Though it doesn’t come as a surprise to most of the IT community, the Federal Communications Commission (FCC) recently added Russian software developer Kaspersky to its list of companies that should not be used by any entity that receives funding through the FCC. Given the current geopolitical climate, this move probably shouldn’t surprise most everyone else at this point as well. The Moscow-based security and antimalware company has been under significant scrutiny since 2017 after an explosive report from Bloomberg Businessweek exposed the company’s close ties to Russia’s intelligence agencies, leading to the software being banned on all U.S. civilian government networks shortly after its publication.
What this means for you
Depending on who you talk to (including C2), Kaspersky has been on the “no-fly” list for most (non-Russian) security advisors since at least 2017, and for many of my clients who grew up during the Cold War, the software has never been a consideration because of its Russian roots, even though it was considered highly competent in the early 20-teens. It was well regarded enough that it had enough American market penetration to the point that it had to be listed and banned to force its removal from the various U.S. government agencies that had based their choices on more technical versus patriotic considerations.
If you are using it, should you remove it? The answer is obvious if you are an entity that is covered by either the US government ban or the FCC’s prohibitions, but what about your family PC? Politics aside, there are enough solid replacements out there that sticking with Kaspersky isn’t worth potential risk or bad optics it presents to U.S. companies. As for your personal computer? It’s a personal choice, of course, but Kaspersky’s technology no longer stands out from the crowd so don’t give it an edge there. Go with an option that maybe has less baggage at the moment. For personal computers we like Webroot, Malwarebytes or Bitdefender, and if you don’t the extra cash for a paid antimalware platform, the built-in options on both Windows and Mac OS X are decent enough if you are vigilant and stay away from those questionable links in strange emails.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Over the past 2 years, I’ve seen the rate of malware attacks climbing at an accelerated rate. This is due largely in part to the evolution of malware as a lucrative crime combined with sophisticated, easy-to-use platforms that are designed for and marketed to non-technical users. Previously, successful viruses and their code were jealously guarded and the purview of an elite “cadre” of hackers who would advertise their creations as badges of honor. Now these same cadre of malware programmers are racing to bring product to a highly competitive market. Malware is a business, and business is good.
What this means for you:
It’s not just an assumption that you will be targeted by malware. It’s most likely a fact. Malware makes its handlers money by casting the widest net possible, which means everyone is a target, and the attack platform that can prey on the most victims wins. With that in mind, the safest mindset to adopt is that your technology will be or already is under attack, and you must gird yourself for the onslaught. Here are 3 ways to prepare, plus one less-obvious way that may or may not be practical for most organizations:
- Install a good firewall on your network periphery. Though most ISP-provided routers come with some basic firewall functionality, your business or organization should be protected by a professionally managed firewall that can provide what’s known variously as “Unified Threat Management” or “Gateway-based Defense”. In a nutshell, these devices sit on the entry point of your organization’s internet connection and monitor all data going in and out, scanning for malware, hacking attempts, objectionable content and spam. This is your first line of defense, and if maintained properly, can protect you from numerous threats 24/7/365.
- Use effective malware protection on your vulnerable technology. Even assuming you have some sort of protection on your network periphery, there’s still plenty of ways for malware to get inside your network, and once they are “inside the gate”, your computer or server’s only protection from a really bad day is the anti-malware you’ve installed locally. This software should have some form of active protection (always-on scanning, port blocking, etc.) and not something that has to be run in order to detect or cleanup a malware incursion. If malware isn’t detected and handled the moment it approaches your computer, it’s too late.
- Back up your data. Sad as this fact is, no anti-malware is 100% effective. Your machine will get infected and at that point, the only way you don’t lose this battle is if your data is backed up and isolated from infection. This means offsite backups, with at least 7 days of historical versions just in case the backup software unknowingly backed up infected files (which it can and will do if you don’t catch it quickly enough).
- Disconnect from the internet. If the above 3 items are beyond the reach of your organization for either budgetary or technical reasons, this rather drastic alternative is very effective. Even though it may be impractical for most companies, approaching this problem from this perspective may lead to some creative changes in operations and employee behavior. As a simple example: block access to social media sites on work computers, but provide separate, isolated wifi for mobile devices that allows them to scratch that itch on their own devices.
Image courtesy of graur razvan ionut at FreeDigitalPhotos.net
“Keep your area clean.” You’ve been hearing it all your life. First, no doubt from your mom or dad, and then from your teachers. You’ve probably heard it throughout your professional career, and possibly offered it as guidance yourself to others. Regardless of how tidy you are in your physical space, I’ve only encountered a lonely few who also keep their digital space clean. Cheap, large hard drives and superfast searching have allowed us to sprawl digitally all over the place, and just like Nature abhors a vacuum, cyberspace will expand to fill all empty gigabytes when you aren’t watching. In one extreme case (that will probably go down in my personal record books!) I encountered a client whose nearly full one-terabyte hard drive (1000 gigabytes) was over half full with junk and temporary files. That’s nearly 500 gigabytes of wasted space! Aside from the lost storage space, there was another, even more critical issue caused by all those useless files.
What this means for you:
Well written and properly configured internet programs, such as web browsers, will regularly keep their areas (browser and history caches) containing those temporary files clean, but sometimes they don’t. In the case of the above client, the 500 gigabytes of junk was created over time by a browser and operating system malfunction, and then exacerbated by a virus infection. The result was tens of millions of small files that the antimalware software had to scan everytime it was checking for viruses. If you thought a regular anti-virus scan was painfully slow, multiply that by 100 and that’s what was happening on the machine in question. As you can imagine, the antimalware software (and the computer in general) just gave up and stopped working properly, leading to further infections and actual damage to the filesystem. How can you avoid this?
- Make sure your web browsers are keeping their caches tidy. Here’s an all-encompassing guide on how to do that.
- Always keep an eye on your available hard drive space. A good rule of thumb is to keep a minimum of 20-30GB free at any given time. If you suddenly start running low, there might be a problem.
- Know the approximate size of your document space and evaulate whether it makes sense for what you do, and what you are required to maintain. Office documents typically aren’t very large on average (thousands of them can easily fit on a 16GB thumb drive), but high-res photos can easily be several hundred megabytes easily. If your document space seems unexpectedly large, you might have a problem.
- Don’t interrupt your anti-malware scans. If they are taking too long, note where it’s getting stuck, pause the scan, clean out the affected area (usually temp files as mentioned above) and see if scan times improve. They should, even if the total space cleared doesn’t seem to be much. Browsers create thousands of tiny temp files everyday, and if they aren’t cleared properly, they add up really fast.
In a worst-case scenario, where millions of files have built up in a temporary folder, removing them could take hours, even days, as was the aforementioned case. Luckily for the client, I didn’t bill straight hourly, otherwise the cure would have been worse than the disease. Savvy technicians will have tools at their disposal to help clean up cluttered and infected drives, but when there are millions of useless files there are only two ways to clean it up – delete those files one at a time (via scripts, of course), or nuke the whole drive from orbit, ie. re-format. There are advantages and disadvantages to both approaches, so make sure you discuss which option makes the most sense for your data and your budget.
A recently published whitepaper from Redwood, CA security firm Imperva reports a disturbing trend that many technology professionals already suspected: current anti-malware manufacturers can’t keep up with the pace of virus development now that malware has moved from the realm of mischief to big-time criminal enterprise. Researchers from Imperva and students from Technion-Israel Institute of Technology put together a study that pitted 80 new viruses against over 40 of the top commercial antivirus products on the market, including Symantec, McAfee and Kaspersky and found that they were only able to detect 5% of the new malware infections.
It’s important to note that the sponsor of this study, Imperva, has a material stake in future anti-malware development, as their focus has been on developing a method of protection that differs from the traditional signature detection approach used by the mainstream antivirus developers. Signature detection relies on antivirus manufacturers being able to “capture” and reverse-engineer a computer virus strain to develop ways to combat infection, a process that is entirely reactive and time-consuming. As you might have guessed, new viruses can do their damage in minutes on a vast scale thanks to the internet, so relying on protection developed after the virus has been in the wild is of no help to those already infected. Cybercriminals realize they have the advantage of surprise on their side, and are investing heavily in staying ahead of signature detection algorithms.
What this means for you:
Future security is going to rely heavily on a combination of methods: signature detection, heuristic analysis (watching for anomalous behavior), virtualization/compartmentalization and good old fashioned paranoia/preparedness. The public at large has been lulled into a false sense of security in thinking that purchasing a product off the shelf will absolve them of the need to remain vigilant. As some of my clients can personally attest, you can have the best antimalware products on the market and still get infected. Technology security is more than purchasing software and hardware – it’s a process and state of mind that must constantly be maintained. If you are uncertain how to evolve your business practices to step up your state of readiness, give C2 Technology a call – we can help!
Image courtesy of graur razvan ionut / FreeDigitalPhotos.net