With security enhancements in the most recent Windows operating systems and browsers, it’s hard to believe that viruses and spyware are still as rampant as ever. According to recent statistics, over 6,000 new viruses are released every month! The impact of a virus can range from simply annoying to having a severe impact on business productivity and profitability. For instance, some viruses and spyware will pop up advertisements or install toolbars in the browser. The impact is usually limited to one person and can be removed relatively easily in most cases. However, we’ve witnessed widespread viruses that have caused a company-wide shut down. All PCs needed to be completely rebuilt and data had to be restored from a backup vault. The financial impact of closing the doors for business for several days could threaten the existence of a company.
Many organizations install anti-virus and anti-spyware software, which is absolutely necessary. However, after the initial installation, there is usually no configuration, management or monitoring of the software. Anti-virus definitions are not updated, the solution may not be centrally managed and version upgrades do not take place. This is the worst case scenario as the expense is incurred but the solution is not effective at all. In order to counter this issue, Trigon offers Managed Endpoint Protection to its clients in the Central Pennsylvania and Philadelphia region. Some of the benefits of having Trigon install, manage and update your security software are as follows:
- Integrated alerts can be generated if any events arise
- Centrally managed and updated by Trigon
- No expiration date or lapse in service
- No application to install, upgrade or support
- Month to month billing based on actual usage
- Robust reports can be easily presented
- Cost effective – in most cases, it costs the same or less than purchasing your own software
If you’d like to discuss a Managed Endpoint Protection solution, please contact us and we can assess if your company would benefit from our offering.
When people think of Macs they tend to think of the fact that they’re not as bogged down with malware as Windows computers can be. There are a few different ideas on why that is. Some think it’s because Mac is built with a UNIX like kernel which is supposed to be more secure, while others think it’s because Windows has the larger market share which means that it’s the bigger target. Regardless of the why, the fact is that Macs do have fewer pieces of malware than Windows.. but could that change? Malware can be written to exploit vulnerabilities within the operating system but it can also do the same for 3rd party software that Apple or Microsoft did not write. This was the cause of a recent outbreak of malware on Mac computers that took advantage of a vulnerability in Java. Mac uses a version of Java that Apple specifically designed for it so any updates for it are handled by Apple. In this instance the Mac version of Java had not been completely up to date based off of the security patches that Java releases and because of this about 600,000 Macs were infected with the malware named Flashback. Apple has since released a tool to remove Flashback and also released a patch for Java to bring it to the current version.
Users of Mac computers have been so used to the fact that they didn’t have to worry about malware but is that about to change? The Mac platform is still currently more secure than Windows but with the popularity of Mac computers increasing, in my opinion I think it is time to start exploring the anti-virus software available for Macs. If you have any questions about Macs or security software for your company then give us a call and see how we can assist you.
Searching for your favorite celebrity may be dangerous to your computers health, yikes! A recent report released this week from McAfee covers the most dangerous celebrity names on the internet this year. The number one most dangerous celebrity is Jessica Biel. A search for the words "Jessica Biel screensavers" revealed that around 50% of the sites that appeared contained viruses. I am not going to go through the entire list here, but some other dangerous names were: Beyonce #2 and Jennifer Aniston #3. The entire list can be found here from McAfee
. The top fifteen are listed on the site, as well as numerous others that are lower on the list. So what does this teach us? Cybercriminals are paying attention to what is most popular in order to attempt to get their malicious code spread to as many unsuspecting people as they can. Monitoring what we like to view online gives them an easier way to reach as many people as they can. So should you stop looking up Britney Spears to see what new crazy thing she is doing now? This IT Expert says no! As always, if your computer is unprotected you are playing with fire. If your anti-virus definitions are up to date, and practice the basic rules of internet security, you should be ok. But be careful out there, even the most innocent looking site can hide something dangerous.
As a topic that comes up daily in the life of a computer janitor, viruses/spyware/malware/buzzware (I call dibs on the copyright for that term) are a common nuisance. An entire industry is built around keeping them out.
The question is, how do they get in?
Well, the answer is surprisingly simple - You let them in. See, most modern threats are like vampires - they can't come into your house until you invite them. The problem is that it is generally difficult to tell how you are inviting them in. Here are some simple things to follow in order to keep your computer from being joined to the next largest thing to Facebook and Twitter - the Botnet (http://en.wikipedia.org/wiki/Botnet)
- Keep your OS up-to-date
It is popular among Linux and Mac cliques to dog on Windows because it gets viruses. Well - this is true. The reason for this, though, is because most computers run Windows. Yeah, that's right - no one wants to spend time trying to infect your Mac OSX install because they know that no one uses them. Same with Fedora, Ubuntu, Xubuntu, Fubuntu, Cruebuntu or whatever flavor of linux you want (but usually the viruses you're fearing were coded by someone using Linux.) However, most vulnerabilities are discovered by the manufacturer prior to the malicious people of the world. This means that, as long as your computer is getting its automatic Windows updates, you would be relatively safe if it weren't for...
- Keep your Third-Party Applications and Plug-ins Up-to-date
The most pesky infections, which are the popular fake anti-virus applications known as Rogues, are generally distributed using well-known exploits in outdated version of Java and Flash. Yup, that's right - Windows doesn't get you the viruses, Sun and Adobe are responsible. Of course, getting infected through these applications requires some outside support...
- DO NOT CLICK ON ANY LINKS THAT YOU DO NOT TRUST
Now we get to the meat of my modest little blog. The real reason for computers getting infected is because the malicious code is allowed to run. Windows XP was not designed to avoid this type of attack, but even in that environment the newest version of Anti-Virus Scanner for Alien Viruses which Remove Other Viruses 2010 cannot dump itself onto the Operating System without somehow being executed - which needs to be, in one way or another, initiated by the person behind the mouse. Do you want to watch a video that asks you to download a Codec first? Well, do you have Divx and flash installed? Quicktime? Odds are, there aren't any videos using codecs other than that, and any other codecs will point you to the manufacturer's site to acquire it since they are copy-written and can't be distributed as though they are free materials. If you get an email with a link to a video that requires you to download a codec, you safest bet is to close everything. The video will not be worth all of the time spent fixing the damage caused, and since it is fake you won't get to see any cool videos anyway. This same logic applies to any hyper-links you come across on the web, really. An easy way to check the source of a hyper-link is to right-click on it and select 'Properties.' This will show you the actual URL that it points to. Hint for safe browsing: Legitimate and trustworthy companies have *.com web addresses that pertain to their name, such as dell.com, hp.com, microsoft.com, apple.com, etc. If some video or web page says you need to download flash to view it and the link goes to pleaseclickhereiswearimcool.infections.info, odds are that you are going to end up being extremely disappointed with the results.
I read an article recently about IT security and desired targets for intrusions to steal data. Unsurprisingly, it was reported that databases that are the prime targets, go figure. What was surprising was the report that administrators managing the database are making the same common mistakes which enhance the chances of the intrusion in succeeding. These mistakes are not malicious, but from lack of knowledge. I check out some other sites about this topic and found several lists of common security lapses on databases. Most of these are common sense action items. I have found it is good to review the basics periodically as we all tend to develop habits which may blind us to the obvious.
The weak point in any security is the passwords used. This is true across all realms of the IT world. Be it the default password was never changed, the password is not complex enough, or the passwords for higher level access are known by too many people. Password management and complexity are key to this security issue. Change the password and make it complex. Maybe even use a passphrase, easy to remember and harder to crack.
User privileges and training:
Make sure the people who are accessing the database are doing it with the correct privileges and roles. People who have too much access can do greater damage unintentionally then they would have with just enough access. Training the people who interface with the database is another important step. This isn't just the find-this-data-here type of training, but preventive training. Take the time to educate the staff on best practices in use of the data and in data security.
Critical patch updates:
Patch updates to both the database code and the OS for the server the database is sitting on are key. Having set up a development environment to test the patch deployment on a dev database server is even better.
Keeping your antivirus updates are as important as the critical updates for the database and OS. Keep the definitions up to date = keep the viruses off the server. Also make sure that the Anti-virus applications are scanning the right areas on the server. I have gone into servers and found some directories purposely skipped by the system scans to reduce errors in the event log, not good at all.
The database should be a stand alone server:
Ideally you want your database to be its own server. This is good practice for both performance and security. When you host other applications on the same server as the database, you are sharing that applications security flaws and issues with the database. This will increase the success of a malicious attack against your database. This is a common issue with the push to save money and space in server rooms today both from pressures to be green and the slashing of IT budgets.
Enforcing and reviewing security policies:
Setting up the security policy is easy. It is the enforcing and auditing the policy that gets to be hard. You have to keep the policy current and review its use both on the system and what the users do. By reviewing the policy you will find issues before they become bigger issues.
Audit the server:
Be aware of what is happening to the database server, review the event logs, check the database logs, and the anti-virus logs. The biggest issues on a server can start from a simple and fixable issue. Seeing a username repeatedly getting a failed log in event will tell you someone is running a dictionary attack against your database server. It is better to find the issue early on and address it before data loss or down time.
As I said in the beginning, most of these are all common sense action items. I suspect any lapses on the above could be from "I will fix that later" and later keeps getting pushed back. By addressing these simple issues you can save yourself bigger issues later.
The gloves have officially come off and I am ready to go toe to toe with what I once presumed as my ally, my Anti-Virus Software program. I am not ashamed to say that I have felt the sting of and have relived the horrors that are the result of, well, nothing more than the AV program doing what it has been told to do. I need to amend this statement by saying that the horrors are the result of my feeling that my AV software is up on a pedestal and should not be toyed with. Considering what and why the AV software is put in place to do, and by definition Anti-Virus Software is used to prevent, detect and remove malware, including computer viruses, worms and Trojan horses, the last thing that I would want to do is adjust the settings in such a way as to increase the possibility of letting one of the aforementioned critters infiltrate my PC or my network.
Well kiss my grits and call me Mel because I recently had an experience that required exactly just that, loosening the AV strings in order to let an application run free. Now I am not suggesting that you run out and disable your Anti-Virus software with absolute disregard for system security. What I am suggesting, as it was pointed out to me by a man of great patience and limitless knowledge, would be to research the issue and act on the information that you find, even if it means toying with your Anti-Virus Software.
Consider the following scenario.
Client ‘A' shells out major bucks for a software upgrade that will, among other things, work much faster than the current process that he has in place. Sounds like a great idea. However, when Client ‘A' has the application installed into his environment, not only is the performance less than what he expected but the speed of the application is putting him and his business in the ‘RED', literally. The answer to the riddle was nothing more than a few clicks of the mouse through Google waiting to hit me like a ball pine hammer between the eyes. How I missed it was that I was blinded by considering that the resolution to the issue could be addressed by loosening the belt on the AV software drawers. A colleague put the instance in perspective for me. He indicated that AV software serves a purpose, in a nutshell to ward off the demons that could potentially cripple your network. However, simply in the act of doing this, the software is sucking the systems ability to perform to its fullest potential - it just needs to be decided where to draw the line between performance loss and system security. Got a coin anyone?