Posted by Monte Robertson on Fri, Jul 23, 2010 @ 05:33 PM
Part of the problem with Malicious software is that it can be found everywhere. In this case it was found in the supply chain for Dell servers where the W32.Spybot worm is embedded in the flash of the Mother boards.
More on the story from the good folks at the Register HERE
Servers affected so far:
PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410
When these things pop-up it is safe to bet that what is being reported is just the tip of the iceberg. The real issue could be many times larger than what is initially reported. So it begs the question, who is watching the assembly processes of all the large hardware manufacturers and how closely?
One could hope that someone is reseraching into the source of the computer security vulnerability to find out what else is infected out there.
Malware is big business and getting it installed during the assembly pipeline is going to become more attractive to those looking to do harm. Maybe it is time to go back to building our own machines so we know they are clean?
Some say that Antivirus software should catch it, that is if the owners are running Antivirus software on the server...
Computer security is not just for the desktops and laptops, it should be considered even for computers that do not go on the Internet or just have parts replaced.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Jul 08, 2010 @ 06:24 AM
There are a number of vectors or paths that can lead to compromising computer security. Threats are sent to computers via email and instant messaging. Computer users unknowingly go out and get threats while surfing the Internet. There is the silent threat from disgruntled or greedy insiders. Finally there are threats delivered by plugging accessories into the computer. How well known are all these computer security threat vectors?
- Most people know that threats from Malware are often delivered by email. This is the oldest threat vector.
- Fewer however are aware that the delivery medium has now shifted to the web and more Malware is now delivered from the web than email.
- Very few know about or have considered the insider threat potential.
- Almost no one is aware of threats coming from USB devices, picture frames and other devices affected with malware from the Manufacturer.
Email security is getting better all the time. Given a good layered solution it is hard to get a virus attached to an email delivered. Most email threats now come in the form of links to malicious websites. Your email security solution provider needs to specialize in email security in order to have a chance to keep up with the threats to computer security from this threat vector.
People implicitly trust the Internet by clicking on links in emails or surfing fearlessly because they don’t know any better or realize that any site can be infected and dishing out malicious code. The majority of the threats today are delivered by compromised web sites dishing out malicious code. Like email security your web security solution provider needs to specialize in this layer of computer security as well.
The threat from disgruntled employees or employees trying to make a quick buck can be the most damaging and hardest to prevent. It is unfortunate that we also have to consider a threat from those who we employ and helping provide their livelihood. Steps in restricting access to resources, including servers, files, and intellectual properties may be considered as part of the computer security process.
If that weren’t enough USB devices, including free thumb drives given away at trade shows, picture frames and other USB connected devices are being infected with malware during the manufacturing process. Because so many computers auto run programs installed on these devices it is an attractive vector. Taking steps in removing the auto run command and locking down USB devices will become more popular and now is the time to get ahead of this computer security threat vector.
Computer security threats come in many forms and so should your proactive response. It takes a combination of security software & solutions, people and procedures to have a chance at staying protected these days. Think layers and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Jun 24, 2010 @ 09:45 PM
The biggest problem most Security Software has today is that it is reactive by design. Most security software looks for common elements in the threat's code, malicious web pages, behaviors or other identifiable traits, then reacts.
But before the software can react, a list of common elements (signatures) must be built when a threat is discovered "in the wild" (aka on the Internet), so when that threat is seen again, the software can hopefully block and or process it accordingly.
There are a couple of problems with that approach. First, if the security software doesn't have the signature or understand the technology of the attacking threat(s), it is too late and the threat gets in. Second, by being reactive, security solutions are always trying to keep up with the bad guys.
Picture a global wild-wild-west. That is what the Internet is today. Now you can see why security software needs our help.
We need to move from reactive to proactive. Especially in the small to mid-sized business and home user markets because they represent the largest threat surface area. SMB and home users are a growing demographic targeted by hackers because these groups have the least amount of experience dealing with threats and securing data.
Tips for the Business owner:
- Adopt a Layered Security Solution, no matter what the network configuration is or how it is used.
- Take charge and ownership of security policies, tools and acceptable computer use. Business computers should be used for business work.
- Keep everything up to date, everything.
- Back up appropriately.
Tips for the Small office\home office and home users:
- Use a security suite to help with your Layered Security Solution.
- Keep everything up to date.
- Back up appropriately.
- Remove local administrator rights.
Security is not convenient or easy. It takes consistent work, so help out by lending a helping hand.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Jun 11, 2010 @ 06:11 AM
Sets record of 45 straight Awards
Eset NOD32 has secured its 62nd VB100 award from Virus Bulletin, the world's leading independent antivirus software comparison testing group. ESET leads all antivirus software vendors with a record setting, 45 straight VB100 awards.
Virus Bulletin first introduced the VB100 award in 1998, and conducts several antivirus software comparatives every year, rotating platforms tested between Linux, Windows, Windows servers and Novell Netware.
This Virus Bulletin 100% test report was conducted on the Windows Server 2008 R2 platform. 33 antivirus software products participated in the tests, 24 succeeded with a 100% award and 9 failed.
In order to display the VB100 logo, the antivirus software must meet two criteria: (1) Demonstrate it detects all "In-the-Wild" viruses (viruses with known signatures), during both on-demand (you demand, it scans), and on-access (real time), scanning tests; and, (2) Generate no false positives when scanning a set of clean files.
Since the inception of the VB100 awards in 1998, ESET's NOD32 antivirus software continues to boast a success rate of over 97 percent - the industry's highest. Most antivirus vendors have success ratios in the 50 - 75 percent range across all operating systems.
"Detection rates were excellent, showing a continuation of the upward trend seen in the last few tests," said John Hawes, Virus Bulletin. "No false alarms were noted and the WildList was handled flawlessly, earning ESET yet another VB100 award."
ESET's NOD32 is powered by ThreatSense® technology, an advanced heuristics engine that enables proactive detection of malware not covered by even the most frequently updated signature-based products.
Unlike traditional approaches, ESET's antivirus software solutions decode and analyze executable code in real-time, using an emulated environment. By allowing malware to execute in a secure virtual world, ESET is able to clearly differentiate between benign files and even the most sophisticated and cleverly-disguised malware.
For Small Businesses and home users we recommend the ESET Smart Security Suite. To download a free trial of ESET's award-winning Smart Security software visit; http://www.eset.com/download/partner-ess
For a Business Trial (over 10 computers) download from here: http://www.SoftwareSecuritySolutions.com/eset-business-trial.php
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Mon, Jun 07, 2010 @ 05:24 PM
I remember NOD32 Antivirus Software version 1.x. It was a very basic interface yet still a great piece of Antivirus Security Software. As the world changes it is important to note that change is change, sometimes it is good, sometimes, not so much.
ESET has begun phasing out NOD32 Antivirus version 2.7. Version 2.7 had an extremely light footprint (14MB) and a blazing fast scanner. NOD32 2.7 was great for computers without many resources. This is the majority of the older (>3 years) computers, and these days any current computer with less than 1GB of RAM installed.
The reason it was lightweight is because ESET had not yet bent to the pressures of moving from the early adopters to the main stream antivirus software buyers. That is code for "there were not a lot of bells and whistles in the program". This is the curse of all Antivirus Software, trying to "keep up with the Jones' by adding bells and whistles, thus going for bigger main stream bucks.
Antivirus software should be small, no frills and just WORK in the background. We don't want gadgets, we want protection!
But we, the reviewing public, Gartner, PC-x and other powerful industry reviewers keep insisting on features and fancy GUI interfaces, just because we can. That ends up working against the productivity of the Antivirus engine. It is no wonder Antivirus Software is under scrutiny. But I digress...
Current NOD32 Antivirus 2.7 customers are invited to upgrade to ESET NOD32 Antivirus 4.2 for free. ESET NOD32 Antivirus 4.2 offers the most current proactive protection technology, is easier to use and has more advanced options for power users (think bells & whistles).
NOD32 Antivirus 2.7 customers will continue to be protected with signature updates until February 1, 2012, but are advised to upgrade to the latest version as soon as possible. Engine updates will likely stop well before the end of life date of 2/1/2012.
NOD32 version 2.7 end of life timeline:
2/1/2010 - NOD32 Antivirus 2.7 software was removed from the ESET website.
ESET no longer sells NOD32 Antivirus 2.7.
February 1, 2012 - Virus signature database updates for NOD32 Antivirus 2.7 will be discontinued. ESET will no longer provide technical support for NOD32 Antivirus 2.7.
So long old friend, you will be sorely missed.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Apr 22, 2010 @ 12:16 PM
Yesterday was a bad day for the good people at McAfee because one of the antivirus software signatures released removed a valid Windows file. This caused the affected machine to fail and get stuck in a re-boot loop.
If you are not familiar with how Antivirus signatures work, here is a quick lesson. When malicious software is found on the Internet it is analyzed for an identifiable code structure. This is its signature. That signature is then incorporated into a unique list of known bad programs that the Antivirus software program uses as its detection base.
The key phrase for today's world there is "when malicious software is found" because it must be found to have a signature. There is a technology called "heuristics" where algorithms and other techniques are used to determine if code is good or bad and take action based on that decision. This is the beginnings of proactive protection, but, if you guess wrong, bad things can happen.
So how do allegedly good programs get on this list? Fair question. Because threats have changed over the years antivirus software companies not only have to detect and remove viral programs, or fractional code, we are also requiring them to remove spyware and malware, or fully functional code. Our operating systems and applications are fully functional code. This part of the detection and removal process is where things like this happen.
This type of problem with signatures is yet another Achilles heel for reactive based solutions. The threats are changing so fast that antivirus software companies are struggling to keep up. We really need a change to how we protect the average computer. We need to move from a reactive position to a proactive one which is a huge paradigm shift for this industry. Many smaller antivirus software companies will not survive this imminent move in technology.
It is not an easy job we are asking antivirus manufactures to do. Mistakes will happen; no antivirus company is immune from this fact. Be supportive and not react too quickly. Encourage others to be part of the solution and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Apr 15, 2010 @ 11:43 AM
Reportedly, about 17 million Chinese computers do not have Antivirus software. This is about 4% of their computers which is about the same percentage that do not have Antivirus protection in the USA year over year. Now that sounds like a need ready to be filled! But is it really?
Is there a real problem with this many computers (I would estimate somewhere north of 30 Million computers worldwide), not using Antivirus software?
Not using Antivirus software is considered reckless Internet behavior by some. It could also be considered minimally risky by others. Consider the user's ability, which applications, updates, settings and solutions are installed, where the machine goes and what it does on the Internet, all contributing to the risk levels when forming your opinion. It is not a simple matter. Let's take a quick look back to help us see the future.
About 20 years ago viruses spread from computer to computer via file sharing from 5 1/2" floppy disks. We love to share. It is in our nature. The web is the greatest sharing medium in history. The virus writers knew this then and know it still, 20 years later.
Antivirus software was created to make computing safer and easier, but, security is never easy or convenient. Even with the best Antivirus software many still get infected. So to state the obvious, it sounds like we might have been going about this wrong for all these years!
Signature based Antivirus software, being reactive in nature, is finally coming under fire for not being able to keep up with the threats. One might think after 20 years of antivirus software we wouldn't continue to have these problems. The threats change and then, so does the response. Maybe we don't want a vaccine to prevent infection in the first place? In a matter of seconds once a machine is infected it can be too late. That fact does not bode well for the reactive approach.
Why do we expect different results when we use the same thinking and technology as we always have? That question goes out to all the mirrors in the world.
There are well respected security experts now saying signatures are "dead, dead". So what are we to do, toss out all our security software? No, absolutely not. Some protection is far better than none. So how do we move from being reactive to proactive? That is the umpteen billion dollar question.
There is a quiet paradigm shift happening whos time has come. Dr. Peter Tippett had a Whitelisting solution (proactive), in the 1980's but no one wanted it. What people wanted (and mostly still do), is to see the bugs and then kill them (reactive). So he had to turn it into a reactive solution in order to survive. Nice try Doctor but apparently things had to get really bad before we would embrace such a technology.
We may finally be moving from reactive to proactive protection with Application Whitelisting aka Application Control. We see glimmers of it in Windows 7 (called Applocker), but functionally it is only available in the Enterprise and Ultimate versions which not many people have. It is going to be awhile before this goes main stream for whatever reason. Until then, Bit9 is the thought leader for the business sector.
We manage lots of machines that do not have Antivirus Software, are locked down tight, are processing personal information and are PCI compliant. Have for a couple years now.
With the right user knowledge, environment and settings, patch levels, other security solutions and precautionary steps, Antivirus software might not be necessary in certain settings. All that is much easier to say than it is to achieve. In other words, don't try this at home.
Nothing is going to change overnight. But we can all start somewhere, sometime, hopefully soon. The most important thing is that we start, you know, being proactive.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Apr 09, 2010 @ 11:34 AM
When we started providing security software and information to those who needed help the most, it was not immediately clear to us that different tools were good at different things. A variety of vendors existed but not many people were taking a serious look at the real differences between security software offerings.
Most purchases back then were based on how good the marketing was or which solution had this bell or that whistle. As it turns out, bell & whistle does not good Internet security make!
Antivirus software and Firewalls (remember Black Ice and Tiny?), were popular and widely available but there was not much else. This was the beginning of Layered Security. We didn't recognize it at first but it was a beginning. We used to carry every type of Antivirus software we could get our hands on but quickly discovered that there were real differences in the solutions. Not to mention lots of conflicts.
Some lessons must be learned the hard way, especially with new security technologies. We had to have strong marketing noise filters in order to standardize on the best security software we could find in terms of performance and detections over time.
Most of the threats at that time (or so we thought), came from the outside, aka the Internet, so we worked hard at securing the perimeter. It made perfect sense because this technique had been followed throughout history. Build walls around the castle as the first layer of security.
After some time it became clear that perimeters were strengthening, giving us a hard outer shell but like an egg, once you are inside everything went soft. Think about the original Trojan horse, hence the origin of the term. Insiders' were\are trusted implicitly and thinking that perimeter defense was enough was exactly where the wheels start to come loose.
At some level you have to trust users within the company and on other levels you have to protect them against themselves. When it comes to critical data we recommend choosing very carefully who has access to what data and build layered security around those choices.
As a result, our thinking about Layered Security is rapidly changing from a strictly Outside\In layered perimeter defense, to an Inside\Out defense. It now even includes offensive or proactive security (hint, virus signatures are old hat), and stand alone security strategies.
These days blended threats require a blended response. More to come. Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Mar 26, 2010 @ 08:13 PM
It appears that the US is in serious trouble when it comes to Cyber security.
Experience has shown us here at Software Security Solutions that most consumers (home computer users) feel that Antivirus software is all they need and that the Internet is a safe place (surprise, it is not). Businesses focus on keeping their business going, and not so much on computer security. Being part of a small business I certainly understand that focus.
Not much effort is required to find hard evidence showing that security software and security appliance hardware is not holding up to the latest threats. See an example despite all the efforts of the Antivirus and Internet Security Industry here.>Cyber threats to the US<
Cyber security requires much more than security software and hardware appliances can provide both at home and at work. It requires understanding, work, process and much more. The bottom line is; if we choose to connect critical information (making us a target) to the internet, then prepare to get the just desserts.
So what can we do? Right now the answer is Layered Security. The answer is complex, for now, but first we need to rewind a bit.
Job one could be to standardize. Job two could be to simplify.
Security Standards: (for Antivirus Software Manufactures)
Standards make it easier to manage and support whatever it is we are trying to do, if the standards are not written by a crack-pot. Why can't we start by standardizing the names of the threats we do know about? It is no secret that most the Antivirus software companies' detections are pretty much the same when we factor in the exposure risk. So why all the smoke and mirrors of every Antivirus company calling the same threat something different? What good does it do, and how does that help protect the end users?
Simplify - (for Antivirus Software Manufactures and end users alike)
Do we really need every widget, bell and whistle? Do we really need all those different programs doing the same thing differently? How are we at making sure every one of those programs on each computer is secure and up to date? What can we do to simplify, thus reducing the threat surface area? Is there opportunity in standardizing and simplifying our computer security?
When life is simple, life is good. Just ask someone that doesn't own a computer. They seem to get along just fine.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Sat, Feb 27, 2010 @ 01:35 PM
Rat's, Worms and Viruses - oh my!
I saw a picture of an Antivirus Ad running in a store-front window the other day. The ad used a bunch of in-sync monitors intended to give the passerby an uneasy, but at the same time safe feeling, about being on the Internet. It occurred to me this was a very creative way of presenting FUD.
Fear, Uncertainty and Doubt is a main motivator driving our economy. These are key emotions played upon by many industries because fear is big business.
I am not a big FUD fan because it is not a fair tactic, especially when used on those who are easily impressed or naive about things of this world. It is hard to draw a definitive line between what should be feared and simply presenting the facts. Wouldn't it be better to just promote the positive and not accentuate the unknown?
So, maybe this begs the questions;
1. Is the Internet to be feared? And;
2. Does Internet Security really exist?
The nature of the Internet is a medium to mostly share information. If you have information that is not to be shared, it probably should not be connected to the Internet. Why? Because of this fact; you cannot simultaneously share and secure the same data. Simple sounding, yet harder make real. Or is it?
Reading what I read daily about Internet security, the uneasy feeling about being on the Internet is well deserved. Experience tells me that the safe feeling about Internet Security must be worked hard for and earned.
So yes, Internet Security really does exist and is a direct result of the choices we make. Life is a risk, so we live with the choices we make every day. Choose well. That's the best one can do.
Security as a Service for Businesses who have better things to do. 303.232.9070