Has Anti-Virus software reached its “Best Before” date?

CrowbarFor many years, the security mantra has been

  • Mac good, invulnerable to viruses and hacking.
  • Windows bad, very vulnerable to viruses and hacking

The reason was two-fold, whilst it’s true that the Apple operating system IS harder to infect with a virus, the main reason was popularity (or lack thereof). When 97% of the world was using Windows, why bother writing viruses and other malware for the extreme minority.

The traditional Windows solution was to install an anti-virus program from one of the many vendors and, for real belt-and- braces safety, protect your internet connection with a firewall. Hopefully all would be well and good, so long as you paid your annual anti-virus subscriptions and ensured that the virus definitions were regularly updated so your anti-virus program could identify the threats and keep you safe. (Free anti-virus programs for home users did a similar job, again provided they were kept up to date)

Significantly Increased Risk of Infection

However, the upsurge in Apple popularity over recent years means that Apple devices are also targets of the cyber-criminals. And it’s not just Apple computers and iDevices that are at risk, the virus writers are also targeting Android devices, Microsoft phones and tablets and devices running Linux devices.

Anti-Virus is dead!

Brian DyeLast year, Brian Dye, Senior Vice-President for Information Security at Symantec (the company behind Norton Anti-Virus solutions) said, in an interview with The Wall Street Journal, that “Anti-Virus is dead”. What he meant was that cyber criminals were now able to write malicious software faster than Norton could be updated.

Whilst Norton, and all the other anti-virus programs, are not yet ready for the scrapheap they only detect around 45% of all attacks. As well as that rather disturbing stat, research by FireEye (A cyber-security provider)  indicated that 82% of malware detected by their security solutions stays active for just one hour and 70% of threats surface just once before disappearing and being re-written to avoid detection by the AV companies.

So, what should you be doing?

Security-padlockWell, I’ve said it before, but it’s always worth reiterating, security starts with education. Then you add as many layers of additional protection as you feel necessary, depending on how you use your devices and the level risk you feel you are faced with.

  • Never open an attachment unless you are expecting one and you know, and trust, where it came from.
  • Keep your Anti-Virus software up to date and continue to renew your subscriptions, it may only block 45% but that’s nearly half of all threats stopped before they have a chance to install.
  • Install a security App on your phone and tablet
  • Explore the new offerings from the traditional anti-virus vendors that look to protect your web browsing and protect you against spam, phishing attacks and other cyber crime threats.
  • Be alert for anything that doesn’t feel “right” and if something looks too good to be true,  that offer of a full version of Microsoft Office on CD for £50.00 for example,  remember, it probably is!
  • Use a different, complex, password for each website that you have to log in to. An App such as LastPass will help you create passwords, securely store them and auto-complete the log-ins when you log in to those websites. (other password tools are available)
  • Ensure your Social Media accounts privacy settings are set to an appropriate level
  • Look at Bitdefender Safego,a free anti-scam service for Facebook and Twitter
  • Remain cautious when using any internet connected device

When “now” is too late!

Fire Escape SignLast week saw an underground fire in Holborn, London, lead to the cancellation of a number of West End shows, costing theatres thousands in lost revenue.

More than 1,900 homes and businesses were left without electricity when the power had to be cut for safety reasons, directly affecting around 5,000 people who were forced out of their homes and offices whilst the underground fire was brought under control.

A small number of larger businesses were able to continue functioning because they had suitable contingency plans in place to cover precisely this type of eventuality. These were the ones that had back-up generators to ensure a continuity of electricity supply which enabled them to continue their activities whilst all around ground to a halt.

A small explosionSo what provisions have you made for business continuity in the event of an incident that leads to you having to vacate your offices?

Remember, this fire, although disruptive, was not classed as a “major” incident and similar issues could happen almost anywhere, at any time. Would your business cope, could it survive should you have to be evacuated, without warning.

What would be the impact on your business if you couldn’t access your office for hours, days or even weeks?

How do you manage the data and documents that are critical to the survival of your business?

Would your business be able to move seamlessly to a different location, would your key staff be able to work from home or elsewhere?

How do you manage and store the documents that are essential to the running of your business? Are they stored on your laptop/PC, on a server, back-up, in the cloud or a USB stick?

Are your clients and business contacts in a Customer Relationship Management application, on a spreadsheet, on your phone or in your head?

How about your financial records, are they saved in Excel or a dedicated software application?

Bits and BytesThere are many ways to store and manage your essential data, you just have to be sure that you can access the business critical information from a location away from your office.

Companies most reliant on data may have back-up locations, complete with computers and data connectivity that they can move key personnel to, ensuring that service and continuity continues with the shortest of interruptions.

Smaller businesses might have file servers storing their data attached to their network with back-up devices regularly creating copies with the back-ups being taken off-site.

Micro-businesses and sole traders could make effective use external hard-drives, whether attached by USB or shared on a network, automatically cloned to one of the numerous, and inexpensive, cloud data services.

Remember, it’s too late to do anything about business resilience once an incident has started.

The Google “Red screen of Doom”

I had a telephone call from a former client a month or so ago. He was in a bit of a panic because he was suffering from the Google “red screen of doom”. Having been in IT for a while I’m familiar with Microsoft’s “blue screen of death” but this was something that was new to me, or so I thought and so I asked for more information.

He asked me to do a search for his company on Google – which I did – and his company came top of the search results, which was good. What was less good – much less good – was the stark warning, inserted by Google, that “This site may harm your computer” .

This site may harm your computerAha, Google was warning that the website had been hacked and was now serving malware to visitors.

I switched to my Chromebook – which is impervious to all known computer malware – and clicked through to the website – only to be blocked by the “Google red screen of doom”

Google's red screen of doomAlthough there was nothing to buy on my client’s site, it did host a range of technical papers and specification sheets that were vital for his clients and this attack was already having an impact on his business. Action was desperately needed.

The site was originally built 7 years ago and nothing much had changed, including the access data required to log-in to the host. So, I logged in and saw that a number of .js files had newer dates on them than the rest of the content, confirming that the site had been hacked and a small number of files altered so that they could be used to force malware downloads on to the computers of unsuspecting visitors.

The next step was to delete all of the website files, just to be on the safe side, and create a new, simple, home page with contact details and links to the most popular PDFs so that clients would be able to access the information they required.

Next was to see what Google had found by logging in to the Google Webmaster Toolkit account for the website- www.google.com/webmaster.

There were a number of warnings relating to suspicious activity on the site that had gone unread, simply because my client had changed email addresses, was unable to access the original email account and had not updated his Webmaster Tools account with the new address.

Webmaster Tools advised of the type of threat that had been set up on the site and provided other, valuable, information along with a reporting tool that enabled me to advise Google of the actions taken to remove the threat.

Clicking “Send” was quickly followed by a confirmation message from Google that they would look at my message within 18 hours – a time frame that I thought was commendably fast. They were as good as their word and within 18 hours had checked the website to make sure it was clean and had removed all warnings and red screens of doom – my client was back up and running.

However, we didn’t leave it there. The original site was old, used old code and the web hosts weren’t the most responsive – telephone calls to their support line either went unanswered or, when answered, were as much use as the proverbial chocolate teapot and so the decision was made to move the hosting to a more secure provider and to work on a plan to develop a new website.

The moral of this tale is simple. Make sure that you use the Google Webmaster Toolkit!

It’s the only way to let Google know what you’ve done should your site fall victim to an attack, keep your Toolkit account up to date and only use a web host that you know provides good security and a decent level of support.

And please don’t think that you’re immune – small businesses are the most targeted, the presumption being that their security is weaker than measures put in place by larger organisations and there are a number of websites that I keep an eye on that are attacked many times a day. However, being hosted on a secure platform with monitoring in place means that I am kept aware of the threats and can take remedial action, if required, very quickly.

To date, none has been required.

If you are worried by the security of your website, or your IT systems, please give me a call on 01793 238020 or email me, andy@enterprise-oms.co.uk for a confidential, impartial, and free chat about your security concerns

Chromebook Diaries – The Chromebook has landed

Andy, checking out websites as part of his workMy trusty Toshiba laptop is coming up on 3 years old and is beginning to show its age. Like its owner, it’s heavy, getting slower with age and just looks too chunky.

I have been agonising over its replacement for a while. I was taken with Windows Ultrabooks, great performance, quality screen and fantastic battery life, up to 5 hours but less than engaged by their prices, from £700 up.

I’ve also been looking at the Chromebooks which are basically small laptops with 11.6″ screens, fantastic battery life and running Google’s Chrome operating system rather than Windows. I even wrote about Chromebooks in an earlier post.

Larger screen Chromebooks are now available in in all cases battery life is as long as 9 hours, so all day computing without a charger is a realistic aim and they are impervious to viruses and other forms of malware.

Toshiba Satelite NB10 compact laptopScreen quality is perfectly acceptable but build quality, according to reviews, has been variable. However, since Xmas 2013 more and more manufactures have been releasing models using Intel processors for better performance, compared to the Samsung processors used in older Chromebooks, and manufacturers such as Toshiba and HP have released Chromebooks with larger screens, a 13″ from Toshiba and a 14″ from HP

However, I have been wary of the leap away from Windows and that has held me back, particularly after discovering a Toshiba of a very similar size to the 12″ Chromebooks, with a touch screen and Windows 8 for not a lot more money than a Chromebook, around £300 compared to the typical Chromebook price of £200 to £250.

So, I continued to sit on the fence.

Then Dell released their take on the Chromebook, an 11.6″ screen, excellent battery life, Intel dual core processor, light weight and, more importantly, 4Gb RAM.

With excellent reviews and a keen price, my mind was 90% made up. Then I spotted a great deal on eBay just as the Dell delivery date slipped from days to months, my decision was made and on Tuesday July 8th I picked up my ever so slightly used Dell Chromebook.

How much did your last cup of coffee cost?

Nice cup of coffee

Imagine the scene, you’re between meetings and decide to drop in to your favourite coffee shop for a steaming hot cup of your favourite coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Then the urge hits, you look around and see that everybody seems respectable enough so you you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would lift it in sight of all those customers, staff and CCTV cameras would they?

Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for opportunistic laptop thefts, the only riskier place being left in a visible place in your car.

Open Laptop

If stolen, it’s not only the inconvenience of replacing the laptop, re-installing your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that are not covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down in to £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

SPOOF HOTSPOT


When you sit down and try to log-on to the Wi-Fi there’s often a selection of hotspots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hotspot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. However, all of the traffic can then be intercepted by the person providing the spoof account. What sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

And if you’re in need of help, then just give me a call on 01793 238020 or send an email to andy@enterprise-oms.co.uk

Not so Civil Servants

As the new inquiry in to the Hillsborough disaster got underway a number of disturbing facts came to light.

Whitehall Street Sign

One that hit the news late in April was the discovery that civil servants had been making sickening edits to a variety of Wikipedia pages, starting in 2009, the 20th anniversary of the tragedy.

In one instance “Blame Liverpool fans” was added to the Hillsborough section of Wiki.

In 2012, computers again accessed Wikipedia to make edits from Whitehall’s secure network, changing “You’ll never walk alone” to “You’ll never walk again”.

Although Wikipedia has been able to identify the IP addresses used to make these edits, all this serves to demonstrate is that they originated from Whitehall, there’s no way to identify who, out of the hundreds of thousands of users on the network, actually made the edits.

Unless they own up, or someone else who knows who made the edits provides the names it’s highly likely that the culprits will evade any action

Similar problems exist within our education establishments, thousands of incidents of cyber-bullying have been reported with many posts being made by children of school age during school time, inferring that they took place whilst the posters were on school premises, potentially using the school’s IT network.

Now there’s a solution. The latest security appliances from Cyberoam not only secure networks from external hacking and intrusion but enable IT managers to log all internet access, blocking sites with black lists, allowing sites via whitelisting and recording individual activity, enabling any improper web access to be traced back to the perpetrator.

If you are worried about the security of your IT network then please get in touch to explore the issues, discuss your concerns and find solutions. Drop me an email andy@enterprise-oms.co.uk or give me a call, 01793 238020, for a free and confidential chat about your concerns.

Does your Heartbleed – what is it and should you be worried?

Heartbleed security flawEarlier this week the discovery of a major security flaw was announced and it may have exposed your personal data to hackers. The bug has been given the name Heartbleed and one security expert, Bruce Schneier, described it on a scale of 1-10 as an 11!

So, what is the Heartbleed?

Heartbleed is the name given to a flaw in a piece of software called OpenSSL and OpenSSL was designed to encrypt data between your computer and a secure website, so whenever you logged in to a web site that started HTTPS and displayed the golden padlock your browser could be interacting with OpenSSL.

OpenSSL is one of the most widely used encryption tools and it’s thought that about half a million sites have been affected, including Facebook, Gmail, YouTube, Yahoo and DropBox

All of the above, and many others, have been patched which means that the security flaw has been eliminated.

What to do?

A lot of people are recommending that you change your password for all your sites. However, that may not solve the problem, imagine changing a password for a site that has yet to be patched. You’ll feel secure but the site would still be vulnerable to hackers and even your changed password could be stolen.

Ideally, each website should either notify their subscribers whether they are at risk or post a message on their home page but some may not. Where you are unsure you should contact the company concerned directly and ask them whether they use OpenSSL and whether the vulnerability has been fixed.

If they don’t publish this information or answer your questions then password security vault provider, LastPass have made a Heartbleed checker available.

All you have to do is go to https://lastpass.com/heartbleed and enter the web address for any site you want to check out.

If you feel the need to change your password, please don’t use the world’s favourite “123456”, use something more complicated and harder to guess. There’s a simple solution on an earlier blog post about passwords, 123456 is not an exercise in counting.

If you are concerned about the overall security of your business IT then I can help, from a security strategy review, to advice on protection from viruses, or firewalls, or any other security-related issues just send me an email andy@enterprise-oms.co.uk or give me a call on 01793 238020.

123456 is not an exercise in counting

We are only 2 months in to 2014 and there have already been a significant number of major news stories about data theft and online security so I thought I’d round some up and give some tips that will help you to stay safe.

  • February 25th 2014, cyber security company Hold Security LLC said that it had uncovered 360 million sets of customer account data available for sale through cyber black-markets. These are new discoveries and represent a fresh risk to security.

Typical data includes email addresses, user names and passwords.

Hold Security LLC believe that these thefts are yet to be publicly reported by the organisations who were hacked.

  • February 14th 2014 Tesco announce that the details of more than 2,200 Club Card accounts were published on the internet and a number of Club Card points had been stolen.

It’s important to understand that Tesco has not been hacked. Rather, criminals purchasing data related to other security leaks will simply run email address and passwords combinations against websites such as Tesco’s Club Card site to see which of them work. A small number obviously do and have permitted unauthorised access to user accounts.

  • February 14th 2014 Barclays announce the theft of 25,000 customer files, including sensitive information such as passport and National Insurance numbers as well as account data.

It’s going to get worse before it gets better!

How do we know? Well, a number of companies have looked at stolen data and it’s been revealed that the No.1 password in use during 2013 was “123456”. The No.2 password was “password”, No.3 “12345678”, No.4 “Qwerty” and No.5 “abc123”

So how do you minimise the risk to yourself.

Well, it’s really easy,  you just need to use a different password for every different website and account that you have. I know the message is old but it’s becoming increasingly clear that the message is not getting across and people are getting hit.

Of course, it’s challenging to remember the tens or hundreds of passwords that we use on a daily/weekly basis so you need a tool to make the task easier.

The two most popular approaches are either to use a Password Vault, a piece of software that runs on your computer/phone/tablet which securely stores all your vital information and, in some cases, can be used to produce a really strong password every time you need one or you could use a “Seed” word or phrase that you amend every time you need a new password.

For a seed you could think of a line from your favourite song, perhaps the first line of Bridge Over Troubled Water, “When you’re weary, feeling small” for example. Take the first letter from each word, “Wywfs” and substitute a letter with a number, 5 for s for example, so your seed is Wywf5.

Now let’s imagine that you want a password for Tesco, take “Tesco”, substitute numbers for letters,  “T3sc0”, split it and add the letters to be beginning and end of your seed,  T3Wywfs5c0. Now have a password that will take 6 years for an average PC to crack. Add a symbol, such as “!” to the end, T3Wywfs5c0! and it will take 4 million years for the average desktop PC to crack.

That’s your personal security dealt with. If you are worried about security for your business, I can help there too. To learn more please give me a call on 01793 238020 or email  andy@enterprise-oms.co.uk to start the ball rolling.

PS. Just make sure that you have a remote wipe utility installed on your phone/tablet so that you can remotely erase the data should your phone be lost or stolen.

Windows XP – fast becoming a liability

RIP XP, October 25th 2001 – April 8th 2014

Windows-XP becomes a security riskIn a life that has seen 2 US Presidents, 3 UK Prime Ministers and 3 Popes Microsoft is finally stopping support for Windows XP on April 8th 2014.

According to a survey conducted by Net Applications more than 30% of computers around the world are still running Windows XP. This is mainly simply because “it works” and for many there’s been no compelling reason to change.

However, that time is NOW and it’s because since 2001 Microsoft have been constantly working away behind the scenes to deliver patches that resolve reliability issues and fix security holes in Windows XP as well as developing their next versions of Windows

After April 8th 2014 the Microsoft support for Windows XP ceases so when the hackers find a security hole that will enable them to take over your Windows XP PC, without your knowledge, they’ll be able to monitor your activity, read your emails, learn your online banking security codes and be “you” if they want to.

You may never notice until your bank accounts have been emptied, payment demands for loans that you never took out start dropping through your door, or the anti-piracy police come storming in because your computer has been hosting pirated software, films or something much worse.

Windows XP - RIP April 2014Anti-Virus software will protect you from many risks but they’re powerless in this scenario.

So, if you’re using Windows XP and are more than a little concerned about your security it’s time to start thinking about moving on and it may not simply be a case of buying and installing Windows 8.

  • What about all those programs that you use, will they run on your upgraded operating system?
  • Is your hardware of a sufficiently high specification to support the new version of Windows?
  • What happens if it all goes wrong?
  • Do you have a Disaster Recovery plan in place that’s more substantial than simply backing up your data?

All of these reasons, and more, mean that the time to start planning is NOW. Check your businesses to see which desktops and laptops are still running Windows XP, I know there are loads out there, my web Analytics shows that more than 25% of visitors to my website are still using Windows XP.

I can help with your migration, I’ll

  • talk to you to understand your IT requirements,
  • audit your XP PCs to see which ones can be upgraded and which ones will need to be replaced.
  • audit your software to ensure that there are suitable versions that will run on a more up to date version of Windows
  • help you implement and manage the whole process to ensure that it goes as smoothly as possible.

So, if you are more than a little concerned about your IT security then drop me an email to andy@enterprise-oms.co.uk or give me a call on 01793 238020 to start the ball rolling and to ensure that your network is secure in 2014 and beyond.

Are you being held to ransom by your computer?

There’s a new strain of Windows malware that’s doing the rounds and it’s pretty nasty.

Ransomware has been around for a while now, the concept is that you are convinced to click on a link in an email which ends up with the installation of a piece of software on your machine that stops you from working unless you hand over some money.

A Ransomware Scree

The most common variant flashes a message on your screen from the Metropolitan Police warning you that illegal activity has been detected and that your computer is now locked “until you pay the fine”.

Although worrying to see, these types of attacks are relatively easy to cure. However there’s a new kid in town, it’s far more malicious and cannot be easily solved. it’s called CryptoLocker and its bad news.

You get the infection by either clicking on a link in a phishing email or by visiting an infected website. Either way, the CryptoLocker software is installed on your PC without your knowledge. Some of the phishing emails reported so far look as if they’ve come from Companies House or as a supposed customer complaint.

CryptoLocker ScreenOnce it’s been installed it starts to encrypt your data using an almost unbreakable form of encryption. If you back up your data across a network or to an external hard drive and it’s connected then CryptoLocker will also encrypt your back-up.

Once it’s finished its encryption your PC will flash up a ransom message on your screen demanding a payment of $300 within 3-4 days with payment to be made through one of the anonymous cash services such as MoneyPak, Ukash or through the BitCoin digital currency.

If you fail to pay up the decryption key is destroyed immediately and your data is lost!

Although the software itself can be removed fairly easily from your computers your data remains encrypted so there’s no way to get your data back without paying the ransom and hoping that the criminal minds behind this scheme are good enough to share the decryption key with you without actually demanding more money.

Even experienced anti-virus company, Sophos, have been unable to find a way to decrypt the files without the decryption key.

So, how do you protect yourself?

  1. Make sure that your anti-virus software is always up to date, all of the good ones will do this automatically provided nobody has disabled it in the hope that it will make their computer run a little faster.
  2. Be highly suspicious of any hyperlinks in emails, hover your mouse over the link before clicking to see the actual web address the link goes to and if it bears no resemblance to what it should be then don’t click.
  3. And just use common sense when browsing the internet.

If you’re not sure about any of this, please don’t hesitate to give me a call on 01793 238020 or email me andy@enterprise-oms.co.uk

Previous posts can be viewed at http://enterpriseoms.wordpress.com/