Tag Archive for GOOG

| December 4, 2012
One comment

Is Cloud-Based Anti-Virus Ready?

Is Cloud-Based Anti-Virus Ready?Cloud computing technology is one of the most disruptive technologies in recent history. Xath Cruz at CloudTimes argues in a recent article that cloud computing is also disrupting security software such as anti-virus and he asks how effective are cloud-based anti-viruses?

malwareThe article, How Effective are Cloud-Based Anti-Viruses? claims the demand for cloud-based anti-virus software has gone up steadily as more cloud-dependent computing devices have invaded the market. Cloud-dependent computing devices like iPads, Nooks, iPhones, and Galaxy’s are as susceptible to malware as their big desktop brethren.

In order to fight the malware threats to cloud-dependent computing devices, cloud-based anti-virus has evolved.  Cloud based anti-virus works differently than popular cloud-based document editors like Google Docs, where you only need a web browser and internet access. The blog post explains that cloud-based anti-virus software can’t function if it’s only in the cloud, since your PC won’t easily give the right kind of administrative access needed by antivirus software to programs hosted remotely, as that would leave your PC at risk of being intruded upon by other programs.

small native app that runs on the deviceIn order to protect a PC, tablet, or smartphone, a cloud-based anti-virus software requires a small native app to run on the device. When downloaded, the app acts as the anti-virus, with its database and heuristics data being hosted on the cloud. There is also cloud-based anti-virus software that use web browser extensions or Active X and Java to gain proper access to your PC.

Like any technology, cloud-based antivirus software has specific pros and cons when compared to native anti-virus suites, Mr. Cruz lays out some of the pros and cons of cloud-based anti-virus:

Cloud advantages

cloud based anti-virus1. No Installation Required – The first advantage of cloud-based anti-virus is that there’s no need to install them on your PC. Cloud-based anti-virus does not eat up hard disk space, with its storage and memory footprint being a fraction of what local anti-virus need. Additionally, you can get them up and running immediately, and there’s no likelihood of messing up the installation (which usually results in a non-working antivirus or corrupted file volume).

2. No Updating Necessary –  With cloud-based anti-virus, there is no need to update data files, since it’s hosted on the cloud, and will automatically be patched or updated by the provider. This will offer the latest in protection when it becomes available.

3. Double Security Layer – With cloud-based anti-virus software, it is possible to run a locally installed anti-malware app and run another different cloud-based antivirus without worrying about conflicts or PC slowdown. Different anti-virus software are better able to catch or inoculate different viruses.

collective intelligence4. An advantage of cloud-based anti-virus software the author missed is collective or community intelligence. SearchSecurity reports that when a system identifies malware, it’s able to give feedback to the cloud anti-malware provider, thus providing a wider surface area for rapidly detecting 0-day attacks.

Cloud disadvantages

1. Won’t Run in the Background – Cloud-based anti-viruses are not effective against viruses that run on startup. Cloud-based anti-viruses are not TSR (terminate and stay resident) programs and only run on an as-needed basis.

2. Limited Scan – Cloud-based anti-viruses risk missing dormant viruses in unopened or archived files. Windows’ security protocols will prevent some cloud anti-viruses from scanning the computer. They will only be able to scan core windows files and what’s currently loaded in the memory.

Network connection3. It Requires an Internet Connection – Cloud-based anti-virus is useless without access to the Internet. This is a problem for portable device users who can’t be connected 24×7. Without an Internet connection viruses will be free to do whatever they want.

rb-

The author concludes for the best protection your PC can get, you need to use the services of both a locally installed anti-virus software and a cloud-based one.

The main concern I have about cloud-based anti-virus apps is downtime. Cloud providers like Microsoft, Amazon, and Amazon have had issues lately providing their services. Downtime at the upstream ISP on the LAN can also play havoc with cloud-based anti-malware apps.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| October 9, 2012
Comments Off on The End of Microsoft?

The End of Microsoft?

The End of Microsoft?The BusinessInsider published some awesome charts from Horace Dediu of Asymco that shows the collapse of Microsoft (MSFT) and Intel’s (INTC) monopoly in personal computing. Henry Blodget says the chart shows how Google‘s (GOOG) Android and Apple (AAPL) have successfully eaten into Wintel‘s market share. Is it the end of Microsoft?

BI - Share of Personal Computing Platforms

Blodget included a chart from BI Intelligence showing the unit sales of PCs, smartphones, and tablets.

BI - Global Internet Device Shipmetns

rb-

This does not say that Microsoft is going to collapse. It still has a number of successful businesses. It’s just not going to run the world like it once did according to the article. So this is not the end of Microsoft.

Related articles
  • Wintel and the Disappearing PC World (beta.fool.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| September 22, 2012
Comments Off on SmartPhone Zombie Apocalypse

SmartPhone Zombie Apocalypse

SmartPhone Zombie ApocalypseIf you have a smartphone, online criminals may soon have your number. Smartphone malware is getting increasingly sophisticated, and MIT‘s Technology Review reports that a security researcher has created software that turns a smartphone into a “zombie” that can be controlled remotely. The blog says Georgia Weidman created the program, which controls a Google (GOOG) Android phone via short message service (SMS) to bring about a smartphone zombie apocalypse.

malicious software on mobile phonesOnce only theoretical, real-world cell-phone viruses are becoming more common. The article reports the most famous was a scam in Russia that tricked users into installing malicious software on Android phones and using the SMS functionality to send messages to a number that charged a premium fee. In late 2010, a Chinese virus for Android devices stole personal data according to the article.

Botnets have become a staple of Internet crime. They can be used to attack other systems, host attack tools, send spam, or just steal data. The blog says this type of attack has been rare with mobile devices, but that seems to be changing. “We have been taking down Internet botnets for years now, but there is not as much understanding [of telecom networking],” Ms. Weidman says. “I definitely see criminals going more and more toward using the telco’s network.”

zombie nodes of a botnetTR explains that Ms. Weidman’s program is one of the first known to turn smartphones into zombie nodes of a botnet. Her attack works like this: After infecting a phone with a rootkit, she uses that phone to send spam text messages, takes part in a denial-of-service, or degrade the communications of the phone—all without the user knowing. The techniques apply to any smartphone, Weidman says.

Today’s smartphones have multiple layers of defense. For one, they can block malicious applications. They also have managed channels, such as the Apple (AAPL) App Store and Google’s Android Marketplace, for applications.

botnet controlAs a result, Weidman says, infecting a smartphone is not easy. “The hurdle with any malware is infecting the phone,” she told Technology Review, noting that the methods used by cybercriminals usually do not work. “More of what you see of malware is people downloading applications for their phone that are infected,” she says.

The problem of cyber-criminals targeting consumers’ phones will only get worse Kevin Mahaffey, chief technology officer of mobile-security startup Lookout told the author. Because the control of phones is so easy to turn into cash via premium text messages, criminals will be drawn to attack the devices.

Lookout logo“I always tend to look at the economics of the problem to ask myself whether it will continue in the future,” the CTO explained. “And because there is an incentive for attackers to compromise mobile phones, and the cost of compromising is not that high, that says it will become more prevalent in the future.”

Using the telecommunications network, rather than the Internet, for botnet control allows attackers to hide their actions from users. When the attacker does it using malicious software, the user has little chance of detecting it, says Weidman.

smartphone botnet zombie“When I infected a phone in my botnet—my lab botnet—with malware, the smartphone would receive a message through SMS and I would check to see if it has botnet instructions in it,” she says. “If it does, it would perform the functionality requests, and then it would swallow the message, so the user does not know that there was a message at all.”

While phones do not have the computing power of more traditional computers, they are hefty enough to handle many of the tasks that cyber-criminals desire, she says. She adds that the sheer number of smartphones means that any botnet could be “a real threat” to create a smartphone zombie apocalypse.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| August 23, 2012
One comment

Privacy on IPv6 Networks

Privacy on IPv6 Networks

Internet service providers, websites, and equipment vendors around the globe took part in the World IPv6 launch in June, Internet companies including AT&T (T), Cisco (CSCO), Comcast (CMCSA), Facebook (FB), Google (GOOG), Microsoft (MSFT), Verizon Wireless (VZ), and Yahoo (YHOO) decided to permanently turn on IPv6. A small fraction of Internet users and devices have started communicating via IPv6 networks, with more and more transitioning to the new protocol over the coming months and years. There are security and privacy implications in the switch to IPv6.

IPv6All kinds of devices will get new IPv6 numbers as the addressing format grows. The IPv6 addresses for these networked devices can be generated in a number of different ways and the choice of how they are created has potentially wide-reaching effects for security and privacy Center for Democracy & Technology explains. One of the original methods for assigning new addresses involved using a unique device identifier (known as a MAC address) as the suffix of the IPv6 address. This method creates a permanent, unique address for a device, potentially allowing any server that the device communicates with to indefinitely track the user.

IPv6 designers soon realized the potential security and privacy problems of MAC-based addresses; as a result, they created an alternate method known as “privacy extensions” or “privacy addresses” the article reports. The privacy extensions use a randomly generated number instead of a MAC address. In order to protect privacy on an IPv6 network, the random number is unrelated to any device identifier and in practice lasts no more than a week (and often much less time), ensuring that the user’s IP address cannot be used for long-term user tracking.

SmartphoneIt is up to operating system vendors to choose which IP address assignment method will be the default on their devices. The author says that some vendors have made good choices, particularly within the last year. Microsoft has long led the charge on IPv6 privacy, with privacy extensions on by default in all versions of Microsoft Windows since the release of Windows XP nearly a decade ago. Apple followed suit last year, with privacy extensions activated by default in all versions of Mac OS X since 10.7 (Lion) and with the release of iOS 4.3 for iPhone and iPad. Google did likewise in its Android 4.0 release last year.

The CDT says that as long as Internet users choose to upgrade their operating systems to the latest versions, they should be protected against perpetual security and privacy threats from IPv6 network address tracking.

rb-

mobile OS's send private information about their users to the networHowever, I wrote about reports from H.Security that mobile operating systems do not protect security or privacy on IPv6 networks. The report says mobile OSs send private information about their users to the network. The H.Security article says this is not a flaw in IPv6, rather it is lazy programming in some cases. The article points out that neither Apple’s iOS nor Android devices have the option to enable Privacy Extensions or the option to disable IPv6. apparently, the only thing smartphones need is a control option in the user interface to protect mobile OS users’ privacy and security on an IPv6 network.

Related articles
  • Romania Has the Fastest IPv6 Adoption Rate (maindevice.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 25, 2012
Comments Off on Social Media Malware Launch Pads

Social Media Malware Launch Pads

Social Media Malware Launch PadsSocial networks’ role in the growth of the global virtual society has been well documented. What is not so well documented according to Help Net Security is the role social media has in spreading malware. The security and privacy mechanisms of social networking firms such as LinkedIn (LNKD), Twitter, and Facebook (FB) have proven insufficient to prevent exploitation.

Social networkThe article notes that “To Err is Human,” and human errors lead to exploitation and manipulation whether the social network is online or offline. Social media hold a plethora of personal information on the users that create the network. Individual connections between users collectively form a web of connections. To build each link between users an implicit trust is required between the two users and implicitly across the entire network. Any information provided by an individual user through chained connections becomes a part of the full network. When an attacker is able to exploit one user in the social network, they have the potential to be able to push malicious content into the network. The network’s connectivity enables the spread of exploitation. The blog explains that attackers exploit the weakest link in the chain.

The inability of users to determine the legitimacy of content flowing through the social media helps this exploitation process. Help Net Security says the biggest problem with online social networks is that they do not have built-in protection against malware. For example, current social networks do not scan the URLs and embedded content coming from third-party servers such as Content Delivery Networks. Therefore, there is no way to authenticate the URLs passed among the user objects in the social networks.

exploitation of human ignoranceThe infection process begins with the exploitation of human ignorance and followed by the spreading of the malware through the trust upon which the network is based.

The article further explains that to start the exploitation process, an attacker will pick an issue that affects human emotions to evoke a response so the social network user will do something the attacker wishes. Phishing and spam messages about weather calamities, politics, and financial transactions are used for starting infections. The author states that since social network exploitation begins by exploiting an individual’s ignorance common attack strategies have emerged.

FacebookOne of the simplest infection techniques is to put malicious URLs on a user’s Facebook message wall. When a user clicks on an illegitimate hyperlink it can result in the automatic download of malware through the browser. Some of the exploits used are:

  • Browser Exploit Packs (BEP) fingerprint the browser version and other software on the user machine. Based on this information, a suitable malware is served to the user which uses exploits for that particular browser.
  • Drive-by-Download attacks begin by visiting a malicious Malicious advertisementspage. They exploit vulnerabilities in browsers and plugins. Successful exploitation of the vulnerability causes a shellcode to run that in turn downloads the malware into the system.
  • Malicious advertisements (malvertisements) happen when an attacker injects a malicious link into a user’s Facebook wall to spread malware. The fake post is linked to a third-party website that has malicious advertisements embedded in it. These advertisements are linked to malicious JavaScripts which execute the malicious content in the browser.

Trojan horseHelp Net Security states that online social media is not harnessing the power of Safe Browsing API’s from Google (GOOG) or similar services to instantiate a verification procedure before posting a URL back to a user profile. Lack of such basic protections is a key factor in making the social networks vulnerable to exploitation.

Microsoft (MSFT) recently spotted a Facebook attack in the wild that exploited Facebook user’s trust in a social engineering campaign. The attack tries to trick Facebook users into installing a backdoor Trojan with keylogging capabilities according to the Help Net Security report.

MSFT says the Facebook Wall messages varied but they all lead to fake YouTube pages. Once there, the user is urged to download a new version of “Video Embed ActiveX Object” to play the video file. Unfortunately, the offered setup.exe file is the Caphaw Trojan.

The trojan bypasses firewalls, installs an FTP and a proxy server, and a key logger on the affected machine. Microsoft’s Mihai Calota says ” … has built-in remote desktop functionality based on the open-source VNC project.” MSFT says the Facebook attack can be used to steal money, “We received a report .. that money had been transferred from his bank account … The keylogging component, coupled with the remote desktop functionality, makes it entirely possible for this to have happened.

rb-

The articles correctly state that security and privacy mechanisms are indispensable for safe online social networking. Built-in security is necessary because attackers exploit the trust, curiosity, and ignorance of the social network customers to their own profit. Users should demand safe and secure transmission of the information and the user’s privacy. These should also be a focus of the social networking companies.

To protect themselves, users should:

  • What does thi do?Have up to date AV software running on their computers
  • Keep their browsers and operating systems fully patched
  • Change the passwords on all their sensitive accounts regularly
  • Warn friends and Facebook if an account seems to be hacked by using the Facebook “report/mark message as spam” option.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »