{"id":833,"date":"2014-06-19T18:38:55","date_gmt":"2014-06-19T18:38:55","guid":{"rendered":"http:\/\/blogs.secure-bits.com\/?p=833"},"modified":"2014-08-02T02:33:20","modified_gmt":"2014-08-02T02:33:20","slug":"how-malware-gets-on-the-system","status":"publish","type":"post","link":"https:\/\/blogs.secure-bits.com\/?p=833","title":{"rendered":"Malware and why you should be concerned…"},"content":{"rendered":"

Malware is any software\u00a0that disrupts computer operation, gathers sensitive information, or gains unauthorized access to private computer system. Once it gets a hold of your system, it will cause:<\/p>\n

    \n
  1. Loss of productivity<\/li>\n
  2. Embarrassment with customers<\/li>\n
  3. Lost sales<\/li>\n
  4. Lost data<\/li>\n
  5. Substantial financial loss<\/li>\n
  6. Frustration and loud swearing…
    \n\"Angry\"<\/a><\/li>\n<\/ol>\n

    I\u2019ve been getting questions about how malware infects computers. That made me realize that there is some misunderstandings that the general public has in this area. Certainly lots of information available\u00a0via the web nowadays on this subject; however, most of the available information is intended for IT people and as such, this type of information requires a certain level of technical knowledge in the area of networks, computer systems, malware, etc. The available information is accurate, but most small business owners have limited time and\/or interest in reading through pages and pages of technical information, much less following some and\/or all suggested protection for computers.<\/p>\n

    I cannot really blame small business owners for shying away from reading all the gibberish (to them), that\u2019s available about how to secure small business systems. Nonetheless, they must have some basic understanding of how malware can reach their business systems, in order to prevent getting malware on their computers. I\u2019ll try to use common terms and simple explanations; hopefully, this won\u2019t be that hard to follow\u2026<\/p>\n

    The malware can reach a computer, laptop, tablet, smartphone in four different venues:<\/p>\n

      \n
    1. Internet access, wired and wireless<\/span><\/li>\n
    2. Internet browser<\/span><\/li>\n
    3. Email clients, in the form of attachment and\/or links<\/span><\/li>\n
    4. Removable storage media, such as CD\/DVD, flash drive, etc.<\/span><\/li>\n<\/ol>\n

      Statistically, 90% of malware reaches the IT equipment over the network while the remaining 10% is attributed to removable storage media. The typical unsecured setup, wired and\/or wireless, for internet access would look like this:<\/p>\n

      \"Missing<\/a>

      Unsecured small business\/home system<\/p><\/div>\n

      Why is that important to understand this process? Well, knowing how your business systems may become victimized by malware will help you to prevent it. If knowing this information will simply make you more aware of how to use your small business system, that\u2019s great.<\/p>\n

      The actual goal of this blog post is to assist in transitioning you from your current set up to a secure business system that looks like this:<\/p>\n

      \"Secure<\/a>

      Secured small business\/home system<\/p><\/div>\n

      The end result has accounted for all four potential weaknesses and removed and\/or limited the impact of malware through these venues. Let\u2019s take it step by step on how to eliminate and\/or limit the way malware can reach the system.<\/p>\n

      1. Internet access, wired and wireless<\/strong><\/p>\n

      Computer worms and automated scripts for hackers constantly scan the Internet for available services and exploit them automatically, if and when the vulnerable service is identified. For this reason, you should make sure that your computer or network is not open to this type of exploitation from the internet.<\/p>\n

      Adding a hardware-based broadband router and\/or firewall remove the first major venue off the list. The cost for something of that nature would be around a hundred bucks. Something this simple can eliminate up to 10% of online risks through the Internet. The default factory configuration of the broadband routers blocks all Internet access to your system, in another word, just by installing one made your computers 10% more secure. Go ahead and test your computer at ShieldsUP!<\/a> and confirm if your computer is at risk after you installed the broadband router. ShieldsUp! will scan your computer for available services at no cost. The result of this test should look like this:<\/p>\n

      \"stealth\"<\/a>

      Stealth<\/p><\/div>\n

      Please keep in mind that the portable devices, laptops, tablets, etc., require a software based firewall, if and when connected to networks, that are not under your control.<\/span><\/p><\/blockquote>\n

      If your system scan does not show the same result, adjust the firewall rules to match the result and\/or contact me to do it for you.<\/p>\n

      Let’s move to the next venues to protect your system from…<\/p>\n

      2. Internet browser, 3. Email clients, and 4. Removable media<\/strong><\/p>\n

      Protection against\u00a0#2, #3, and #4 venues are principally the same:<\/p>\n

      2.1\u00a0 Do not use an administrator account for everyday tasks, such as browsing the web and reading emails.<\/strong><\/span><\/p>\n

      I do understand and somewhat agree that running your computer with an administrator account does make life easier, especially when the User Access Control or UAC warning disabled, but consider this. If you do that, you\u2019ve just made the hackers\/malware life real easy. When you\u2019ve logged on to your computer with an administrative account, any programs that you\u2019ll run will be running under this access rights. And that\u2019s any program, even the ones that you\u2019re not aware that is running in the background such as malware. Do you see just how easy you made it for the hackers? He or she does not need to find a way to gain access to the administrative account; you\u2019ve already given it to them.<\/p>\n

      The administrator account can also disable the antivirus solution to prevent protecting against the malware. You really should remove the administrator account access from your account that had been created when Windows was installed. Proceed with caution and don\u2019t lock yourself out of your system. <\/strong><\/strong>Create and administrator account first with a reasonable password for the purpose, name it whatever you want, log in with this account to test it first. Once the new account had been tested successfully, proceed to remove the administrative access for the account that you\u2019ve been using. This step-by-step guidance, titled “How to change user account type in Windows\u2026”<\/a> can assist you performing this task.<\/p>\n

      If your program(s) require administrative level of access, you should consider replacing them. If that\u2019s not an option, you\u2019ll need to run the program via the \u201cRun as…\u201d option, that\u2019ll grant administrative access just for the program in question and not the whole system. Alternatively, if you have the UAC enabled, Windows since Vista and later will popup a window for entering administrative credentials, if and when the program requires this access level\/right.<\/p>\n

      2.2 Use caution in browsing the web and reading emails<\/strong><\/span><\/p>\n

      This is how the majority of malware gets on your computer, about 80% of them. Both the browser and email based malware utilizes social engineering to convince the end user that they must perform some action. End users usually need to click on a link that downloads the malware and installs it. The convincing part can be as simple as offering nude picks of celebrities, or links to your financial institution sites, law enforcement warning, etc.<\/p>\n

      For social engineering sample and how to be cautious in reading emails, please see this link<\/em><\/a><\/p>\n

      Internet browsing on the other hand is a different story due to how the browsers work. All web pages are just scripts for browsers and they are executed under the logged on user\u2019s access rights to the system. Browsing the web with an account that have administrative access to computer is asking for trouble, as explained above in \u201ca.\u201d. So, what can you do, other than not browsing the Internet logged on with an administrator account?<\/p>\n

      Common sense will protect you in most cases. Certainly, staying away from \u201cshady websites\u201d such as porno, pirated software, MP3 download, and similar sites, will avoid getting malware on your computer. It would nice that this avoidance would secure you from malware, but that\u2019s not always the case. Hackers are smart and know that most people intentionally do not go to these shady sites. As such, they hack legitimate websites and place either their malware and\/or link to their malware at these sites. This is called \u201cwatering hole\u201d based attack, where the end users don\u2019t suspect that the legitimate sites will install malware on their systems. The legitimate sites that had fallen for this type of malware distribution and they still do. CNN and Facebook are probably the most commonly used websites that had fallen to this malware distribution. Protecting against watering hole based malware is covered in \u201c2.3.\u201d below.<\/p>\n

      2.3 Keep the operating system and applications updated<\/strong><\/span><\/p>\n

      Most, if not all malware takes a hold of your computer by exploiting known software vulnerability. Software companies do release updates to remove this vulnerability and you should install it as soon as they become available, be that for the Windows operating system and\/or applications installed on your computer. Nowadays, most software has an automatic update feature that will download and install the updates automatically. You should not disable the automatic updates, let them update in timely manner, as they should, to prevent known vulnerabilities of the software to be used against your computer.<\/p>\n

      Don\u2019t just trust the automatic update that it\u2019ll do its job, sometimes they don\u2019t. Since the majority of the malware reaches your computer through the browser, you should periodically test the security of the browser and its plugins at this link, a plugin installation required:<\/p>\n

      https:\/\/browsercheck.qualys.com\/<\/a><\/p>\n

      The Qualys plugin will scan your system for missing patches that includes browser, operating system and applications. The results displayed in your browser with links to the updates. Here’s the results for my system:<\/p>\n

      Browser:
      \n      \"browser\"<\/a><\/p>\n

      System:
      \n      \"Operating<\/a><\/p>\n

      Applications:
      \n      \"Application<\/a><\/p>\n

      The computer missing updates is vulnerable to exploits, be that Windows PC or in this case an Apple computer. The latter one may not have as many malware as the former one, but nonetheless, it can be exploited just as well as Windows PCs if and when it’s missing updates.<\/em><\/span><\/p>\n

      2.4 Purchase and install antivirus product (approximated $50-80), update definition files frequently<\/strong><\/span><\/p>\n

      This does not require much explanation, I hope. As long as you don\u2019t use an administrative account for everyday tasks, it\u2019s a worthwhile investment. You could also forgo purchasing an antivirus software and use Windows Defender, if you have Windows Vista or later version. The Defender is free with the operating system and provides protection against malware.\u00a0The Defender\u00a0and other antivirus effectiveness is greatly increased, if you follow the security recommendation in this blog.<\/p>\n

      2.5 Removable storage media<\/strong><\/span><\/p>\n

      Generally speaking, most of the malware on removable media is rather old. An up to date antivirus will stop older malware from infecting your computers. Nonetheless, you should:<\/p>\n

      a. Disable “AutoPlay” for removable storage media:<\/span><\/p>\n

      In the “Control Panel” select “Hardware and Sounds”,\u00a0click on “AutoPlay” icon, and select “Take no action” for software and games at the minimum.<\/p>\n

      b. Scan the removable media:<\/span><\/p>\n

      Your antivirus software by default will ask you, if you want to scan the removable storage media, just say yes…<\/p>\n

      Following these recommendations will protect you against most known vulnerabilities, about 95% and so far, it costs you about 175 bucks, some time to install, and configure the components.<\/p>\n

      So, what about the remaining 5%, how does one protect the system against that?<\/p>\n

      There are other options that can increase protection of the system with additional software. Knowing that sophisticated malware, among other malware, utilizes buffer overflow technics; you need a solution that will protect against this technology. One such software is Microsoft Enhanced Mitigation Experience Toolkit<\/a>, or EMET for short. This protection is free from Microsoft and easy to configure and just by selecting the default option during installation, it will protect your system against most of the malware relying on buffer overflow technics.<\/p>\n

      You can also download and install Winpatrol \u2013 Scotty<\/a> for free, which will monitor changes to Windows startup environment. All malware will change this environment and Winpatrol will alert you, if and when the startup environment is about to change. You\u2019ll have the option to deny or allow the change.<\/p>\n

      With the additional protection installed, your system is protected against 99.9% of malware, provided that you have done and remain committed to following the steps in this blog post. That\u2019s not bad for 175 bucks and some of your time invested. This is pretty much the best that someone, who is not an IT professional can do in today\u2019s environment. Corporations spend millions of dollars, thousands of hours on installation and training, yet they are struggling to get to this level of protection.<\/p>\n

      If you have gotten this far, that’s great. You’re on your way to have a home\/small business system, that will resist most, if not all malware trying to exploit your systems.<\/p>\n

      This seems complicated, but if you break it down and do one step at the time, apply some patience, it can be done by most computer users. If you run into trouble you can always re-read part of my blog, or contact me for help.<\/p>\n

      Alternatively, if you are short on time, you should hire BITS<\/a> to do it for you. Contact\u00a0Otto via email<\/a>, or call the office at 203.569.7610. Based on your business needs dictated operational requirements, we can tailor a security protection for you.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Malware is any software\u00a0that disrupts computer operation, gathers sensitive information, or gains unauthorized access to private computer system. Once it gets a hold of your system, it will cause: Loss of productivity Embarrassment with customers Lost sales Lost data Substantial … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[25,24,32],"tags":[],"_links":{"self":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/833"}],"collection":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=833"}],"version-history":[{"count":57,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/833\/revisions"}],"predecessor-version":[{"id":1009,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/833\/revisions\/1009"}],"wp:attachment":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}