The Impact Of False Positives On Network Security

March 27th, 2014

Virus warning

In a previous post, false positives were listed as a factor in ranking the best available security tools. Even for an individual user, false positives can hinder the effectiveness of your security infrastructure but they become significantly more costly when applied to an entire company’s network. Ken Westin of The State of Security explains how false positives and an over-emphasis of security contributes to an insecure environment.

When’s the last time you heard a car alarm and reacted like there was a car in the area being broken into? The car alarm is a perfect example of false positives causing a lack of security. They go off constantly, which has made people ignore them in every situation. They’re now just noise.

In the case of security tools, antivirus programs that flag every download as a potential virus or even those that constantly warn you about a new application running with access to the internet turn into noise. If nine out of ten of the alerts you get from your antivirus program are safe to ignore, the one legitimate warning will likely be ignored also.

In a corporate environment, when the different security tools running don’t communicate with each other, they all flag the same perceived threat. Again, this puts IT professionals in a situation where it’s habitual to ignore security alerts, rather than investigating them.

The gut reaction to a breach of security is to add to the number of tools protecting a network. While that may help protect previously uncovered endpoints, it also creates an overlap of the existing tools. Without an infrastructure that works together, you’re just creating more noise and no more protection. In the case of many more complex security resources, staff will spend an exorbitant amount of time debugging and integrating these tools, which significantly decreases the amount of time available to monitor and mitigate threats.

The tactics of attacks evolve quickly and there are more highly targeted attacks victimizing businesses than ever before. Since most security tools work by recognizing known characteristics and patterns of previous attacks, these tools are less effective at spotting and preventing threats to a network. That’s why it’s increasingly important to have a team in place to review data and activity so a breach can be detected early.

Effective network security requires and investment, but it needs to be made intelligently. For help creating a security infrastructure for your business, contact Geek Rescue at 918-369-4335.

Four Causes Of Your Computer’s Slowed Performance

March 27th, 2014

Frustrated woman at laptop

The older your computer gets, the slower it gets. That’s a widely accepted fact by many users. While there are some unavoidable decreases in performance over years of use, there are also ways to avoid slower performance and fix problems that cause it. At the BullGuard blog, Steve Bell explains some common reasons a computer may be running slower than usual.

  • Auto run

One of the selling points of many new computers is how quickly they start up. Over time, most computers begin to take longer and longer to start, however. Much of this can be attributed to how many applications are set to run automatically every time the system boots up. Naturally, the more programs you’re asking your computer to run initially, the longer it will take your computer to start. Before complaining about a slow booting computer, uninstall programs you are no longer using. You’ll also want to look into what applications are starting automatically and change the settings on those that you don’t use constantly.

  • Hard drive issues

Your computer’s hard drive stores just about all the information you use on a daily basis. Over time, the performance of your hard drive will slow down. This is caused by fragmentation occurring in the data stored there because of adding and deleting files. It can also be caused by the hardware wearing out after hours and hours of use. On average, laptop hard drives last about 3-years. Desktop hard drives can be expected to last a little longer. Once they start to wear out and slow down, you’re at an increased risk of experiencing a total crash that wipes out everything stored on the drive. If your computer is running slow, run the defrag application on your machine and see if that helps. If not and your hard drive is more than 3 years old, it may need to be replaced.

  • RAM issues

You may notice that your system seems faster when you first start your computer but slows down the longer you use it. This is most likely caused by a lack of RAM, or Random Access Memory. RAM is a resource that gets used by each application currently running. The more RAM being used, the less is available to applications you try to open. Many computers have room to increase RAM, which can make your system significantly faster. The alternative is to limit the number of applications running at a given time.

  • Malware

If a decline in performance seems to happen overnight, the most likely culprit is that malware like viruses or trojans are stealing resources. Malware can infect your computer in a number of different ways and can be extremely difficult to find and remove completely. First, you’ll want to invest in an effective antivirus program and keep it updated. Installing a firewall and improving the security on your wireless router are also advisable.

If your computer seems sluggish, it usually means something is wrong. The good news is, it can be fixed and restored to normal.

If you’re having issues with any of your devices, come by Geek Rescue or give us a call at 918-369-4335.

Anti-Malware Testing Reveals Best Products For Home And Business

March 25th, 2014

Man with magnifying glass and laptop

A primary concern for computer users is avoiding malware. Unfortunately, not all users make it a priority and often put themselves at risk by foregoing proper security tools. Surfing the web without antivirus or anti-malware applications in place is asking for trouble. But, with so many options available, how do you know which security tools are most effective? As Larry Seltzer of ZDNet reports, a recent test conducted by AV-Test Institute set out to find the anti-malware programs that are most trustworthy for Windows 7 users.

AV-Test Institute brought in a total of 34 anti-malware products to test with 9 being for business and 25 for consumers. The testing involved malware detection, zero-day exploits with no signatures detection, performance impact and false positives.

A good anti-malware program will be able to operate without slowing down your system. It’s also capable of detecting malware before it infects your system and capable of spotting zero-day exploits based on suspicious characteristics. The product that scored the best in these tests was Trend Micro’s Office Scanner 10.6. The top scoring consumer product was Bitdefender Endpoint Security.

Multiple products were able to detect all of the malware used in the test. On average, 94-percent of the zero-day malware was also detected.

Bitdefender’s consumer entry was able to detect all malware with no false positives and tied for the top score in the performance impact testing. Trend Micro’s Office Scanner was also able to detect all malware and scored the highest possible score on performance impact, but wasn’t able to make it through testing without any false positives.

For a full list of results and products tested, visit AV-Test.

With an effective anti-malware program in place, like many of those tested, users can feel secure and know that malware will be detected before it can do any real damage. Security programs need to be updated constantly, however, to give them any hope of detecting the latest malware threats.

If you’ve been infected by malware or would like to explore your options for better security, either at home or the office, call Geek Rescue at 918-369-4335.

Android Vulnerability Gives Unwanted Permissions To Malicious Apps

March 24th, 2014

Android smartphone

Regardless of what mobile operating system you use, there’s bound to be some security flaws. The latest issue is a way for malicious apps on Android devices to receive elevated privileges without a user’s knowledge. Adrian Kingsley-Hughes of ZDNet reports on these so-called “Pileup flaws”.

Pileup is short for privilege escalation through updating, which adequately describes this type of attack.

Each time an update for a device’s current operating system is installed, which can be as often as every few months, a user is at risk. Updates require thousands of files to either be replaced or added to a device. This includes carefully adding new apps without damaging or changing any existing apps. This method creates a vulnerability.

If an existing app is malicious in nature, it’s developer can request additional permissions that are only available in an updated operating system. Those permissions won’t affect users before they update and an app may seem legitimate. Once the user updates, however, those permissions are automatically granted with no warning or verification required from the user.

This way, an app can lay dormant until the user updates, then take control of a device. With expanded privileges, malicious apps can control text messages, download malware and monitor activity.

In a similar attack, malicious apps with the same name as a trusted system app can be upgraded to a system app during an update. This gives malicious third party apps the power to access nearly everything on a device and control functions.

Researchers claim to have found six examples of Pileup vulnerabilities in Android devices, which puts about a billion total devices at risk. Google has been alerted about these vulnerabilities and has already begun patching them.

Discoveries like this reinforce how important it is to exercise caution when downloading apps. Only download from the official app store and, even then, be cautious about what you decide to add to your device.

If your device has been infected with malware or you’re having other issues, bring it to Geek Rescue or call us at 918-369-4335.

Watch For These Signs Of A Malware Infection

March 20th, 2014

Are You Secure sign

There are a number of resources online to help you protect yourself from malware infections. From security tools to tips and best practices for avoiding malware, it’s fairly easy to learn how to create an effective security infrastructure for your home network. What happens if malware is still able to get through, however? At the BullGuard blog, Kirsten Dunlaevy published a list of helpful signs that your computer may have been infected. Here’s what you need to watch for.

  • Freezes and other issues

We’ve all experienced the frustration of having your computer freeze while you’re in the middle of working on it. That could be a one-time problem, a compatibility issue with an application or it could hint at a malware infection. If you’re seeing a growing number of problems like freezes, sudden shut downs or restarts and applications not working properly, the most likely cause of your problems is malware.

  • Pop-ups

The internet used to run on pop-ups, but most legitimate sites have stopped using them. Now, if you see pop-ups, it usually means you’re on a site that’s not trustworthy or that you’ve been infected with malware. Especially if you see pop-ups when you aren’t using a web browser, it’s likely that there malware hiding somewhere on your system.

  • Suspicious email and social media messages

Even if your computer is absent of any other signs of malware, your email and social media profiles may tell a different story. Be sure to regularly check the “Sent” folder of your email to make sure that everything that appears there is actually messages you’ve sent. If you see messages with suspicious looking subjects, it’s likely that malware has been used to hack your email and spam your contacts. Similar problems can plague your social media profiles. Facebook and Twitter are particularly at risk.

  • No apparent problems

If your computer has none of the above problems and seems to run normally, it doesn’t necessarily prove the absence of malware. As threats grow more intelligent, they’re increasingly able to hide evidence of their actions. Some malware tampers with antivirus applications to make it appear that your system is clean when it’s not. Or, malware can even trigger a false positive to make you feel secure after dealing with the supposed threat.

Keeping malware from infecting your computer starts with putting security tools in place and practicing smart, safe surfing online. Then, it’s important to stay vigilant and watch for signs of infections. Also, be aware of actions you take that could potentially lead to a malware infection.

If you’ve been infected with malware, or are just having issues with any of your devices for unknown reasons, call Geek Rescue at 918-369-4335.

Report Finds Three New Malware Threats Every Second

March 10th, 2014

malware concept

A common piece of security advice is to regularly update your antivirus program to protect against the latest threats. New malware is formed every day and it’s difficult for security applications to keep up, but it’s impossible if they aren’t updated daily. Alastair Stevenson illustrates the need for up to date definitions with his report at V3 that three new threats emerge every second of every day.

That statistic comes from security company McAfee’s Threat Report from the fourth quarter of 2013. Part of that report reveals that McAfee learned of 200 new attacks every minute, which likely means that the number of new attacks being launched is actually even higher.

Overall, in just the fourth quarter in 2013, 200-million malware variants were found by McAfee. That’s 90-million more than was found during the same time span in 2012. Experts believe one reason for this significant increase in malware production is the increase in “Point of Sale” malware, which refers to variants that are available to be purchased online by anyone and used without a need for expertise. This allows nearly anyone to launch an attack.

Malware isn’t targeting PC users alone, however. The report states that nearly 2.5-million new forms of malware targeting Android mobile devices was collected. That’s significantly lower than the amount of malware targeting PC users, but it’s nearly double the output of mobile malware from just a year prior.

Ransomware, the malware that encrypts or locks down files on your PC and demands payment to give you access to them, also saw a large jump in number of attacks in 2013. After 1-million observed forms of ransomware attacks in 2012, 2013 saw about 2-million.

The clear lesson here is that security on your personal devices and your company’s network is becoming even more important as more attacks are being produced and those attacks are becoming more intelligent.

For help improving security or help recovering from an infection or attack, call Geek Rescue at 918-369-4335.

Survey Reveals Spread Of Malware And Lack Of Security

March 7th, 2014

Malware on circuit board

A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.

CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.

Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.

It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.

With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.

Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.

The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.

If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.

Google Play Hosting Malicious Apps That Cost You Money

February 17th, 2014

Android smartphone

It’s become well-known that more threats exist for Android users than exist for users of Apple devices. One of the reasons that malware often targets the Android operating system is because of the relative insecurity of the app store, Google Play. Malicious apps have repeatedly infiltrated Google Play and infected users. According to a post at GMA News, a number of malicious apps are currently available through the app store and they’ve already infected more than 300-thousand users.

Though the names of specific apps aren’t named, there are believed to be a number of apps responsible for malware infections. These apps typically pose as legitimate versions of other apps, or as different versions of popular, or trendy, apps. Most recently, the game Flappy Bird, which was taken out of app stores, has spawned a number of malicious copycats.

When a user mistakenly downloads one of these malicious apps, it steals the users phone number and uses it to sign up for a premium SMS service. This ends with additional fees being included on a user’s monthly bill. The attacker likely receives some sort of commission for bringing additional users to the service.

Part of this process involves the malware intercepting messages sent to a user’s smartphone and sending messages without the user’s knowledge. Because the premium service needs confirmation before it can begin to charge you, the malware must intercept the confirmation message containing a PIN, then send a message back with that PIN.

To gain access to a user’s phone number, the malware uses a vulnerability in the popular messaging app, WhatsApp. Even though users without WhatsApp could become download a malicious app and be infected, it’s not clear if the malware would have the same capabilities.

To avoid downloading an app that will infect your smartphone, be sure to carefully read the permissions the app requires. These malicious apps clearly state in their permissions that they read text messages and need a connection to the internet. While some apps needs those permissions legitimately, most do not. If an app asks for permissions they shouldn’t need, it’s best to avoid downloading.

If your smartphone is infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

Sophisticated Malware Threat Monitors And Steals Nearly Everything

February 17th, 2014

Malware sign

A recently discovered form of malware is being called “the most sophisticated malware yet” by experts. As Timothy B. Lee reports for The Washington Post, this threat is capable of infecting almost anyone and of stealing almost anything.

Called Careto, this malware is actually a suite of tools used for collecting data from infected users. This highly targeted attack starts as a phishing scam. An email made to look like it’s from a major publication is sent to a user. Those that click on the provided link are taken to a malicious website that scans the user’s computer to find vulnerabilities.

Careto is capable of infecting a number of operating systems. Windows, OS X and Linux users are all at risk. Experts believe that mobile versions of the malware that target iOS and Android will be developed soon.

It’s when the malware has infected a user that the real trouble starts. Nearly everything a user does can be recorded by Careto. Network traffic is intercepted, keystrokes are logged, screen captures are taken, Skype conversations are monitored and all file operations are tracked. The malware can also sniff out encryption keys stored on a device.

The nature of the malware also allows for software or plug-ins to be added easily. This means additional capabilities are being added to steal other data or to add more features.

Because Careto is so complex, it’s difficult to detect, even if you’re running an up to date antivirus or anti-malware program. The best way to avoid infection is to be extremely cautious regarding links in emails. If a link is sent to you, it’s better to go to the site directly, rather than following the link. This eliminates the possibility that you’re being sent to a fake, spoofed, site.

If your computer is infected with malware, bring it to Geek Rescue or call us at 918-369-4335.

Five Must-Haves For Mobile Security At Your Business

February 14th, 2014

Key in lock on smartphone

There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.

  • Anti-malware software

With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.

  • VPNs

Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.

  • Authentication

If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.

  • No Third Party Software

Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.

  • Test And Audit

If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.

For help with the security at your business, contact Geek Rescue at 918-369-4335.