Has Anti-Virus software reached its “Best Before” date?

CrowbarFor many years, the security mantra has been

  • Mac good – invulnerable to viruses and hacking.
  • Windows bad – very vulnerable to viruses and hacking

 The reason was two-fold, whilst it’s true that the Apple operating system IS harder to infect with a virus, the main reason was popularity (or lack thereof). When 97% of the world was using Windows, why bother writing viruses and other malware for the extreme minority.

The traditional Windows solution was to install an anti-virus program from one of the many vendors and, for real “belt and braces” safety, protect your internet connection with a firewall. Hopefully all would be well and good, so long as you paid your annual anti-virus subscriptions and ensured that the virus definitions were regularly updated so your anti-virus program could identify the threats and keep you safe. (Free anti-virus programs for home users did a similar job, again provided they were kept up to date)

Crypto-LockerSignificantly Increased Risk of Infection

However, the upsurge in Apple popularity over recent years means that Apple devices are also targets of the cyber-criminals. And it’s not just Apple computers and iDevices that are at risk, the virus writers are also targeting Android devices, Microsoft phones and tablets and devices running Linux devices.

Anti-Virus is dead!

Brian DyeLast year, Brian Dye, Senior Vice-President for Information Security at Symantec (the company behind Norton Anti-Virus solutions) said, in an interview with The Wall Street Journal, that “Anti-Virus is dead”. What he meant was that cyber criminals were now able to write malicious software faster than Norton could be updated.

Whilst Norton, and all the other anti-virus programs, are not yet ready for the scrapheap they only detect around 45% of all attacks. As well as that rather disturbing stat, research by FireEye (A cyber-security provider)  indicated that 82% of malware detected by their security solutions stays active for just one hour and 70% of threats surface just once before disappearing and being re-written to avoid detection by the AV companies.

So, what should you be doing?

Security-padlockWell, I’ve said it before, but it’s always worth reiterating, security starts with education. Then you add as many layers of additional protection as you feel necessary, depending on how you use your devices and the level risk you feel you are faced with.

  • Never open an attachment unless you are expecting one and you know, and trust, where it came from.
  • Keep your Anti-Virus software up to date and continue to renew your subscriptions, it may only block 45% but that’s nearly half of all threats stopped before they have a chance to install.
  • Install a security App on your phone and tablet
  • Explore the new offerings from the traditional anti-virus vendors that look to protect your web browsing and protect you against spam, phishing attacks and other cyber crime threats.
  • Be alert for anything that doesn’t feel “right” and if something looks too good to be true – that offer of a full version of Microsoft Office on CD for £50.00 for example – remember, it probably is!
  • Use a different, complex, password for each website that you have to log in to. An App such as LastPass will help you create passwords, securely store them and “auto complete” the log-ins when you log in to those websites. (other password tools are available)
  • Ensure your Social Media accounts privacy settings are set to an appropriate level
  • Look at Bitdefender Safego,a free anti-scam service for Facebook and Twitter
  • Remain cautious when using any internet connected device

When “now” is too late!

Fire Escape SignLast week saw an underground fire in Holborn, London, lead to the cancellation of a number of West End shows, costing theatres thousands in lost revenue.

More than 1,900 homes and businesses were left without electricity when the power had to be cut for safety reasons, directly affecting around 5,000 people who were forced out of their homes and offices whilst the underground fire was brought under control.

A small number of larger businesses were able to continue functioning because they had suitable contingency plans in place to cover precisely this type of eventuality. These were the ones that had back-up generators to ensure a continuity of electricity supply which enabled them to continue their activities whilst all around ground to a halt.

A small explosionSo what provisions have you made for business continuity in the event of an incident that leads to you having to vacate your offices?

Remember, this fire, although disruptive, was not classed as a “major” incident and similar issues could happen almost anywhere, at any time. Would your business cope, could it survive should you have to be evacuated, without warning.

What would be the impact on your business if you couldn’t access your office for hours, days or even weeks?

How do you manage the data and documents that are critical to the survival of your business?

Would your business be able to move seamlessly to a different location, would your key staff be able to work from home or elsewhere?

How do you manage and store the documents that are essential to the running of your business? Are they stored on your laptop/PC, on a server, back-up, in the cloud or a USB stick?

Are your clients and business contacts in a Customer Relationship Management application, on a spreadsheet, on your phone or in your head?

How about your financial records, are they saved in Excel or a dedicated software application?

Bits and BytesThere are many ways to store and manage your essential data, you just have to be sure that you can access the business critical information from a location away from your office.

Companies most reliant on data may have back-up locations, complete with computers and data connectivity that they can move key personnel to, ensuring that service and continuity continues with the shortest of interruptions.

Smaller businesses might have file servers storing their data attached to their network with back-up devices regularly creating copies with the back-ups being taken off-site.

Micro-businesses and sole traders could make effective use external hard-drives, whether attached by USB or shared on a network, automatically cloned to one of the numerous, and inexpensive, cloud data services.

Remember, it’s too late to do anything about business resilience once an incident has started.

The Google “Red screen of Doom”

I had a telephone call from a former client a month or so ago. He was in a bit of a panic because we was suffering from the Google “red screen of doom”. Having been in IT for a while, I’ve been familiar with Microsoft’s “blue screen of death” but this was something that was new to me, or so I thought and so I asked for more information.

He asked me to do a search for his company on Google – which I did – and his company came top of the search results, which was good. What was less good – much less good – was the stark warning, inserted by Google, that “This site may harm your computer” .

This site may harm your computerAha, Google was warning that the website had been hacked and was now serving malware to visitors.

I switched to my Chromebook – which is impervious to all known computer malware – and clicked through to the website – only to be blocked by the “Google red screen of doom”

Google's red screen of doomAlthough there was nothing to buy on my client’s site, it did host a range of technical papers and specification sheets that were vital for his clients and this attack was already having an impact on his business. Action was desperately needed.

The site was originally built 7 years ago and nothing much had changed, including the access data required to log-in to the host. So, I logged in and saw that a number of .js files had newer dates on them than the rest of the content, confirming that the site had been hacked and a small number of files altered so that they could be used to force malware downloads on to the computers of unsuspecting visitors.

The next step was to delete all of the website files, just to be on the safe side, and create a new, simple, home page with contact details and links to the most popular PDFs so that clients would be able to access the information they required.

Next was to see what Google had found by logging in to the Google Webmaster Toolkit account for the website- www.google.com/webmaster.

There were a number of warnings relating to suspicious activity on the site that had gone unread, simply because my client had changed email addresses, was unable to access the original email account and had not updated his Webmaster Tools account with the new address.

Webmaster Tools advised of the type of threat that had been set up on the site and provided other, valuable, information along with a reporting tool that enabled me to advise Google of the actions taken to remove the threat.

Clicking “Send” was quickly followed by a confirmation message from Google that they would look at my message within 18 hours – a time frame that I thought was commendably fast. They were as good as their word and within 18 hours had checked the website to make sure it was clean and had removed all warnings and red screens of doom – my client was back up and running.

However, we didn’t leave it there. The original site was old, used old code and the web hosts weren’t the most responsive – telephone calls to their support line either went unanswered or, when answered, were as much use as the proverbial chocolate teapot and so the decision was made to move the hosting to a more secure provider and to work on a plan to develop a new website.

The moral of this tale is simple. Make sure that you use the Google Webmaster Toolkit!

It’s the only way to let Google know what you’ve done should your site fall victim to an attack, keep your Toolkit account up to date and only use a web host that you know provides good security and a decent level of support.

And please don’t think that you’re immune – small businesses are the most targeted, the presumption being that their security is weaker than measures put in place by larger organisations and there are a number of websites that I keep an eye on that are attacked many times a day. However, being hosted on a secure platform with monitoring in place means that I am kept aware of the threats and can take remedial action, if required, very quickly.

To date, none has been required.

If you are worried by the security of your website, or your IT systems, please give me a call on 01793 238020 or email me, andy@enterprise-oms.co.uk for a confidential, impartial, and free chat about your security concerns

 

 

Not so Civil Servants

As the new inquiry in to the Hillsborough disaster got underway a number of disturbing facts came to light.Whitehall - home of the Civil Service

One that hit the news late in April was the discovery that civil servants had been making “sickening” edits to a variety of Wikipedia pages, starting in 2009 – the 20thanniversary of the tragedy.

In one instance “Blame Liverpool fans” was added to the Hillsborough section of Wiki.

In 2012, computers again accessed Wikipedia to make edits from Whitehall’s secure network, changing “You’ll never walk alone” to “You’ll never walk again”

Although Wikipedia has been able to identify the IP addresses used to make these edits, all this serves to demonstrate is that they originated from Whitehall – there’s no way to identify who, out of the hundreds of thousands of users on the network, actually made the edits.

Unless they own up, or someone else who knows who made the edits provides the names it’s highly likely that the culprits will evade any action

Similar problems exist within our education establishments, thousands of incidents of cyber-bullying have been reported with many posts being made by children of school age during school time, inferring that they took place whilst the posters where on school premises – potentially using the school’s IT network.

Now there’s a solution. The latest security appliances from Cyberoam not only secure networks from external hacking and intrusion but enable IT managers to log all internet access, blocking sites with black lists, allowing sites via whitelisting and recording individual activity – enabling any improper web access to be traced back to the perpetrator.

If you are worried about the security of your IT network then please get in touch to explore the issues, discuss your concerns and find solutions. Drop me an email – andy@enterprise-oms.co.uk or give me a call, 01793 238020, for a free and confidential chat about your concerns.