootkits that attempted control flow hijacking, but there was not a set of real world embedded system rootkits to test against.

Refer here to watch the presentation video.

Current State of SCADA Security 'Laughable'

Many of the systems that are now exposed to the Internet were not designed with that connectivity in mind

Researchers have been speaking publicly about some of them for a couple of years now, and a group recently discussed a huge set of vulnerabilities it found during an extended project looking at PLCs (programmable logic controllers). That talk at the S4 conference showed just how vulnerable such systems are to a wide variety of attacks.

"It's a blood bath mostly," said Reid Wightman, a consultant at Digital Bond, said during that conference last month. "Many of these devices lack basic security features."

During talks on SCADA security problems at the Kaspersky-Threatpost Security Analyst Summit here Friday, several other researchers talked about the serious issues inherent in these ICS installations, and the picture they painted is one of systemic problems and a culture of naivete about security in general.

Terry McCorkle, an industry researcher, discussed a research project he did with Billy Rios in which they went looking for bugs in ICS systems, hoping to find 100 bugs in 100 days. That turned out to be a serious underestimation of the problem.

"It turns out they're stuck in the Nineties. The SDL doesn't exist in ICS," McCorkle said. "There are a lot of ActiveX and file format bugs and we didn't even bother looking at problems with services. Ultimately what we found is the state of ICS security is kind of laughable."

McCorkle and Rios, who reported all of their findings to the affected vendors and through the ICS-CERT, found that the basic security model underlying the ICS systems that run critical services such as power, water and others, is completely inadequate.

Many of the systems that are now exposed to the Internet were not designed with that connectivity in mind, and some of them now have mobile interfaces that can be run on smartphones, leading to an entirely new set of issues.

"People are gonna get owned, it's going to hurt," McCorkle said. "These HMIs are listening, they're out there and they give access to these systems that are supposed to be segregated."

Tiffany Rad, a computer science professor at the Universiry of Southern Maine and an intellectual property attorney, said during her talk here on vulnerabilities in the ICS systems at correctional facilities that there is a serious, overarching set of problems that needs to be addressed.

"Security through obscurity no longer works with SCADA," she said. "The belief that PLCs are not vulnerable because they're not connected to the Internet is not true."

It would cost hundreds of billions of dollars to fix these problems physically. The only solution is [user] training."

Free Security eBook [Compliance and Beyond]

Toward a Consensus on Identity Management Best Practices

I would like to recommend a Web Security eBook [Compliance and Beyond: Toward a Consensus on Identity Management Best Practices] to learn best practices for identity management and IT security for the Energy industry.

For more than a decade, government and industry bodies around the world have issued a growing number of regulations for the energy industry designed -- in whole or in part -- to ensure the security, integrity and confidentiality of personal and corporate data. Combined, these individual regulatory guidelines outline what constitutes best practices in identity management and IT security.

It's limited time offer, PDF version.

Free Download: http://tinyurl.com/7kbgm8w

Stuxnet Analysis Report by Cyber Security Forum Initiative (CSFI)

A must-read report which will answer many of yours questions regarding STUXNET!!

The Cyber Security Forum Initiative (CSFI) is a non-profit organization headquartered in Omaha, NE and in Washington DC with a mission "to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners."

CSFI was born out of the collaboration of dozens of experts, and today CSFI is comprised of a large community of nearly 5000 Cyber Security and Cyber Warfare professionals from the government, military, private sector, and academia. Our amazing members are the core of all of our activities, and it is for them that we are pushing forward our mission.

So, after quite some time of working behind the scenes, and making an effort to focus on essence rather than buzz, the CSFI have published their official report on Stuxnet.

Scope of Research

1. Find the source code of the attack
   
   
2. Reverse engineer the code
   
   
3. Create a countermeasure and recommendation from these type of attacks
   
   
4. Understand the political motivations behind this attack
   
   
5. Explain how such a piece of malware can be used in cyber warfare scenario
   
   
6. Can Iran retaliate using the same form of cyber attack?

Feel free to download the report form here: CSFI_Stuxnet_Report_V1

As well as watch the demonstration video on the CSFI website: http://csfi.us/?page=stuxnet

U.S. power grid is a big & soft target for cyberattack

MIT study report shows security gaps widening, risk increasing as power nets improve

The "malicious attack from Russian hackers that cracked security on an Illinois water utility and destroyed one of its main pumps turned out to be what Wired called a "comedy of errors" after interviewing the prime suspect for a story that ran last week.

That doesn't mean utilities in the U.S. – especially electrical utilities – are not desperately vulnerable to attack.

The U.S. electrical grid in particular is not only just as vulnerable as it was before the risk of cyberattack became obvious, the negative impact of a real hack keeps rising, according to a two-year study published today by researchers at the MIT Energy Initiative in Massachusetts Institute of Technology Sloan School of Management.

U.S. utilities are building more intelligence into their networks to make power distribution more efficient, but the mesh of regulations and regulators involved is such that their security efforts are incomplete, inadequate and uncoordinated, according to the 268-page study (PDF of full report, or by section), which also examined risks from weather, the impact of federal regulations, rising prices for fossil fuels and competition from sources of renewable energy.

The risk of a Stuxnet-like attack on utilities was dismissed by many security experts after the revelation that reports of a successful attack on the Illinois water utility hack were mistakes, the possibility that it is possible was not.

Current risks of cyberattack on electric utilities

• Loss of grid control resulting in complete disruption of electricity supply over a wide area can occur as a result of errors or tampering with data communication among control equipment and central offices.
  
  
• Consumer-level problems ranging from incorrect billing to interruption in electric service can be introduced via smart meter tampering.
  
  
• Commuting disruptions for electric vehicle operators can occur if recharging stations have been modified to incorrectly charge batteries.
  
  
• Data confidentiality breaches, both personal and corporate, can provide information for identity theft, corporate espionage, physical security threats (for example, through knowing which homes are vacant), and terrorist activities (for example, through knowing which power lines are most important in electric distribution).

"Future of the Electric Grid, MIT Energy Initiative, Dec. 5, 2011"

With rapidly expanding connectivity and rapidly evolving threats, making the grid invulnerable to cyber events is impossible, and improving resilience to attacks and reducing the impact of attacks are important…

… For the electric grid in particular, cybersecurity must encompass not only the protection of information but also the security of grid equipment that depends on or is controlled by that information. And its goals must include ensuring the continuous and reliable operation of the electric grid…

…We believe the natural evolution of grid information technologies already points toward such an approach: the development and integration of increasingly rapid and accurate systems control and monitoring technologies should facilitate quicker attack detection—and consequently, shorter response and recovery times.

Cyberattack response and recovery measures would be a fruitful area for ongoing research and development in utilities, their vendors, and academia. – Future of the Electric Grid, MIT Energy Initiative, Dec. 5, 2011

U.S. utilities – electric, water and others – are so vulnerable and so insensible to security concerns that using passwords only three characters long doesn't raise a huge stink among companies that largely either refuse to believe there's a target painted on their backs or believe it's too expensive to do anything about it.

Defeat keyloggers on unsecure computer terminals

Can freeware provide the privacy you need?

Neo’s SafeKeys is a small program that helps to defeat keyloggers on unsecure computer terminals. It's is perfect for travel – use it in internet cafes, the office or even at home as protection against stealth keylogging programs that can be installed without your knowledge. It is a custom-made tool that allows for you to mouse-click your password on an on-screen keyboard.

Neo's SafeKeys 2008 displays a small window with a simulated keyboard on which you can type your sign-in, password, and other information. Neo's SafeKeys 2008 doesn't transmit information in a way that can be picked up by keyloggers. Nor does the program use the Clipboard. Instead, you type your info in the SafeKeys 2008 window and then drag the data to the appropriate text box in your browser.

Neo's SafeKeys 2008 successfully evaded the All In One Keylogger product in my tests. Other options help you foil keyloggers that regularly take screen captures to record your PC activities. According to the Alpin Software site, however, the utility's drag-and-drop methods don't work with all products — including the Opera browser.

No product will ever be able to guarantee your safety from snoops when you use a public computer. Here are the few advantages of Neo's Safekeys 2008:

• Unlike the Windows on-screen keyboard, Neo’s SafeKeys does not translate on-screen key presses to actual key presses (the Windows on-screen keyboard does not protect you against keyloggers)
  
• You don’t use your keyboard (keyloggers cannot record the password)


• The utility changes width and height each time, as well as its placement on the screen (to fool mouse-loggers, buttons will always be in different positions each time you use the program)


• Nothing is stored in the clipboard (clipboard loggers cannot save the password).
  
• You can use upper-case letters and symbols (such as !@#${}) by pressing the CAP button – no matter how complex your password is, the utility can type it.

I highly recommend all my readers to download Neo's Safekey 2008 and protect yourself from malicious programs such as Trojans/keyloggers, which can steal your confidential information.

Top 10 Windows 7 features

The best things about Microsoft's latest Windows 7

Windows 7 has now been released to manufacturing, and the much-anticipated next version of Windows will be available for TechNet subscribers and enterprise Software Assurance customers to download within weeks. With this in mind, here is the list of the top 10 reasons for upgrading to Windows 7.

1. 'Available networks' tool on taskbar
   If you're a laptop user, it's almost worth installing Windows 7 for this feature alone. Like all great ideas, it's disarmingly simple: put a control on the taskbar, accessed via a single mouse click, that shows available Wi-Fi networks and lets you choose which one to connect to. It's a world away from the hoops Windows Vista makes you jump through to get a Wi-Fi connection
   
   
2. Fewer annoying pop-ups
   Vista users will be familiar with the constant barrage of pop-up messages the system subjects them with: 'Windows Defender needs your attention', 'Check Windows Firewall settings', 'Updates available for your computer', and so on. In Windows 7, most of these messages appear instead in a notification area on the taskbar, so you can deal with them at your leisure.
   
   
3. HomeGroup
   HomeGroup should make it much easier to share files and other content such as music and pictures among all computers connected to a home network. It lets each user control what they want to share from their own computer, and any new Windows 7 PC connecting to the network will automatically find the HomeGroup, but needs a password to join.
   
   
4. Device Stage
   Device Stage is a new user interface for working with peripherals like phones, cameras or printers in Windows 7. It not only shows all the information about your device, but brings together all the applications and services you can use with it in one place.
   
   
5. BitLocker support for removable storage
   The Bitlocker encryption tool was introduced in Vista, but only in some editions and only for the boot drive of a PC. In Windows 7, BitLocker to Go lets you encrypt and password-protect USB devices such as Flash memory sticks to secure files in case you misplace the drive.
   
   
6. Speedier boot-up
   With some PCs that we've seen running Vista, you could hit the on switch then go away and make a cup of tea before being able to actually use the system for anything. By contrast, Windows 7 boots up and is ready in about 30 seconds flat. In fact, Windows 7 seems more responsive than Vista all round, even on the same hardware.
   
   
7. Libraries
   Libraries are like folders, except they conveniently bring together content from multiple locations into one place. For example, the Pictures library lets you see all photos and images to which you have access, whether they are spread across several folders on your hard drive or even on a network share.
   
   
8. User Account Control is less in-your-face
   The User Account Control (UAC) feature was introduced in Vista to improve security but has proved extremely annoying, popping up and asking for confirmation whenever you want to open Device Manager, add drivers, or dozens of other tasks. In Windows 7, UAC has been reworked so that users can carry out a greater range of tasks without a UAC prompt asking them for confirmation or administrator credentials.
   
   
9. Multi-touch
   On systems with a compatible touch screen, Windows 7 supports gesture-based input and control, like you might see on Apple's iPhone, but it works with pretty much all applications, not just those created for Windows 7. This means you can tap on the screen to launch applications, use your finger to scroll up and down in Internet Explorer and Word documents, and doodle using your fingertip in Paint.
   
   
10. It's not Windows Vista
    Enough said.

Reference: Vnunet.com

Koobface Virus includes a bot-like component, BeAware!

Facebook Koobface Protection and Removal

What is the koobface virus?

The koobface worm is new malware variant that has the ability to replicate itself when it gets through the computer system. It also referred to as Net-Worm.Win32.Koobface.b. Please refer here to my previous post.

The koobface virus popularly infects computers via social networking sites like facebook. The facebook virus koobface also has the ability to send automated emails using infected computer systems.

Koobface includes a bot-like component that could install other malicious apps at a later time.If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or Live.com may be hijacked to other, lesser-known search sites.

How to Avoid Koobface

The best way to avoid having trouble with this computer virus is to observe the koobface protection practices. When using social networking sites (myspace, friendster, facebook, hi5, etc), always be cautious of automated messages that are either too tempting or insulting (eg. you look funny in this video, etc) and avoid clicking on the link provided as this may likely contain a koobface download. This is one of the simplest but most valuable means of koobface virus protection. Please refer to my previous post on Koobface virus.

How to Detect Koobface

The McAfee website provides information on the characteristics and symptoms of this computer worm. You may want to read their report to learn more how to detect koobface.

How to get rid of the koobface virus

This "koobface removal article" provides information on how to remove koobface manually including details to delete koobface registry keys. Please note however that great caution should be observed when you attempt to delete koobface virus manually because you may put your computer at risk. I will not recommend my readers to manually remove this virus. 2spyware.com also provides a free koobface antivirus download. If you detect koobface in your PC, you may download the koobface virus removal tool here: Download Koobface Remover or Facebook has also posted instructions on how to remove the infection.

Gazelle Browser Offers Better Security ?

Researchers Say Gazelle Browser Offers Better Security

Researchers at various universities are working with Microsoft Research to develop a more secure Web browser code-named Gazelle. The researchers recently demonstrated Gazelle on Windows Vista and with Internet Explorer's Trident renderer, and have also published a paper describing the project. Gazelle uses a browser-based operating system, a browser kernel that consists of approximately 5,000 lines of C# code and can withstand memory attacks. No existing browsers, including new architectures like IE 8, Google Chrome, and OP [another experimental browser], have a multi-principal OS construction that gives a browser-based OS, typically called browser kernel, the exclusive control to manage the protection and fair-sharing of all system resources among browser principals.

A team consisting of Microsoft Research personnel and university staff members has demonstrated a potentially more secure Web browser called Gazelle. A paper (PDF) describing the browser prototype was published at Microsoft Research Thursday.

However this research team, led by Helen J. Wang and others, appears to be doing work that's separate from Microsoft's Internet Explorer 8 team. IE8 and Google Chrome frequently appear in the paper as examples of browsers that get security wrong.

The principals, or Web sites, communicate with each other by passing messages through the browser kernel, which manages security and the sharing of system resources. The browser uses separate processes to run a Web page and its embedded principals. Still in the prototype stage, Gazelle is slow because of its level of overhead, and the team also will have to address the browser plug-in issue.

iSpring - Cool Utility

Converts PowerPoint Presentations to Flash Video

Windows only: Freeware PowerPoint plug-in iSpring converts your PowerPoint presentation to an interactive Flash video with the click of a button. Not only is iSpring a great way to make your PowerPoint presentation more portable (not everyone has PowerPoint, after all), but as Digital Inspiration points out, an exported movie even preserves all of your slide transitions, animations, and hyperlinks.

iSpring is freeware, Windows only, works with PowerPoint 2000 through 2007.

Alternately, you can upload any presentation directly to the SlideBoom web site (which appears to convert and host Flash movies made with iSpring) if you don't want to host the presentation yourself.

***This post is not security related***

Top 50 Apps That Fit On A USB Drive

Portable Softwares which you should carry on your USB Drive...

Sometimes you just need to take your apps on the go. Whether you’re providing support or just trying to make a strange computer feel more familiar, having a collection of portable applications is very useful. From development to security, these apps are some of the best tools you’ll ever keep in your pocket.

Development

Edit code wherever you are with these handy tools.

1. Vim: The Vim text editor has lots of features that are great for source code editing, like file comparison, regular expressions, and GUI mode. It’s also highly portable, working with even obscure platforms.
2. Dev-C++: This integrated development environment is much like Microsoft Visual Studio, except that it has DevPaks that offer additional utilities, libraries, and templates.
3. Server2Go: With Server2Go, you’ll have access to PHP, MySQL, Apache, and Perl.
4. Notepad++: Notepad++ is a free source code editor that offers an efficient binary as well as a customizable GUI.

Graphics

Edit graphics, create animations, and view images on the go with these pocket graphics apps.

1. Anim8or: Anim8tor, though small in size, is packed with loads of features and tools. It also has plenty of easy tutorials for modeling and animation.
2. IrfanView: Using this image viewer for Windows, you can view, edit, and convert image files, as well as play some video and audio formats. It even supports formats like Flash, MP3, and MPEG.
3. ArtRage: ArtRage, a bitmap graphics editor, is great for use on tablet PCs. Available mediums on ArtRage include oil painting, pencils, and tools that offer textures and other special effects.
4. Inkscape: Inkscape is a vector graphics editor application that runs on nearly any operating system, making it a great tool for using on unfamiliar computers.
5. FastStone Image Viewer: Use FastStone to view images, manage thumbnails, and perform various image editing tasks.
6. Blender: This 3D animation program can be used for a number of different uses, including modeling, rendering, and animating.
7. GIMP: The GNU Image Manipulation Program is used to process digital graphics and photographs, and even create basic GIF images.
8. UnFREEz: Coming in at a tiny 19.5 kb, UnFREEz just might be one of the smallest apps ever. Using this tiny GIF app, you can combine a series of images to create an animation.

Documents

Have your office with you wherever you go with these portable document applications.

1. Open Office: This office suite works on a number of different operating systems, and offers document functionality in word processing, spreadsheet, presentation, database, and more.
2. Foxit Reader: Take this small, fast PDF viewer with you wherever you go to avoid having to use Adobe Acrobat.
3. NoteTab: This text editor offers the option of a tabbed document interface, making it easy to manage multiple documents at once.
4. Scribus: The Scribus desktop publishing program offers layout and typesetting as well as the ability to create PDF forms with animations and interactive functions.
5. RagTime: Using RagTime, you can create documents in spreadsheets, word processing, HTML, and even AutoCad files.
6. TextPad: The TextPad app offers easy text creation and editing, as well as helpful features like a clip library.

Internet

Get the Internet the way you want it with these portable browsers, chat programs, and email applications.

1. Firefox Portable: Take your Firefox, with all of its bookmarks, plugins, and extensions anywhere using Firefox Portable.
2. ChatZilla: Get this IRC client, and you can chat on any platform that has a Mozilla web browser, like the aforementioned Firefox Portable.
3. Google Talk: You can use this application for VoIP and instant messaging on nearly any Windows machine.
4. Portable Thunderbird: Using this portable email app, you can keep your email, address book and settings right in your pocket.
5. PuTTY: This little gem is a terminal emulator that can act as a client for a variety of protocols, like SSH and Telnet.
6. Pidgin: Use Pidgin, a multi-platform IM client, to enjoy encrypted IM discussions.
7. XeroBank Browser: This internet browser has Tor access built in, so you can stay anonymous.
8. Adium: This Mac OS X instant messaging client can be used with AIM, Google Talk, ICQ, Jabber, and many more messaging services.
9. FileZilla: Use FileZilla, a very popular cross-platform FTP client, to share and remotely access files.
10. Trillian Anywhere: Take Trillian, a multiprotocol IM application, anywhere using this app.
11. Portable Bookmarks: Keep all of your bookmarks on your flash drive with Portable Bookmarks.
12. uTorrent: With uTottent, you can buse BitTorrent while using minimal computer resources.
13. Gaviri PocketSearch: This file management software makes it easy to locate files across all of your devices.
14. Miniaim: Get around instant messaging restrictions with this minimalist AIM client.

Multimedia

Get mobile media functionality with these awesome tools.

1. Audiograbber: Extract audio from CDs and convert into a number of different formats like WAV, MP3, and WMA.
2. DeepBurner: Take this CD/DVD authoring program on the go to burn discs and ISO images.
3. VideoLAN: This software plays video and other media formats on the go.
4. REAPER: This digital audio workstation uses very light resources and can currently be used on Windows, with Mac OS X soon to come.
5. MediaCoder: Use MediaCoder to batch transcode, compress, or convert audio and video.
6. StationRipper: With StationRipper, you can record audio from podcasts, Shoutcast, Last.fm stations and more, all with iTunes integration.
7. Audacity: Edit digital audio on the go and on a number of different platforms with Audacity.
8. Winamp: Use this popular, skinnable media player for music and more on the go.

Security

Ensure a secure workspace, or just help Grandma get spyware off of her computer using these portable security apps.

1. KeePass: Carry your password safe around with you, and rest assured that your information is encrypted.
2. Ad-Aware: Take this popular adware zapper on the go to find trouble on any computer you might be using.
3. ClamWin: Use ClamWin to scan for viruses on a Windows machine with the Clam AntiVirus engine.
4. Eraser: Make sure you’re safely deleting files when you leave a strange computer by using Eraser.
5. RoboForm: This program won’t just manage your passwords, it will also fill in web forms for you.
6. HijackThis: Find and destroy malware with this freeware spyware-removal tool.
   

More

Get even more use on the go with the USB apps.

1. Universal Extractor: Extract files from any archive, anywhere.
2. Converber: Make easy conversions on any computer with Converber.
3. Launchy: This program locates programs to launch based on a user search, making it easy to launch anything from games to an internet browser.
4. DOSBox Portable: Play around with your USB stick, and enjoy classic DOS games on the go.