If Antivirus Is Dead, How Do I Know If I've Been Hacked

Antivirus “is dead”, declared Brian Dye senior vice-president of information security at Symantec. Industry experts agree that antivirus protection is only 45% effective in detecting malware. If you have been relying on antivirus protection as your only approach to protecting your computer from intruders, then you might sleep less comfortably at night.

So, if you go to a website, open an email attachment, or download a file where there is malware present, there is a 55% chance your computer will become infected without you knowing about it. If you can’t rely on antivirus protection to detect an infection, how will you know if you’ve been hacked?

Chances are you won’t know you’ve been hacked. Most people assume that their computer will crash or will suddenly experience performance issues. That assumption is a myth. Cyber criminals will NOT crash your computer. That would defeat their purpose. Their aim is to infiltrate your computer to pilfer data. After their done they will use your computer to cover their tracks so their attacks on other computers will appear to originate from your computer. They may also add your computer to their network on infected computers. That network is referred to as a “botnet” and your computer is referred to a “zombie”. With a network of hundreds of thousands and even millions of computers, hackers have the power to launch attacks on networks and websites that can render them inoperable. There is absolutely ZERO benefit to the cyber criminal in crashing your computer.

If you think that being careful with opening email attachments and what websites you visit will protect you, think again. Most people use Facebook and other social media sites. According to industry experts the use of social media to spread malware has become ubiquitous. Cyber criminals have enjoyed a 70% success rate with malware spread through social media.

What can you do besides throw your arms in the air in frustration yelling “why little ol’ me!”. Or, resigning yourself to constant surveillance and saying to yourself “I have nothing to hide” in order to feel less uncomfortable. Obviously, a new approach to securing your computer is sorely needed. There are solutions that I will cover in future blogs. So, stay tuned.

Symantec Exec Declares Antivirus is Dead

 

Antivirus detects only 45% of all attacks which renders the widely used protection ineffective according to industry experts. Brian Dye, senior vice-president for information security at Symantec, has declared antivirus as “dead”. This comes from a company that has been a leading innovator of antivirus products since the 1980s.

Cyber criminals and hackers have simply outsmarted the developers at antivirus companies. At first the industry approach was detect and then protect. That method worked when the amount of malware and viruses being produced was relatively low. Once the amount of malware created per year reached the level of millions of variants the “detect and protect” approach became impractical. At that time a quasi-artificial intelligence called “heuristic detection” was developed. Heuristics worked for the 1990s and early 2000s. But, the bad guys found a way to bypass the heuristic detection. Hackers now use a method called “cypting” that renders malware undetectable to antivirus software and malware tools.

Brian Krebs, a computer security reporter describes this “crypting” method, “Put simply, a crypting service takes the bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today – to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And, it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.”

The cyber criminals and hackers call this kind of malware “full un-detectable” or “FUD” for short. This is the reason antivirus is now only 45% effective. So, if you have been depending on antivirus as your sole means of protecting your computers you are in for a rude awakening. And, if you have felt safe because your computer hasn’t crashed, you are even in for a bigger rude awakening. Professional cyber criminals and hackers will NOT crash your computer. That would defeat their purpose of pilfering your data and using your computer to cover their tracks when attacking other computers.  There is absolutely NO benefit to the cyber criminal to crash your computer.   They may encrypt your data and blackmail your into paying a ransom to get your data back, but they won't crash your computer. 

In future blogs I will discuss alternatives to antivirus protection that is more effective.  Stay tuned.  

Is Your Data Protection Stuck in the 1990s?

Let's be honest.  Business computing can be complex, confusing, and frustrating for the average small business owner.  Is it any wonder why most small business owners want simplicity when it comes to the securing of their business data.  Back in the 90's all one had to do was install a virus protection software that included a firewall and you were done.  Simple.

I hate to burst you bubble, but we are not in the 90's anymore.  Hackers, cybercriminals, and other techno freaks have punched so many holes into virus protection that it has rendered it as a mere annoyance. Cyber criminals have developed numerous end around approaches so they can get past the virus protection and firewalls.  Bottom line is one solution or one protection is no longer enough.  Simplicity gone, sorry.

Remember this Rule: If you make it simple for you, you make it simple for the hacker.

Is Your Business System Protection Stuck in the 90s?  If you answer NO to any of these questions...your stuck in the 90s...

Password Protect Data

• Do you create strong passwords with at least eight characters, mixing in symbols, numbers and uppercase and lowercase letters.
• Do you create unique login information for each of your online accounts.
• Do you change passwords regularly.
• Do you make it a policy to never share your account login information.
• Do you use two-factor authentication processes when they're offered. These require users to sign in with a username and password plus a verification code that's typically sent via text message or displayed through an application on your device.
• Do keep track of passwords with a password manager NOT and excel spreadsheet? (Available as a desktop program or as an app, this tool stores passwords locally and securely, and some even generate unique passwords for you.)

Practice Safe Web Surfing and Cloud Computing

• Do you always back up the data you store in the cloud to a local computer or hard drive?
• Do you update your operating system and/or web browser often to take advantage of security patches and updates.
• Do you invest in anti-virus and malware programs. Do you keep these updated as well.
• If possible, do you customize privacy settings so you control who can view your information and what information they have access to.
• Do you restrict the amount of information you share online. Do you protect sensitive information by keeping it in a separate location with access restrictions.
• Do you avoid directing all password recovery messages to a single address—a practice known as "daisy-chaining." A hacker who gets hold of your email login could gain access to all of your accounts.

Monitoring Removes the Mystery of What is Happening on Your Network

Monitoring Removes the Mystery of What is Happening on Your Business Network

Monitoring is so significant as far as system reliability that even if you didn’t practice maintenance the reliability of your business systems will be noticeably improved.  With monitoring you have an early warning system.  Microsoft has devoted a considerable sum of resources to build into its operating systems “sensors” that detect and record thousands of events occurring on your computer. 

For instance, you can know who accessed a file and when it was accessed.  You can find out what changes were made to your computer system  and when these changes were made. You can know when applications like viruses install on your computer.  Even hardware performance can be monitored for any decrease in performance. There are so many events that can be monitored that the possibilities are practically endless. Even so, in order for this kind of monitoring to be effective, you need to decide what is going to be monitored and enable the monitoring.  Even more important is that someone needs to be paying attention.  What good is computer monitoring if the alarms are blaring and the lights are flashing but no one is paying attention. 

Unfortunately, most small businesses don’t have anyone monitoring their computer systems.  And, certainly, they don’t have monitoring set up or enabled.  This is truly a lost opportunity to vastly improve system reliability.  Wouldn’t you rather be warned that your computer is on the verge of collapsing or would you rather one day come to work and your computer won’t work without any warning?  Monitoring can make that kind of difference!

So, why are most small businesses not monitoring their network and systems?   

Because small businesses hire computer repair techs who make their money by repairing broken computers.  Let’s be honest, if you only pay a computer tech when your computers are broken, what is the financial incentive for the tech to prevent computer problems?…none!  What most small businesses lack, that most larger companies have, is full time salaried computer experts. For large organizations the computer tech’s raises and bonuses are predicated on reducing computer downtime.  If that tech wants a raise, then he better make sure the computers are always up and running.   

So what is the answer for a small business that can’t afford to pay the $90,000.00 salary to get a dedicated salaried computer technology expert who has the incentive to make sure the computers are always up and running?  Here is what you need to do… you need to find a tech support vendor that can be hired on a flat fee basis to do everything including maintenance, prevention and unlimited tech support.  Yes, UNLIMITED TECH SUPPORT is the key!  The unlimited tech support for a flat annual fee means the tech support company has the financial incentive to prevent computer breakdowns.   If the tech support company gets paid a flat fee, then the more computer crashes occur the less per hour the support company makes.  It is like having your very own tech expert on a salary!

So where do you find that kind of tech support company?  

Do an Internet search for “managed services” and you will find one in your area.  How expensive are “managed services”?  Honestly, these kind of businesses do NOT operate like Joe’s Cheap Tech Support.  So, don’t expect to get Walmart prices.  Yes, you may pay more for the expertise they bring.  But, your company will save money in the long run by increased productivity in having computers that work all the time as well as perform better and faster.  And, you get the added bonus of an expert who is on your side.

Reducing IT Costs: Save Money by Managing Change or Change Will Manage You and Your Company

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money

Part Three: Managing Change

Remember the adage that the only thing in life that is constant is change itself.  That adage equally applies to the life of computer systems.  You company’s computer systems are not static.  They are under a constant barrage of change: new Windows updates, application updates, hardware additions, software installations, configuration changes, virus infections, and the list goes on and on.  In the previous Pillar “Variety is the Wrong Spice” I delineated the challenge of reigning in the complexity of hundreds of products and thousands of product configurations and all the unpredictable results of that multitude of combinations.  Now add change to that cacophony of infinite combinations and you have a potential recipe for disaster.  That is why managing change is so important to keeping IT costs under control and assuring system dependability.  

I want to emphasize that your business computer technician needs to “manage” change with YOUR full support.  Computer system changes should NOT be random or ad-hoc.  Employees should NOT be allowed to install software, add games, or change system settings on a willy-nilly basis.  If that is the case, then you have abdicated any semblance of control over your business systems.  It is possible that you have turned over your computer systems to your employees for them to use as their own personal entertainment centers.  And, if you have, then you’ve opened the door to software installations that may cause instability in your business line of applications, hardware additions that may not play nice with your business systems, and an increase incidents of virus infections.  This will increase your business IT costs that may escalate out of control. 

 Document all changes made.  The main reason for this is to assist in any troubleshooting of problems that may have been caused by the change.

So, YOU the business owner have the responsibility of taking back control of your business computers systems.  Stop treating those computers as discretionary gadgets used for entertainment.  Treat your business computers as production line equipment.  You’ve made a significant investment so protect and properly maintain that investment. 

First step is creating a company policy that prohibits employees to install software or make system changes.  That responsibility will fall to designated “system administrators”.  As far as the average employee, what you are doing is removing the responsibility of caring for the computer system and thereby the responsibility for when their computer crashes and all the consequences thereof.  You are allowing your employees to focus on their jobs. And, that is what you are really paying them for…right? 

By limiting the number of people who make any kind of change to your computer systems it is much easier to keep track of the changes that were made and thereby if any change may have caused problems in the system. 

Next step is to set up a systematic approach to making computer system changes by your designated “system administrators”.  

• Schedule the changes on a regular day of the week, or otherwise communicate each time changes are made to the computer systems.  This way all employees can know that day of the week as “Change Friday” and if that employee notices some unintended consequences of the change that escaped testing they can let you know.  Otherwise, the employee may think it is some random happening.If you have standardized your systems, then you can test any new hardware or software on one system.  Then that one system can act like the “canary in the coal mine” before rolling out that change to all systems. 
• If your computer systems are not standardized, then you will need to methodically roll-out changes in groups of computers rather than all at once.  
• It is best to document your Change Management policy.  Even if that policy fits on one page.  That way everyone knows who is responsible for what and sets the appropriate expectations. Then make sure that policy is clearly communicated to everyone who uses the business computer systems. 

Reducing IT Costs: Why Variety is the Wrong Type of Spice

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money - Part Two

In your pursuit of reducing your business IT costs, the recipe not only includes avoiding the “lemons”, but also avoiding too much variety.  When you dig a little deeper you will discover that your computer system is not one product designed by one manufacturer.  Even when you purchase, let’s say, a Dell computer what you are really buying is: a motherboard manufactured by ASUS, a processor manufactured by Intel, memory manufactured by Kingston, a hard drive manufactured by Seagate, an operating system manufactured by Microsoft, etc.  Essentially, what Dell does is bring these various parts manufactured by different manufacturers and assemble them into a computer.  But, even Dell knows you can’t take various parts with different technologies, features, and versions and throw them together and expect them to work nicely with each other.  Dell does extensive testing with combining these different technologies before assembling them into a computer. 

Now extend this scenario to a business network.  You have computers from different manufacturers like Dell, HP, or Lenovo.  On these computers you have different operating systems such as Windows XP, Windows Vista, Windows 7, Windows 2008 server or Macintosh.  You also have a variety of devices such as printers, switches, broadband routers, network firewalls, etc that are all manufactured by different manufacturers and some have new technology while others have older technology.  Installed on your computer you have a variety of software such as browsers (Internet Explorer, Firefox, Opera, etc), accounting software (QuickBooks, SAP), office suites (Microsoft Office, Open Office, Word Perfect), customer databases (ACT, Goldmine), inventory tracking software (Fishbowl), and antivirus software (Symantec, McAfee, Trend Micro, etc).  And, all this software has different versions.  With all this variety how can you be assured they will play nice together?

In add to this plethora of software, hardware, and devices, is the fact that most computer products can be custom configured in a multitude of combinations.  In fact it is this complexity of numerous configuration settings that keep many a computer tech employed.  One misconfigured setting can cause your whole business network to stop functioning.   With this ever increasing complexity of product and configuration settings comes an ever increasing chance that things can go wrong causing outages and service disruptions.  So, how do you combat this trend? 

According the IT Process Institute one of the most effective ways to control IT costs is to simplify and standardize the configuration of your business network.  Practice “Less is More”.

Below are some ideas on how to do this:

1. Remove or disable any application or software on your computers that do not have a business use.
2. Prevent employees from installing software on your business computers
3. Buy computers from the same manufacturer and buy the same model.  Have the same operating system and software on all computers.

Standardization will greatly simplify the maintenance of your business network.  Below are some reasons why…

1. Standardization goes a long way in effectively managing change in your network and computers systems. (See The Five Pillars of Computer System Stability and Reliability – Change Management)
2. Standardize to avoid compatibility problems. The more software and hardware you have, the more often you’ll encounter conflicts and errors that are hard to isolate and fix.

Part Three: How to save money by managing change

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money  

Part One - Avoiding the Lemons Is Easier Said Than Done

We all heard the term “Lemon” as it applies to a product that is bad, unreliable, or simply doesn’t work.  What makes any product a “lemon” is poor design, not just quality control. Even if, you have a manufacturer renowned for product reliability such as Toyota, that manufacturer can still produce a product that needs to be recalled.

The first pillar of the Computer Dependability and Longevity that Save Your Company Money is to avoid purchasing that computer application or hardware with poor design or is a “lemon”.   Unfortunately, in the ever changing environment of computer technology that is easier said than done.  It is easy to get fooled by the hype and sucked into keeping up with the Jones so we are not left behind in the old technology dust.  Even so, try to fight buying on impulse and follow the best practices below before purchasing any computer product:

Purchase products that have a proven track record

What I’m saying is a “product” that has a proven track record, not simply a manufacturer with a track record.  This means do the following:

1.    Avoid being a “first” adopter of new technology

2.    Purchase products that have been on the market for six months or more

3.    Check any and all product reviews about the product

4.    Check any “troubleshooting” forums that mention the product.  This is the advantage of waiting at least six months.  After six months these forums should be replete with complaints about the product.  Review these complaints to determine what you are really purchasing

5.    Buy business models. When you’re buying new computers for your business, look at the business models instead of the home models. Manufacturers (Dell, HP, etc.) change the components in their business machines less frequently, and only after testing the components in their “home” or “consumer” models.  This is reason behind the longer warranties you get with a business model. 

Whenever possible, test the product before you make the purchase

You may find the product that has good design and is reliable, but it may not pair well with the other software or hardware in your computer or your company computer network.  You can do this by doing the following:

1.    If it is software, obtain a demo.  Run the demo on a typical computer in your network. 

2.    Buy one copy or one device and test it before purchasing multiple devices.

3.    Setup a “test” computer that you don’t mind crashing.  You can use virtualization and imaging software to create you “test” computer so there is NO need to purchase additional hardware. 

Ask your computer support tech or company if they do the following

You can get invaluable advice if your computer support company does the following…

1.    The computer support company has their own “lab” where they test products

2.    The computer support company belongs to industry trade associations and regularly attends meetings.  Whenever techs get together they ultimately will discuss horror stories about products. These associations also provide a resource that your tech can tap into and obtain information from other techs who have had experience with a product.

3.    Avoid working with computer resellers who try to push you into adopting the latest technology. 

4.    Find a computer support company that is exclusively a consulting company or one that makes 80% of their revenue from consulting and less than 20% of revenue from product sales.  At least the financial incentive of the computer support company will lean heavily toward support and not product sales.  Essentially, they are forced to support the products they sell.

5.    Avoid Break/Fix computer companies.  They charge by the hour and they make their money when your computer breaks down.  It is the wrong financial incentive to pay a tech only when the computer breaks down.  From a Break/Fix support company’s view there is little financial incentive to prevent computer issues. The financial incentives lean to much toward the expensive fix as opposed to preventing the expensive fix. Find a company that will agree to work for a flat fee for all support and maintenance including system replacements…yes, they are out there.    


Part Two: Why variety increases your business computing costs