November 4,2013: The Sun is Setting on Windows XP and Office 2003
As we near the end of 2013 many companies are well into the budgeting process for 2013 and beyond. Do you still have Windows XP or Office 2003 on some of your desktop systems? if so, you should consider allocating some funds in 2013 to replace your Windows XP systems and to upgrade Microsoft Office if you're still running Office 2003.
Why does support matter? What it means is that as of April 2014 Microsoft will no longer issue security fixes to Windows XP or Office 2003.
Why should you care? New vulnerabilities - particularly in Windows - are always being discovered and, without these security fixes, your systems will no longer be secure. That could leave you vulnerable to hacks and attacks which could compromise your data.
Here's a link to a Microsoft website with more information: http://www.microsoft.com/en-us/windows/endofsupport.aspx
What should you plan to do? Get your desktops to Windows 7 and upgrade to Office 2010. Windows 8 has just come out and Office 2013 is just around the corner but don't take those leaps just yet. Windows 8, in particular, will require an investment in staff training.
June 4, 2012: Do You Need to Worry about the 'Flame' Virus?
Last week's discovery and announcement of the new 'Flame' malware has generated quite a bit of mainstream press attention over the last several days. It's a very sophisticated piece of malicious computer code (aka 'malware') that, given its complexity, had to be state-sponsored. In other words, this wasn't some basement kid on a lark - someone or something with money is behind this one. It doesn't do any damage per se but it can steal documents and record key strokes. Plus, it can listen in on Skype calls and capture e-mail and instant messaging conversations. It even uses bluetooth and can grab data from the computer's camera! To this point, it has primarily targeted computers in Iran and other middle-eastern countries (draw your own conclusions here!) and the estimates are that maybe only 1,000 targets have been infected so far. However, it has been operating undiscovered for several years and, because it is modular, it is easily modified and re-tasked by its controllers. As of this writing, none of the major antivirus products on the market can detect or stop this malware.
Scary huh? Don't worry... they'll figure it out. The really scary part is - now that the secret is out - that there will likely be many players in the web's black market trying to replicate the techniques used by Flame and incorporate these into future malware attacks. Those are the ones you and I have to worry about.
What to do? The best advice is still "defense in depth". Your business should have multiple layers of protection and, ideally, each layer should come from a different security vendor. For example, you'll have antivirus protection on your desktop systems from one vendor and your incoming e-mail is scanned by another vendor's product. You should have a smart firewall that also has virus, intrusion and spyware protection built in to it.
Finally, user education is key. You should have a published Acceptable Use Policy for your office Internet, a good password policy, and staff should be regularly reminded of social engineering techniques used by scammers.
May 29, 2012: The Scammer Gets Scammed
A link to a good article in the publication "Security Dark Reading" was passed on to me this week. It's a great story of a fake antivirus software scam company trying to fool a security expert. They tried to use a clumsy "it's Microsoft calling and your system has a problem" premise to get the target person to buy their junk and, probably, infect his computer with their malicious software. Unfortunately for them, the target was a security expert and he played them along to learn about their rather amateurish scam. It's kind of like the story of the incompetent burglar getting caught breaking into the police station.
It's an interesting story. The key point is to remember that Microsoft (or Google or Apple or any other major computer vendor) won't ever call you at home and that, as our technical defenses get better, the bad guys (especially the incompetent ones) will resort to social engineering techniques to try to fool you. The lesson is always be wary... if it sounds too good to be true it probably is... if it smells fishy, it probably is... I think you get the point.
May 17, 2012: Will your Internet still work on July 9?
You may but.... you may not. You won't have Internet access as of July 9 if your computer was and is still infected with the DNSChanger malware that first appeared in 2007 and continued infecting computers until the FBI nabbed the culprits in 2011. DNSChanger worked by re-routing any Internet request you made (web, mail, whatever) to bogus websites where they would try to trick you into giving them personal information. They were quite successful until the FBI executed a sting operation to shut them down. However, if you were infected, the re-routing mechanism (fake DNS settings) used by the bad guys may still be in place on your system.
Once the FBI got a hold of the perpetrators' servers they configured them so that they no longer directed infected systems to malicious websites. However, infected systems are still using the formerly compromised servers. The FBI originally planned to shut them down in March but there are still over 450,000 infected systems out there! So, they've pushed the shutdown to July 9, 2012.
If your system is still infected on that date, your Internet will quit working. Now the good news.... there is an easy fix! Simply go to this website http://www.dcwg.org/ There you'll find a test button called "Detect" that will test your system to see if you're infected and a "Fix" button you can use to clean your system if you are infected.
You'll also find more information about the malware on that website. Also, CNET has a good article with more information at: http://news.cnet.com/posts/?keyword=DNSChanger&tag=nl.e497