Posted by Monte Robertson on Wed, Aug 25, 2010 @ 02:53 PM
A major portion of Desktop Security falls on the user. The computer USER is the largest threat surface area because humans make the decisions and the computer executes those decisions.
Spammers and malware criminals are aware of this weak link and are using many techniques to attack this largest threat surface area, the computer user.
One of the latest techniques everyone needs to be aware of is fake news being delivered via email. The deceitful emails claim that someone famous has died or some tragic event has occurred to get them to click on a link or open an email attachment for more information.
My personal favorite is; "Willie Nelson died yesterday, he was playing, On the road again”, but seriously;
What can\should you do?
- Make sure everyone knows it is NEVER a good idea to click on a link where you don’t know its destination or open an attachment. This includes in emails from people you know because it can look like it is from a friend but that information can be spoofed (faked).
- Standardize and only allow certain news feeds from reputable sources. (It is only a matter of time until this starts getting hacked but it is relatively safe right now).
- Have layers protecting the last layer of defense, the Desktop Security Software. This includes email filtering, web filtering and acceptable use policies.
- Make sure employees understand the consequences of infecting a machine by doing something that puts the desktop security, thus the company at risk.
- Keep the correct desktop security software in place and updated for the job at hand.
Desktop security software can only do so much. Most of desktop security is up to the user and how they operate the machine. Share information and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Wed, Aug 18, 2010 @ 01:49 PM
If there ever was a good example of why we need Layered Security when it comes to Computer Security Software, this is it. Multiple layers in computer security work together and cover for each other. Layers are the only chance anyone has at staying protected and here is an example of why.
Network Solutions, the huge domain registration company, had a Widget (real name of the application), they provided to website owners on parked domains (domains that are not yet live with content), and through their blog on growsmartbusiness.com.
The Widget application dropped a Trojan dropper on unsuspecting visitors.
It is estimated that anywhere from 500,000 to up to 5 million web sites could have been dishing out this malicious code.
And if that was not enough, only about 60% of the Antivirus Software updated as of 8/13/2010 on VirusTotal were detecting the dropper as malicious. That link shows the results as of that day. That means 40% were not even aware of the malicious code at that time and the threat had been out for months.
There are a number of variables when considering if you are infected, or not.
- Did you or anyone on your network visit any of the infected web sites?
- Do your users have administrative rights on their computers? Part of computer security is having a restricted environment so users can not install software that is not approved.
- Did the computer security software you use in all of the layers you have, have the ability to detect this dropper? This would include Firewalls, gateways, web filters and the last line of defense - the end points.
- Do you have the time to check the computer security software on the entire network?
Computer Security Software can do only so much. It takes people, processes, policies and solutions to create an effective Layered Security Solution. Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Mon, Aug 09, 2010 @ 07:18 PM
A week ago today, Microsoft released an out-of-cycle critical update patch that has drawn a lot of attention. This software security update has received a lot of attention because the exploit (computer security vulnerability), has gained traction on the Internet and large companies were affected.
Simply put, the exploit revolves around the shortcut links (.lnk files), the computer uses to take the user to a network share or launch a program for example. These malicious links can be put into documents by the attacker or spread via USB drives. The attackers can also spread the exploit by getting users to visit infected web sites, infecting many machines with drive by downloads.
Because the ease and criticality of this exploit reaching the Internet, it is important to download, test and deploy this computer security update as soon as possible, if not sooner, to all appropriate computers.
Speaking of Software Security Updates; tomorrow (8/10/10), Microsoft will release 14 updates patching 34 vulnerabilities in multiple products. We recommend downloading, testing and deploying the eight critical updates first because those have the highest risk. But don’t stop there because the remaining six important updates can be exploited as well. Getting infected seems to be getting easier and easier these days, especially for the common user.
It just a matter of a user effortlessly finding the wrong website, at almost any time, with the wrong permissions, or clicking on a bad link, or opening an unknown attachment to get infected. And all that is easier and more common than most people realize.
From the number of known vulnerabilities viewpoint tomorrow is the biggest computer security patch day ever. It comes right on the heels of a critical out-of-cycle security update.
So maybe you should take the day off from work and make sure your computers and servers are fully up to date. You didn’t have anything else to do, do you? Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Aug 05, 2010 @ 10:38 AM
New ESET NOD32 Exchange Server Tips
This year ESET NOD32 released a new Exchange installer (latest version 4.2.10019.0) that supports Exchange Server 5.5 SP3 through Exchange 2010. 32 and 64 bit NOD32 Exchange installers are available.
The new NOD32 for Exchange installer has some interesting new features. These tips are provided for informational purposes and to hopefully help you save a bunch of time. Special thanks to the Water of Life Church for assistance with this introductory article.
- The first and largest improvement to the ESET NOD32 Exchange installer is that it now has an Anti SPAM protection engine. The core SPAM protection engine is provided by Mailshell - The World's Leading Anti-Spam Engine Provider who also provides Anti SPAM protection for some of computer security software’s largest and most recognized names.
- The NOD32 Exchange installer has the ability to quantify the number of mail boxes to help the end user keep track of how many mail boxes they actually do or don't have licenses for.
- A new license file configuration is provided with new purchases. If you want to upgrade to get the latest NOD32 Anti SPAM protection engine with an existing license (and it is free), you must request a new license file. The NOD32 Anti SPAM protection engine will not be enabled without the new NOD32 Exchange license file.
- If you want the end users to manage the Anti SPAM protection in a local SPAM folder in their Outlook account, as opposed to the NOD32 Exchange Administrator managing the SPAM protection, the NOD32 Exchange server must be configured for SPAM protection and the end users must be using the ESET NOD32 Smart Security product.
The NOD32 Exchange installer provides resident file and memory protection, Web-access protection as well as Exchange mail store protection. The ESET NOD32 Anti SPAM protection engine is an optional module that can be enabled or disabled.
Since this is the first year for the Anti Spam protection to be included in the ESET NOD32 Exchange server we can expect continued improvements and functionality from the talented ESET NOD32 programmers.
Now that we have opened the Email Security topic we will continue to talk about the ESET NOD32 Exchange solution and our Email Security Service as well. Be safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Wed, Aug 04, 2010 @ 08:48 PM
For all the companies and people still using Windows 2000 and\or Windows XP with Service Pack 2, and we know there are a lot of them out there, the dance is almost over and it is time to face the music. Out of pure courtesy, here is your last wake-up call.
Microsoft is not supporting these platforms any more.
This means that patches and updates are no longer being provided for these systems. And that means exploits (hacks from hackers), are being discovered to use against these more vulnerable systems as we speak. (Sigh)
What you can do if you are still using these platforms:
1. Pay Microsoft a lot of money for special updates. With the amount you have to pay them you might as well buy new computers, or at least upgrade and go on a cruise.
2. Do nothing and get infected. Then take all that money you were going to use for the upgrade and cruise and pour it into repairing the damage and just keeping the business alive.
3. Upgrade to a supported Operating system, now! - (this will force many companies to deal with the third party software that has forced them to freeze their machines at these OS and patch levels in the first place).
4. Use Application Whitelisting of some kind to protect machines that can't protect themselves.
This is truly a wakeup call and procrastination is no longer an option. Do something right away to move your antiquated unsecure network forward. And be safe out there!
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Jul 23, 2010 @ 05:33 PM
Part of the problem with Malicious software is that it can be found everywhere. In this case it was found in the supply chain for Dell servers where the W32.Spybot worm is embedded in the flash of the Mother boards.
More on the story from the good folks at the Register HERE
Servers affected so far:
PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410
When these things pop-up it is safe to bet that what is being reported is just the tip of the iceberg. The real issue could be many times larger than what is initially reported. So it begs the question, who is watching the assembly processes of all the large hardware manufacturers and how closely?
One could hope that someone is reseraching into the source of the computer security vulnerability to find out what else is infected out there.
Malware is big business and getting it installed during the assembly pipeline is going to become more attractive to those looking to do harm. Maybe it is time to go back to building our own machines so we know they are clean?
Some say that Antivirus software should catch it, that is if the owners are running Antivirus software on the server...
Computer security is not just for the desktops and laptops, it should be considered even for computers that do not go on the Internet or just have parts replaced.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Jul 08, 2010 @ 06:24 AM
There are a number of vectors or paths that can lead to compromising computer security. Threats are sent to computers via email and instant messaging. Computer users unknowingly go out and get threats while surfing the Internet. There is the silent threat from disgruntled or greedy insiders. Finally there are threats delivered by plugging accessories into the computer. How well known are all these computer security threat vectors?
- Most people know that threats from Malware are often delivered by email. This is the oldest threat vector.
- Fewer however are aware that the delivery medium has now shifted to the web and more Malware is now delivered from the web than email.
- Very few know about or have considered the insider threat potential.
- Almost no one is aware of threats coming from USB devices, picture frames and other devices affected with malware from the Manufacturer.
Email security is getting better all the time. Given a good layered solution it is hard to get a virus attached to an email delivered. Most email threats now come in the form of links to malicious websites. Your email security solution provider needs to specialize in email security in order to have a chance to keep up with the threats to computer security from this threat vector.
People implicitly trust the Internet by clicking on links in emails or surfing fearlessly because they don’t know any better or realize that any site can be infected and dishing out malicious code. The majority of the threats today are delivered by compromised web sites dishing out malicious code. Like email security your web security solution provider needs to specialize in this layer of computer security as well.
The threat from disgruntled employees or employees trying to make a quick buck can be the most damaging and hardest to prevent. It is unfortunate that we also have to consider a threat from those who we employ and helping provide their livelihood. Steps in restricting access to resources, including servers, files, and intellectual properties may be considered as part of the computer security process.
If that weren’t enough USB devices, including free thumb drives given away at trade shows, picture frames and other USB connected devices are being infected with malware during the manufacturing process. Because so many computers auto run programs installed on these devices it is an attractive vector. Taking steps in removing the auto run command and locking down USB devices will become more popular and now is the time to get ahead of this computer security threat vector.
Computer security threats come in many forms and so should your proactive response. It takes a combination of security software & solutions, people and procedures to have a chance at staying protected these days. Think layers and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Jun 24, 2010 @ 09:45 PM
The biggest problem most Security Software has today is that it is reactive by design. Most security software looks for common elements in the threat's code, malicious web pages, behaviors or other identifiable traits, then reacts.
But before the software can react, a list of common elements (signatures) must be built when a threat is discovered "in the wild" (aka on the Internet), so when that threat is seen again, the software can hopefully block and or process it accordingly.
There are a couple of problems with that approach. First, if the security software doesn't have the signature or understand the technology of the attacking threat(s), it is too late and the threat gets in. Second, by being reactive, security solutions are always trying to keep up with the bad guys.
Picture a global wild-wild-west. That is what the Internet is today. Now you can see why security software needs our help.
We need to move from reactive to proactive. Especially in the small to mid-sized business and home user markets because they represent the largest threat surface area. SMB and home users are a growing demographic targeted by hackers because these groups have the least amount of experience dealing with threats and securing data.
Tips for the Business owner:
- Adopt a Layered Security Solution, no matter what the network configuration is or how it is used.
- Take charge and ownership of security policies, tools and acceptable computer use. Business computers should be used for business work.
- Keep everything up to date, everything.
- Back up appropriately.
Tips for the Small office\home office and home users:
- Use a security suite to help with your Layered Security Solution.
- Keep everything up to date.
- Back up appropriately.
- Remove local administrator rights.
Security is not convenient or easy. It takes consistent work, so help out by lending a helping hand.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Jun 11, 2010 @ 06:11 AM
Sets record of 45 straight Awards
Eset NOD32 has secured its 62nd VB100 award from Virus Bulletin, the world's leading independent antivirus software comparison testing group. ESET leads all antivirus software vendors with a record setting, 45 straight VB100 awards.
Virus Bulletin first introduced the VB100 award in 1998, and conducts several antivirus software comparatives every year, rotating platforms tested between Linux, Windows, Windows servers and Novell Netware.
This Virus Bulletin 100% test report was conducted on the Windows Server 2008 R2 platform. 33 antivirus software products participated in the tests, 24 succeeded with a 100% award and 9 failed.
In order to display the VB100 logo, the antivirus software must meet two criteria: (1) Demonstrate it detects all "In-the-Wild" viruses (viruses with known signatures), during both on-demand (you demand, it scans), and on-access (real time), scanning tests; and, (2) Generate no false positives when scanning a set of clean files.
Since the inception of the VB100 awards in 1998, ESET's NOD32 antivirus software continues to boast a success rate of over 97 percent - the industry's highest. Most antivirus vendors have success ratios in the 50 - 75 percent range across all operating systems.
"Detection rates were excellent, showing a continuation of the upward trend seen in the last few tests," said John Hawes, Virus Bulletin. "No false alarms were noted and the WildList was handled flawlessly, earning ESET yet another VB100 award."
ESET's NOD32 is powered by ThreatSense® technology, an advanced heuristics engine that enables proactive detection of malware not covered by even the most frequently updated signature-based products.
Unlike traditional approaches, ESET's antivirus software solutions decode and analyze executable code in real-time, using an emulated environment. By allowing malware to execute in a secure virtual world, ESET is able to clearly differentiate between benign files and even the most sophisticated and cleverly-disguised malware.
For Small Businesses and home users we recommend the ESET Smart Security Suite. To download a free trial of ESET's award-winning Smart Security software visit; http://www.eset.com/download/partner-ess
For a Business Trial (over 10 computers) download from here: http://www.SoftwareSecuritySolutions.com/eset-business-trial.php
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Mon, Jun 07, 2010 @ 05:24 PM
I remember NOD32 Antivirus Software version 1.x. It was a very basic interface yet still a great piece of Antivirus Security Software. As the world changes it is important to note that change is change, sometimes it is good, sometimes, not so much.
ESET has begun phasing out NOD32 Antivirus version 2.7. Version 2.7 had an extremely light footprint (14MB) and a blazing fast scanner. NOD32 2.7 was great for computers without many resources. This is the majority of the older (>3 years) computers, and these days any current computer with less than 1GB of RAM installed.
The reason it was lightweight is because ESET had not yet bent to the pressures of moving from the early adopters to the main stream antivirus software buyers. That is code for "there were not a lot of bells and whistles in the program". This is the curse of all Antivirus Software, trying to "keep up with the Jones' by adding bells and whistles, thus going for bigger main stream bucks.
Antivirus software should be small, no frills and just WORK in the background. We don't want gadgets, we want protection!
But we, the reviewing public, Gartner, PC-x and other powerful industry reviewers keep insisting on features and fancy GUI interfaces, just because we can. That ends up working against the productivity of the Antivirus engine. It is no wonder Antivirus Software is under scrutiny. But I digress...
Current NOD32 Antivirus 2.7 customers are invited to upgrade to ESET NOD32 Antivirus 4.2 for free. ESET NOD32 Antivirus 4.2 offers the most current proactive protection technology, is easier to use and has more advanced options for power users (think bells & whistles).
NOD32 Antivirus 2.7 customers will continue to be protected with signature updates until February 1, 2012, but are advised to upgrade to the latest version as soon as possible. Engine updates will likely stop well before the end of life date of 2/1/2012.
NOD32 version 2.7 end of life timeline:
2/1/2010 - NOD32 Antivirus 2.7 software was removed from the ESET website.
ESET no longer sells NOD32 Antivirus 2.7.
February 1, 2012 - Virus signature database updates for NOD32 Antivirus 2.7 will be discontinued. ESET will no longer provide technical support for NOD32 Antivirus 2.7.
So long old friend, you will be sorely missed.
Security as a Service for Businesses who have better things to do. 303.232.9070