In the world of tech support, the only thing more common than,

“Have you tried restarting your computer?”

is “Try disabling your antivirus.”

The primary purpose of an antivirus software is to protect your PC from computer virus and malwares. It is however, a well-known industry secret that its products don’t always protect your PC from viruses. As a professional IT consultant and the default IT guy to friends and family, I have helped clean viruses and malware from a numbers of PCs that were already running some sort of antivirus.

So if the antivirus isn’t always protecting you from viruses, what is it really doing?

Here are a few things I think it does, in some cases, really really well.

Annoying notifications
Constant pop-ups with sound notifications telling you it’s everything it does, like updating its database, scanning the PC, allowing or disallowing programs and the list goes on. But none of that compares to the noise it will make as it gets closer to renewing your subscription.

Blocking software installations/configurations
For a vast majority of software, it is not just recommended but required that you disable your antivirus before you begin installation. Installing something without first turning the antivirus off can be a grave mistake. I do speak from experience.

Randomly restricting Internet access
This one is a pretty cool feature. Everything could be working in perfect harmony but suddenly on one fine morning when you’re trying to check your emails or get online to read the news you can’t seem to connect. Your Skype is working fine so the Internet is not the problem. You restart your computer but still the same. Disable the antivirus and everything is back to normal. What happened? Your antivirus was updated last night and things got a bit weird is all.

Slowing your computer down almost to a halt
There are two levels of this feature. First one, is a general slowing down of your PC. It’s done so well, you’ll hardly notice. “It’s always been that way” you say, yet when others use your PC they seem a tiny bit frustrated.

I know what you’re thinking now, “So he’s saying we shouldn’t use antivirus at all?? Is he nuts??”

You’re damn right I am! Well only about not using the antivirus bit. As for me being crazy, first here me out and see my suggestions below.

Online security starts with you
If you clicked on dubious links on emails or installed “free” software without verifying the source, you will be infected no matter how good your antivirus is. One of the main reasons antivirus is not just unsuccessful but also annoying, is that it’s trying to not just protect but also compensating for the operator’s lack of awareness. Be hyper alert while clicking on linking by checking where they are actually taking you. Also thoroughly verifying the source before downloading and installing software.

Operating systems and web browsers have come a long way
Apple’s Macs do continue to remain largely virus and malware free. Windows 7 and especially Windows 8.1 are generally very secure operating systems. They come with a host of integrated security features like built-in firewall and Defender (formerly Microsoft Security Essentials) the inbuilt windows antivirus. While browsers such as Google Chrome, Safari and Firefox are immensely secure and reliable, even Internet Explorer 11 is now extremely secure.

I gave up on expensive antivirus software many years ago. The idea of yearly subscriptions for a software that was causing more pain than gain all in the name of perceived security wasn’t working for me. Just to be clear though, giving up the antivirus is probably more suitable at a personal level rather than at a corporate level.

What’re your experiences with antivirus? Do you think not using antivirus is crazy or reckless?

This article was written by Austin D'Mello, Managing Partner of Vocatys, an emerging technology consulting company. If you liked this article please share it with your network. You can also subscribe to the monthly Vocatys newsletter by emailing us at hello@vocatys.com.

No matter what they say, no matter how well encrypted your network is, no matter how many firewalls and anti-virus software you have, there is no such thing as truly secure network.

On a regular basis we hear a number of organisations being ‘hacked’. Think of NASA, Pentagon, Target, Adobe, Facebook, Forbes.com, US Navy and the list goes on. They are all large and high-profile organisations with seemingly unlimited resources at their disposal to protect themselves against these attacks. Yet they find themselves among many that suffer ongoing security breaches.

Interestingly, at least 4 of the organisations mentioned, have verified the cause of the breach was a form of ‘Social Engineering’ technique. According to Wikipedia, in the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. So metaphorically speaking, one does not need to disarm the alarm or break through doors or windows to get into your home if one can simply talk you into opening the door for them. The techniques employed are only limited by one’s own imagination.

The good news though is that you don’t need to spend big bucks to avoid such attacks. The following tips may not eliminate the threat but it will greatly minimise your company’s susceptibility to it.

You and your team are the weakest link
It all starts with awareness. Social engineers are relentless and often quite talented at their art. Knowing you and your team are the biggest threats to your IT, unintentional of course, is the first step. We humans are surprisingly easy to manipulate.

Rewrite your IT policy
If your current IT policy is more than 6 months old, it is time to re-write. Do not amend, just re-write. Technology and its usage is changing rapidly. Having an updated, all-encompassing policy is not just to scare employees into compliance but it is to educate them.

Control all mobile phones that access the business network
If you and/or your team use personal mobile phones for anything related to the business viz. phone calls, SMS, emails, apps and documents, you need to control it. Mobile phones connecting to multiple Wi-Fi access points, especially free public ones, are most vulnerable. There are free Mobile Device Management (MDM) tools that are easy to manage, are low cost cloud based solutions and can be easily deployed to manage these mobile devices.

Ban all external storage devices
The fastest way to break into a network would be to have a USB drive seemingly empty but loaded with a rootkit that unleashes itself the moment the drive is plugged in. Files can be transferred over your network’s storage or simply use services such as Dropbox, iCloud, Google Drive, OneDrive etc.

Emails are for correspondence not collaboration
This cannot be emphasised enough. Forbes.com was hacked and defaced by Syrian Electronic Army using a simple email phishing attack. Cultivate a culture and policy where basic text emails are only used to correspond and to collaborate you can use anyone of these free collaboration tools. Most importantly, seriously consider before opening email attachments or clicking on links in an email.

Reconfigure Router and Wi-Fi
Your router is the gateway to your network and if there is a Wi-Fi access point attached, it becomes very visible and hence very vulnerable. With the help of your IT support provider reconfigure your router to best practice standards.

Passwords and 2-Step Verifications
Google, Apple, Microsoft, Twitter, Facebook and a host of other service providers offer 2-Step Verification/Authentication, which once set up, you will need to enter your password and the 4-8 digit code sent to your mobile via SMS to access your account. This may sound painful but it would be nothing as compared to pain highlighted in Mat Honan’s case. So wherever possible, set-up this 2-step verification and change all passwords at least once every 1-2 months.

Trust NOBODY
Even seemingly unimportant information such as IT hosted in-house or cloud-based is valuable information to anyone interested. While sharing Wi-Fi passwords and other such security information can obviously be detrimental, create a culture of zero trust when it comes IT. Include a broad IT policy compliance clause in every contract and agreement with external suppliers.

Designate specific IT people
This one applies to businesses using external IT support providers. Designate no more than 2 staff, one primary and the other secondary, to act as liaisons to your service provider. No one else is to have any conversation or perform any actions pertaining to IT. Thus reducing potential information leaks and improving the effectiveness of the service.

Cultivate a culture
Doing a full circle we come back to you and your team. We are, after all, humans, creatures of habit. If habits are not cultivated to be good, they will form anyways, and in most cases, they will be bad. So proactively help create good habits and culture. Regular formal and informal meetings and training sessions will yield a long term sustainable IT aware culture.

So there you have it. The best things in life are indeed free. You do not need to be an IT guru nor would you need an addition to your IT budget to implement these basic yet effective tips to secure your IT. These will not eliminate the threats but will significantly reduce your chances of being ‘hacked’.

References

• http://www.crn.com/slide-shows/security/240165003/top-10-security-breaches-of-2013.htm
  
• http://en.wikipedia.org/wiki/Social_engineering_(security)
  
• http://online.wsj.com/news/articles/SB10001424052702304526204579101602356751772
  
• http://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/
  
• http://www.forbes.com/sites/chrisversace/2014/01/22/2014s-hacking-pain-is-cyber-securitys-gain-for-symc-feye-pawn-keyw-csco-cuda-ftnt-impv/
  
• http://abcnews.go.com/Technology/story?id=119423
  
• http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/
  
• http://www.theinquirer.net/inquirer/feature/2320371/2013-was-a-very-hacked-year
  
• http://aneuron.com/stay-secure-friend-hackers-targeting-smbs/
  
• http://blog.quatrashield.com/2013/12/17/357/
  
• http://www.infosecurity-magazine.com/view/25357/pwc-and-infosecurity-europe-release-the-latest-information-security-breaches-survey/
  
• http://en.wikipedia.org/wiki/Phishing
  
• http://www.emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf
  
• http://www.scmagazine.com/february-2014-threat-stats/slideshow/1809/#1
  
• http://www.cio.com/article/598122/15_Free_Enterprise_Collaboration_Tools
  
• http://www.androidcentral.com/no-excuses-its-time-turn-two-step-authentication
  
• http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
  
• http://www.computerworld.com/s/article/9181939/Infected_USB_drive_blamed_for_08_military_cyber_breach
  

So there is a new malware in town called GameOver Zeus or GOZ. On 2 June 2014, FBI announced it had teamed up with its counterparts from around the globe, including the Australian Federal Police, to bring down a botnet that is believed to be responsible for stealing over a $100 million from businesses and consumers.

What is it?
GameOver Zeus is essentially a malware. It is reported to be one of the most sophisticated of its kind. Specifically designed to steal baking details, it not just takes over the computer but turns the computer into a zombie that becomes a part of a much larger network of other infected computers. Thus forming a botnet spread across the world used to harvest banking and other critical information.

During the operation they also uncovered network of computers and servers infected with CryptoLocker, a ransomware that encrypts and locks you out of important files on your PC and demands a fee in return for unlocking them.

Both of these allow creators full access to your server or computer, often with minimal detection.

Modus Operandi
The main distribution vehicles for these have been, like most, emails and phishing.

Carefully worded emails with attachments are sent to all the contacts on the infected PC unbeknownst to the owner. Friends, family and colleagues are easily caught off guard.

What you need to do?
As of writing this, the botnet has been taken down. Having said that GameOver Zeus is no ordinary malware. It does not have one specific control centre. It has a peer-to-peer command structure thereby making it very tricky to pin it. The authorities have issued a fortnight’s warning to businesses and users to protect their servers and PCs. Apple Macs are not affected by these malwares. But here are a few urgent things all, and I mean ALL, users of any devices connected to the internet must do as best practice;

• Always ensure to update your computers and devices with the latest available updates.
  
• Especially for old Windows PCs, make sure you have an always updated antivirus software.
  
• Use strong passwords and change them at least every 2 to 3 months.
  
• Avoid visiting unknown random sites.
• And last but the most important one is remain hyper vigilant with emails even from people you know. If they seem even slightly out of the ordinary do not open them. All attachment must be treated with some level of suspicion.

Remember every glitch is a bug, not all are dangerous but you never know which one is. So in the big bad world we call Internet be very aware!

References

• http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/gameover-zeus-botnet-disrupted
  
• http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/documents/gameover-zeus-and-cryptolocker-poster-pdf
  
• https://www.us-cert.gov/ncas/alerts/TA14-150A
  
• http://www.us-cert.gov/ncas/alerts/TA13-309A
  
• http://www.news.com.au/technology/online/gameover-zeus-virus-link-to-australia-as-fbi-moves-to-shut-down-the-global-banksiphoning-operation/story-fnjwnfzw-1226941496956
  

What is it?
Heartbleed Bug is a major and I do mean seriously “MAJOR” security flaw in widely used OpenSSL cryptographic software library. This bug allows anyone on the Internet to read the memory of the systems that are protected by OpenSSL. This bug was introduced in December 2011 and has been lurking out there since the version 1.0.1 release of OpenSSL on 14th March 2012.

For the technically inclined, there’s plenty more information at www.heartbleed.com

What does that meant to me?
A vast majority of systems online i.e. emails, websites, IMs, banking and pretty much most services online that are protected by OpenSSL are at serious risk. So essentially anything you do online that requires you to login including most apps on your mobile phones are potentially unsafe. By using any of these services you could be putting your details out in the open for anyone to see, steal and use.

Due to the nature of the access one can gain because of this bug, it is very hard if not impossible to detect the breach. If it has happened we wouldn’t really know it.

Should I panic?
Despite the scary sounding prognosis above, the short answer is, No. There are currently 2 kinds of people out there working very hard, day and night; people that are trying to fix this bug and people that are trying to exploit this bug.

• People trying to fix it (good guys) only need to update their systems with OpenSSL 1.0.1g released on 7th April 2014. Trust me it’s far easier said than done but not as slow as it is for the bad guys.
  
• People trying to exploit it (bad guys) can’t just do so in one go and steal all the information. They can only do this in chunks of 64kb in one attempt. This means they have to keep repeating the attack many thousands of times to make it worthwhile. That takes time. A lot of time!
  
• Also Attackers are often not interested in the stolen data itself, they seek to try and sell this data. They have to find buyers and that again takes time.
  
  

So while the race is on, good guys have an advantage and most importantly panicking, as we know, will not solve anything.

What do I do?
To what extent the damage has already been done we will not know, for quite a while. However, there are a few things you can do at this point in time to mitigate or at least minimise the damage.

• While changing your passwords immediately sounds like the obvious step to take, I would recommend holding off for just a few more days. With most systems still being patched (it’s a painfully long process), changing your password on a vulnerable system will not really help. So give it a few days and then go change every password, pin and login details of every service you use online.
  
• For now (I know this is not going to be easy) avoid as best as you can using online services especially ones that require credit card details and other banking details.
  
• And finally, if they haven’t already started, get your IT department, IT support providers and/or system administrators to immediately update your networks and servers with the latest version of OpenSSL 1.0.1g.
  
  

As I mentioned earlier, there is no reason to panic but every user online right now needs to be hyper vigilant and avoid secure activities on the Internet.

For more information and/or help feel free to contact us on heartbleed @ vocatys . com. Also pass this information along to other peeps in your network that could benefit from this.