Saturday, February 9, 2008

Software Threats to the Enterprise and Home User

I was recently asked to identify the "twenty most dangerous pieces of software" to us as a company. My first thought was "WHY?"

What good does it do anyone to stop twenty pieces of dangerous software in a world that is full of thousands that are constantly chagrining and never stop moving.

That in itself identifies a key problem with some people's perception of IT Security.

Many people often compare the internet to the Wild West in terms of security. We have a Posse consisting of Anti-SpyWare, Virus Scan and firewalls that are there to protect us. The problem with many of these tools is that they are mostly reactive tools using historical data to protect us from what is known to be bad. We also have IPS tools that are more proactive and prevent events from occurring at all.

I am trying to dispel this mindset and create a new mindset by trying to bring the threat into focus so that the bigger picture can be seen. A lot of security Managers still think in this type of mindset and want the Top 20 or seek 80/20 compliance thinking that is fine in today's world. All this tells me is that they really don't understand security and risk analysis.

Ten years ago we would have an outbreak that would infect thousands of computers and that would bring down the network and make headlines. The goal of the attacker was to get attention or impress his girlfriend.

Today we have criminals and criminal organizations that are out to make a profit and don't want to be seen or be detected.

The nature of the IT World we live in today has changed and the mindsets we have about security have to change to meet the current environment that is thrust upon us.

With this short article I try to convey a real world experience based on an analysis of what we currently see coming into 2008 and base it on actual data from our reporting tools and databases of historical data for the last 60 days where we average 45,000 events per day.

The Areas for risk include:

  • Loss of Data
  • Circumvented Physical Access
  • Circumvented Electronic Access
  • Exposure due to Illegal Activities

What follows is a classification list by type of software that should be considered High Risk to Very High Risk for any corporation or home user.

The examples used are more related to function than specific software packages. The reason being is that you can easily use any internet search engine looking for items in these categories and come up with a dozen to hundreds of examples many of which change, are new and retire almost daily. Getting specific will be an impossible task since there are thousands upon thousands of moving targets.

The list is ordered by the threats we encounter the most with a few exceptions. Freeware is listed first because it is extremely prevalent in the wild. It is also, very often, benign or even beneficial to your company. What one has to keep in mind is the popularity of freeware and how much of it is compromised or altered or mimicked by people with mal-intent. It is not uncommon for legitimate freeware to be altered or to be copied in name only so that vandals and criminals can propagate their MalWare under the reputation and the guise of legitimate freeware.

The rest of the list that follows freeware is very often a direct result of this altered or questionable freeware.

The next in the list is Pirated or Stolen Software. Pirated Software is in second place for the exact same reasons that freeware is top of the list. People are looking to get something for nothing. When we follow the rule of "If it sounds too good to be true, it probably is." Then we are right on track. Very often people will think they are getting expensive software for free, when they are really getting a version of Photoshop that has a hidden payload buried inside a modified setup routine.

Then we come to number three in the list, Peer to Peer. Peer to Peer is a problem because this is one of the most common methods of distributing malicious software disguised as or embedded in what ever files the user is seeking. Another thing to remember in peer to peer is that not all traffic and sharing is via the inter/intra-nets, we must include portable media devices in this list. USB Thumb Drives definitely act as a form of Peer to Peer propagation in the exact same way we used to see viruses propagate on floppies via the old standard known as sneaker net. How many times have you been in a meeting or presentation and a vendor or service provider hands an employee a thumb drive to plug into a company laptop on the company network.

When you consider this exact scenario, what has just happened? Both your physical access controls and electronic access controls have been breeched and were just escorted into your building and network by your own employee, probably while walking right past your security personnel as well.

The rest of this list includes more specifically the types or categories of software that should not be allowed in your corporation or by a home user or should be limited to select groups for specific purposed as Managed Exceptions on a case by case basis. The vast majority of these are propagated by the first three categories in this list.

One more category should have a little bit more mentioned because this involves a bit a hybridized form of attack: Religious or Cultural Materials. This category deserves a little more attention because it combines a bit of social engineering combined with an electronic attack. It is not uncommon to find files that are of a malicious nature disguised as something legitimate that capitalizes on current events and people's emotions. Unsuspecting users see a subject line in e-mail or in am IM Message that causes them to click before they have a chance to think.

Much of this data was compiled from the enterprise database of actual incidents from within our own corporate environment. Since I can not reveal internal company information I can not make available my research data.

The list that follows is compiled from an analysis of data in our database and based on actual incidents in my company.

The list is by Category with Examples:

  1. Freeware

    1. Screen Savers
    2. Games
    3. Utilities
    4. Alternative Applications
    5. Jokes
    6. E-Cards or Greetings (Web, E-Mail & Executable)

  2. Pirated Software & Keygens
  3. Peer to Peer

    1. Humans
    2. Bit Torrents ( A.K.A. Torrents)
    3. Peer to Peer applications like Bear Share
    4. Portable Storage Devices (USB Thumb Drives)

  4. Key Loggers
  5. Non-Standard Applications / Devices

    1. Telecom Applications
    2. I-Phone/I-Pod
    3. Phone Tools

      1. Software
      2. Physical Access

    4. Palm Pilots and PDA's
    5. Internet Browsers

      1. Mozilla Firefox
      2. Internet Explorer

    6. Video & Audio

      1. MP3 Tools
      2. Rippers
      3. Managers
      4. Plug-Ins
      5. Players

    7. Video Tools

      1. Rippers
      2. Cloning Tools
      3. Players
      4. Converters
      5. Plug-Ins

  6. E-Mail Server & Client Applications

    1. Web Mail Clients
    2. Non-Standard E-Mail Servers
    3. Non-Standard E-Mail Clients

  7. Portable Software *
  8. Files Shares with Everyone Full Control
  9. Non-Standard VoIP Applications
  10. Hacking/Cracking Tools

    1. People that are curious about such tools.
    2. People that are intentionally using such tools.
    3. Tools that are part of other software and execute without the user knowing.

  11. Sharing of valid work related files that are infected or compromised.

    1. Internally from employee to employee
    2. Externally - between your company, Customers and Vendors.

  12. Legacy Devices / Drivers

    1. Devices that are no longer supported can have drivers that create vulnerabilities or holes that can be exploited, or the drivers have been exploited and are made available from impersonated download locations.

  13. Religious / Cultural Materials

    1. Some groups appear to be targeting some cultural groups. Due to the current geopolitical climate around the world.
    2. Many groups are being targeted based on race, religion or geographic location.
    3. Entertainment / Current events.

      1. Britney Spears
      2. 9/11
      3. War in Iraq.

Whether you are a home user or an IT Professional this article and list are intended to help you raise your own awareness and the awareness of others. The Internet is no longer the Wild West. We are now in the mega metropolis stage where there are great places to go and fun things to do. You just have to remember that no matter how great a metropolis can be it will always have its seedier side and dangerous dark alley ways teeming with bad people wanting to do bad things.

Also always remember what my dad use to tell me: "If it's too good to be true, it probably is." Or as Ronald Reagan would have said "Trust, but verify."

* Portable Software is software that can be utilized via a portable device like a thumb drive or USB Hard Drive and does not have to be "installed" to be used on any computer.

GSEC - 11396 - SILVER | Prescott Small

Article Source: Free Ezine Articles for your Blogs. Get your Free Articles today!

AddThis Social Bookmark Button

Wednesday, February 6, 2008

PC Virus Removal

Removing a virus from your PC manually can be one the hardest kind of computer repairs. Luckily there are many different software programs out there that can help. To remove a virus you will need a combination of Virus software, Spyware software and a startup manager piece of software. These three are still not enough. You need to know the right process in which to run the software pieces to remove the PC virus.

The good news is we have the process right here to repair your computer. We will provide a few free programs but recommend you actually go out and purchase a good all in one security suit. The first thing is to boot normal. Once logged in you will need to turn off the system restore. The reason for this is because many viruses will hide in this area. Now reboot and boot into safe mode with networking.

Once you are booted into safe mode with networking you will need to download, the free AVG anti virus, Spybot Search and destroy, highjackThis, and ad-aware. Install all programs and then update them. Now download CCleaner, install and run. Remove all those junk temp files. Now run ad-aware and Spybot. Both programs can run at the same time. Once they finish reboot normal, if you were asked to run Spybot again on boot then let it run. Now run AVG and do a full scan.

One AVG has finished then reboot and run highjack this. Remove any entries that you know to be bad. Be careful and only remove the known bad entries because if you remove something that is needed you will be hosed.

If you are unsure about any of what was said here then your better off having a pro remove the virus. This can be done for as little as $89 dollars on places like We recommend you purchase anti-virus software as well because the fact you were infected in the first place tells me you were not protected enough.

For a more in-depth guide on removing spyware and exact steps view our spyware removal guide. Our Vista Repair site also features many repair tips and tricks as well.

If your in need of online computer repair then check us out at online computer repair. If you need anti-virus or spyware software we have reviews on our Vista anti-virus software page.

Article Source: Free Ezine Articles for your Blogs. Get your Free Articles today!

AddThis Social Bookmark Button

Friday, February 1, 2008

Anonymity Online - Rising Demand for Anonymity Services - The Dangers of Using A Proxy Server

The Patriot Act and similar amendments passed in countries all over the world increased the demand for services, which redirect your traffic through a proxy server & encrypt it to prevent other internet users and even your ISP from spying on you.

All for instance your ISP is able to see is that you established an encrypted connection to a server, nothing more.

Using a proxy server is not completely secure, though. To communicate with your desired server providing the website you want to visit, the proxy has to decrypt your traffic and thus the internet provider of the proxy server is able to see the unencrypted data stream. This can be avoided by chaining proxies together or by simply using a service like Tor which redirects your traffic through 3 proxies, so called "nodes". This way, it is almost impossible to identify you, but...

the 'big but' here is, that the exit node decrypts your traffic again to communicate with the server you are trying to reach, e.g. This means, that the exit node can easily spy on the contents of the packages you send through the tor network, like for instance unencrypted passwords and basically everything else which is not SSL encrypted. This can be used against you in many ways:

Absolutely everyone may provide a Tor node. The government, criminals, ... Although the exit node providers don't know who is sending & requesting the traffic being redirected through their node, they can use the data they can "phish" this way against you anyway. Furthermore it is pretty easy to figure out who you are by simply interpreting the recorded packages.

An alternative to Tor and similar services are VPN services. Same problem applies here: The VPN service provider can easily view your unencrypted traffic & use it against you. It happened at least once that law enforcment infiltrated such a service and brought a whole organisation of internet criminals down.

The conclusion therefor is, that such ways to remain anonymous might be efficient but you are always forced to trust the provider of the proxy/VPN service you want to use. In reality, this cannot be achived. You do not know who is behind a service and even if this person can be trusted, he or she will definitely not be allowed to tell you that the service is infiltrated by the government, not to mention the danger of such services being hacked.

So you should definitely think twice about the necessity of such a service for your needs.

Phil Wegner, moderator of a big internet business related forum.

AddThis Social Bookmark Button

Copyright © Security Expert  All rights reserved.