Tag Archive for Anti-Virus

| October 30, 2014
Comments Off on 5 Spooky Ways PCs are Like Halloween

5 Spooky Ways PCs are Like Halloween

5 Spooky Ways PCs are Like HalloweenIt is Halloween time again and all kinds of ghosts, goblins, ghouls, vampires, zombies, and sexy Ebola nurses are on the loose. Don’t let these tricksters affect your computer. Here are several ways computers take part in the Halloween reveries.

  1. Ghosts – Everyone has seen it … things just happen… “I didn’t touch anything and all the data in my Excel is gone.”
  2. Computer zombiesZombies – Clicking on that “Check this out” Facebook (FB) link can turn your PC into a zombie. The fake link infects your computer and turns it into part of a zombie army. It has lost its mind and roams the interwebs attacking anything that its new master tells it to. Keep your patches and anti-malware up to date to defend against zombie attacks.
  3. Trick or Treat – The email from Aunt Sally says it has a video of a Kitty playing with a Ducky …. Does Aunt Sally call you for help opening an attachment? Does she still use AOL? Do you open the link? Is it a treat and Kitty is really playing with the Ducky? Or is it a trick and you just installed a virus? Only your anti-virus software knows for sure, update it now.
  4. Haunted houseCostumes – Every trick or treater knows masks are part of Halloween. Put a mask on your data as it travels across the Intertubes with encryption. With encryption, you put a mask on your data when you leave home and take the mask off when you get to your friend’s house.
  5. Vampires – You turn your computer off when you’re done with it right? Do you turn off your monitor? Your printer? Your cable box? If not you are the victim of power vampires. Power vampires suck electricity from your walls even after you turned off the PC.

Vampire power

You have been warned. Happy Haunting.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| December 4, 2012
One comment

Is Cloud-Based Anti-Virus Ready?

Is Cloud-Based Anti-Virus Ready?Cloud computing technology is one of the most disruptive technologies in recent history. Xath Cruz at CloudTimes argues in a recent article that cloud computing is also disrupting security software such as anti-virus and he asks how effective are cloud-based anti-viruses?

malwareThe article, How Effective are Cloud-Based Anti-Viruses? claims the demand for cloud-based anti-virus software has gone up steadily as more cloud-dependent computing devices have invaded the market. Cloud-dependent computing devices like iPads, Nooks, iPhones, and Galaxy’s are as susceptible to malware as their big desktop brethren.

In order to fight the malware threats to cloud-dependent computing devices, cloud-based anti-virus has evolved.  Cloud based anti-virus works differently than popular cloud-based document editors like Google Docs, where you only need a web browser and internet access. The blog post explains that cloud-based anti-virus software can’t function if it’s only in the cloud, since your PC won’t easily give the right kind of administrative access needed by antivirus software to programs hosted remotely, as that would leave your PC at risk of being intruded upon by other programs.

small native app that runs on the deviceIn order to protect a PC, tablet, or smartphone, a cloud-based anti-virus software requires a small native app to run on the device. When downloaded, the app acts as the anti-virus, with its database and heuristics data being hosted on the cloud. There is also cloud-based anti-virus software that use web browser extensions or Active X and Java to gain proper access to your PC.

Like any technology, cloud-based antivirus software has specific pros and cons when compared to native anti-virus suites, Mr. Cruz lays out some of the pros and cons of cloud-based anti-virus:

Cloud advantages

cloud based anti-virus1. No Installation Required – The first advantage of cloud-based anti-virus is that there’s no need to install them on your PC. Cloud-based anti-virus does not eat up hard disk space, with its storage and memory footprint being a fraction of what local anti-virus need. Additionally, you can get them up and running immediately, and there’s no likelihood of messing up the installation (which usually results in a non-working antivirus or corrupted file volume).

2. No Updating Necessary –  With cloud-based anti-virus, there is no need to update data files, since it’s hosted on the cloud, and will automatically be patched or updated by the provider. This will offer the latest in protection when it becomes available.

3. Double Security Layer – With cloud-based anti-virus software, it is possible to run a locally installed anti-malware app and run another different cloud-based antivirus without worrying about conflicts or PC slowdown. Different anti-virus software are better able to catch or inoculate different viruses.

collective intelligence4. An advantage of cloud-based anti-virus software the author missed is collective or community intelligence. SearchSecurity reports that when a system identifies malware, it’s able to give feedback to the cloud anti-malware provider, thus providing a wider surface area for rapidly detecting 0-day attacks.

Cloud disadvantages

1. Won’t Run in the Background – Cloud-based anti-viruses are not effective against viruses that run on startup. Cloud-based anti-viruses are not TSR (terminate and stay resident) programs and only run on an as-needed basis.

2. Limited Scan – Cloud-based anti-viruses risk missing dormant viruses in unopened or archived files. Windows’ security protocols will prevent some cloud anti-viruses from scanning the computer. They will only be able to scan core windows files and what’s currently loaded in the memory.

Network connection3. It Requires an Internet Connection – Cloud-based anti-virus is useless without access to the Internet. This is a problem for portable device users who can’t be connected 24×7. Without an Internet connection viruses will be free to do whatever they want.

rb-

The author concludes for the best protection your PC can get, you need to use the services of both a locally installed anti-virus software and a cloud-based one.

The main concern I have about cloud-based anti-virus apps is downtime. Cloud providers like Microsoft, Amazon, and Amazon have had issues lately providing their services. Downtime at the upstream ISP on the LAN can also play havoc with cloud-based anti-malware apps.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| April 12, 2012
2 comments

What is Malware?

MalwareMost users I talk to about malware seem to use the following terms interchangeably; malware, virus, trojan, keylogger, worm, backdoor, bot, rootkit, ransomware, adware, spyware, and dialer. Raymond.cc offers some standard definitions to clarify the conversations.

MalwareMalware is short for Malicious Software where all the terms above fall into this category because they are all malicious. The different term being used instead of just plain virus is to categorize what the malicious software is capable of doing.

Virus spreads on its own by smuggling its code into application software. The name is in analogy to its biological archetype. Not only does a computer virus spread many times and make the host software unusable, but also runs malicious routines.

Trojan horseTrojan horse/Trojan is a type of malware disguised as useful software. The aim is that the user executes the Trojan, which gives it full control of your PC and the possibility to use it for its own purposes. Most of the time, more malware will be installed in your system, such as backdoors or key loggers.

Worms are malicious software that aims at spreading as fast as possible once your PC has been infected. Unlike viruses, it is not other programs that are used to spread the worms, but storage devices such as USB sticks, communication media such as e-mail, or vulnerabilities in your OS. Their propagation slows down the performance of PCs and networks, or direct malicious routines will be implemented.

Key loggerKey loggers log any keyboard input without you even noticing, which enables pirates to get their hands on passwords or other important data such as online banking details.

Dialers are relics from a time when modems or ISDN were still used to go online. They dialed expensive premium-rates numbers and thus caused your telephone bill to reach astronomic amounts. Dialers have no effect on ADSL or cable connections, but they are making a comeback with mobile devices and QR codes (I covered Attaging here).

BotnetBackdoor / Bots is usually a piece of software implemented by the authors themselves that enable access to your PC or any kind of protected function of a computer program. Backdoors are often installed once Trojans have been executed, so whoever attacks your PC will gain direct access to your PC. The infected PC, also called “bot”, will become part of a botnet.

Exploits are used to systematically exploit vulnerabilities of a computer program. Whoever attacks your PC will gain control of your PC or at least parts of it.

Spyware is software that spies on you, i.e. collect different user data from your PC without you even noticing.

AdwareAdware is derived from “advertisement”. Besides the actual function of the software, the user will see advertisements. Adware itself is not dangerous, but tons of displayed adverts are considered a nuisance and thus are detected by good anti-malware solutions.

Rootkit mostly consists of several parts that will grant unauthorized access to your PC. Plus, processes and program parts will be hidden. They can be installed, for instance, through an exploit or a Trojan.

Rogues / Scareware are also know as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. Often, fake warnings are used to make you buy the security software, which the pirates profit from.

RansomwareRansomware “Ransom” is just what you think it is. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.

There are different categories of malware the author says that most of the malware today combines different kinds of malware to achieve a higher rate of infection and giving more control to the hacker. Most malware is invisible that runs silently without your knowledge to avoid detection except for ransomware and adware.

Using “virus” as a catch-all phrase to include all types of malware is no longer right. The correct word to use should be malware. However, don’t expect the big anti-virus companies to rebrand their products to Kaspersky Anti-Malware or Bitdefender Anti-Malware because doing that may risk losing their brand identity even if they do offer a complete anti-malware solution.

The blog says it doesn’t mean that you’re safe if you don’t see it so it is important to run an anti-virus software from reputable brands such as Kaspersky, ESET, Avast, Avira, AVG (at one time AVG was installing a Yahoo toolbar without notice) MSE together with a second opinion anti-malware such as HitmanPro, Malwarebytes Anti-Malware, and SUPERAntiSpyware. As for Emsisoft Anti-Malware, it comes with its own Anti-Malware engine and Ikarus Anti-Virus Engine.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| September 29, 2011
Comments Off on Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online ThreatsDetroit Internet users rank seventh among 35 U.S. cities for being most at risk for online threats and being “digitally duped,” according to an AVG Technologies survey of online behavior. Of the more than 8,000 Americans with home Internet surveyed, AVG says many consumers are unknowingly putting themselves at risk of falling victim to identity thieves, viruses and malware with bad PC habits and a lack of comprehensive protection:

Malware

  • 75% don’t back up their phone’s data – many rely on their provider to restore their contacts should an accident occur.
  • 67% don’t use an identity monitoring service.
  • 41% never run a manual antivirus scan to make sure the computer is virus-free
  • 40% don’t use a password on their mobile device and of those that do, another 34% have not changed the password in the past year.
  • 38% admit to sharing online passwords with at least one other person
  • 23% don’t back up the data on their PC

U.S. cities at highest risk

AVG says that the top 10 U.S. cities at highest risk are:

1. San Antonio
2. Tampa, Fla.
3. Atlanta
4. Dallas
5. Oklahoma City
6. Charlotte, N.C.
7. Detroit
8. Denver
9. Washington D.C.
10. Sacramento, CA

rb-

The rules of the road still apply to online activities:

  • Patch your system
  • Use current anti-malware software
  • Change passwords regularly, use variations for each online account, and never, ever share them with others
  • Use one credit card with a low spending limit for all online purchases. Monitor this account regularly, and flag any inappropriate activity to the bank.
  • Back up your data
  • Don’t share your personal data on Facebook
  • Be wary of phishing scams. Never click on links in emails
Related articles
  • 5 Essential Mobile Security Tips (informationweek.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| September 6, 2011
One comment

Malware in Text

A team of security researchers has engineered a way of hiding malware in sentences that read like English language spam. The research led by Dr. Josh Mason of Johns Hopkins University along with Dr. Sam Small of Johns Hopkins, Dr. Fabian Monrose of the University of North Carolina, and Greg MacManus of iSIGHT Partners outlined the threat in a paper English Shellcode (PDF) presented at the 2009 ACM Conference on Computer and Communications Security. According to the UK’s Computing, the paper shows hackers could evade anti-virus protection by hiding malicious code in sentences that read like English language spam

alphanumeric shellcodeThe article says that attackers could develop a tool that would be the next step in the hacking and virus arms race. Hackers could hide alphanumeric shellcode in valid files which would activate the malicious payload of a code-injection attack. This attack vector could give attackers control of system resources, applications, and data on a compromised computer.

The researchers report they can generate English shellcode in less than one hour on standard PC hardware. The text in bold is the instruction set and the plain text is skipped. “There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation.”

The good news, Dr. Mason said that the widespread use of this attack vector is limited because the alphanumeric character set is much smaller than the set of characters available in Unicode and UTF-8 encodings. This means that the set of instructions available for composing alphanumeric shellcode is relatively small. “There was really not a lot to suggest it could be done because of the restricted instruction set,” said Dr. Mason. Long strings of mostly capital letters, for example, would be very suspicious.

Computing claims the work is a breakthrough. Current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose. If an attacker challenge’s the assumption that executable code structure is different from non-executable data malware would be almost impossible to detect.

Dr. Nicolas T Courtois, an expert in security and cryptology at University College London, said malware deployed in this way would be “hard, if not impossible, to detect reliably.” The research is a proof of concept, but Dr. Mason doubts any hackers are using the technique to disguise their code. “I’d be astounded if anyone is using this method in the real world owing to the amount of engineering it took to pull off,” he said. “A lot of people didn’t think it could be done.

Professor John Walker, managing director of forensics consultancy Secure-Bastion, argued the research highlights the flaws in the anti-virus community’s approach to security exploits. “There is no doubt in my mind that anti-virus software as we know it today has gone well past its sell-by date,” he said.

Related articles

rb-

Carly Fiorina

If this technology gets out in the wild, most experts believe that the current signature-based anti-malware products will miss the attack and leave us all defenseless. Sounds like something the chip makers should be working on. Is this why Intel bought McAfee?

What do you think?

Can the anti-malware industry adapt to new threats from attachers?

View Results

Loading ... Loading ...

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »