In case you are new here, let me catch you up on the primary purpose of this blog. My objective is to scare you into being more secure with technology. It doesn’t always work – one person’s phobia is another’s fetish, but this one ought to give you pause. A white hat security hacker has uncovered a bug in Symantec Antivirus that would allow for an almost trivial exploitation of its scanning engine to actually compromise the computer its supposed to be protecting. And this bug exists across all three major operating systems – Windows, OSX and Linux – something that is very rare in any type of software. Not worried yet? A victim doesn’t even need to open an infected file because Symantec will do it for them when it scans the file in your email, or scans a link in your web browser. Just touching a file designed to exploit this bug will cause a memory buffer overflow, which is tech-speak for “OK malware, I’m puckering up so you can plant a big haymaker right in my kisser.”
What this means for you:
If you don’t use Symantec or Norton products for malware protection, carry on and enjoy that feeling of schadenfreude most technology users rarely experience. If you do use either of those products, Symantec has already patched this bug, and if your software is set to update automatically, it should no longer be a problem. There in lies the rub: do you know if your antivirus is up to date? How many of you have been ignoring the little warning flags your AV has been waving at you from the corner of your screen, “Hey, I need to update but I can’t for some reason!” Do you know how to make sure your antivirus is updating regularly? By the way, “regularly” means daily, if not multiple times a day. Zero-day exploits are sometimes seen within hours of an vulnerability being published. Security companies like Symantec stake their reputation on reacting quickly, but they can only lead your computer to the update river. You need to make sure it’s drinking deep, daily. Not a software update wrangler by trade? Well it just so happens I know someone who is, pardner.
You wouldn’t let your business be run by amateurs, why would you leave your technology to anyone less that an experienced professional?
Remember last week when I reported on a “small” privacy blunder committed by Facebook and their data portability app? Security software maker Symantec announced over the weekend that they noticed Facebook’s Android app behaving inappropriately, to the tune of uploading the phone number of the device to Facebook’s servers the first time the app is installed and launched, prior to any logins or other interaction by the phone owner. According to Facebook, they never used this information, and have since deleted it from their databases. Seeing as the Android Facebook app has been downloaded by several hundred million people, up until this “bug” was discovered and remedied, several hundred million people had their phone numbers harvested by Facebook without their explicit permission.
What this means for you:
Maintaining control over the privacy of your personal data requires constant vigilance on your part, and trustworthiness on the part of those who are requesting the use of your data. In this specific instance, a list of several hundred million mobile numbers isn’t very useful without any other meta data, but it highlights the larger issue at hand: can Facebook be trusted to be good stewards of your personal data? Should they have ever been trusted to the extent that most people have up until now? Recent events should put a great deal of caution into even the most open social networker, and should serve as a red-flag warning to everyone. Organizations are only as good as the people who run them. Apps are only as good as the people who program them. If your privacy is important to you, pay close attention to how others respect that privacy. Don’t reward bad or careless behavior with your dollars or loyalty, and don’t let inertia alone keep you from making informed choices.
FYI: “Facepalm”: http://en.wikipedia.org/wiki/Facepalm
A recently published whitepaper from Redwood, CA security firm Imperva reports a disturbing trend that many technology professionals already suspected: current anti-malware manufacturers can’t keep up with the pace of virus development now that malware has moved from the realm of mischief to big-time criminal enterprise. Researchers from Imperva and students from Technion-Israel Institute of Technology put together a study that pitted 80 new viruses against over 40 of the top commercial antivirus products on the market, including Symantec, McAfee and Kaspersky and found that they were only able to detect 5% of the new malware infections.
It’s important to note that the sponsor of this study, Imperva, has a material stake in future anti-malware development, as their focus has been on developing a method of protection that differs from the traditional signature detection approach used by the mainstream antivirus developers. Signature detection relies on antivirus manufacturers being able to “capture” and reverse-engineer a computer virus strain to develop ways to combat infection, a process that is entirely reactive and time-consuming. As you might have guessed, new viruses can do their damage in minutes on a vast scale thanks to the internet, so relying on protection developed after the virus has been in the wild is of no help to those already infected. Cybercriminals realize they have the advantage of surprise on their side, and are investing heavily in staying ahead of signature detection algorithms.
What this means for you:
Future security is going to rely heavily on a combination of methods: signature detection, heuristic analysis (watching for anomalous behavior), virtualization/compartmentalization and good old fashioned paranoia/preparedness. The public at large has been lulled into a false sense of security in thinking that purchasing a product off the shelf will absolve them of the need to remain vigilant. As some of my clients can personally attest, you can have the best antimalware products on the market and still get infected. Technology security is more than purchasing software and hardware – it’s a process and state of mind that must constantly be maintained. If you are uncertain how to evolve your business practices to step up your state of readiness, give C2 Technology a call – we can help!
Image courtesy of graur razvan ionut / FreeDigitalPhotos.net