It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.

These days, some viruses can “morph” at regular intervals—keeping their same dangerous functionality and avoiding the signature matching. An analogy would be someone being able to change their thumbprint one or more times each day.

Over the years anti-virus has evolved to include new ways to stop viruses. One way is to watch for dangerous behavior. The problem here is for the anti-virus tool to be able to discern if the dangerous behavior is being performed by a legitimate process or a virus.

Anti-virus vendors are constantly playing the “cat and mouse” game of keeping up with new virus strategies. This is one more reason to always stay current with the latest anti-virus offerings available.

Please post your comments on this blog.

In reality, an additional computer can be expensive and the chances are, at some point, some user will use that computer to access the Internet anyway and now the “banking only” computer is infected too.

There are other solutions, such as using VMware Desktop, to launch a “clean” browser to use for online banking, however VMware desktop is a little technical to set up and use for most senior executives. As time goes on, browsers are starting to run in their own isolated space that helps, too.

Another option is to use a product such as Faronics Deep Freeze that makes your home computer “go back to brand new” every time you reboot. That’s like having a new computer every time you sit down!

I feel the most probable solution is to make your home computers really secure and then use them for banking. This includes patches, anti-virus, a robust firewall, etc. If you want to take the extra step to get a separate computer, and make it super secure too, then you may decide that is best for you.

Please post your comments on this blog.

Will viruses and other malware contribute to injuries and deaths? Imagine diagnostic imaging machines, like X-rays and CAT Scanners, exposing patients to too much radiation due to a virus. Traffic lights not functioning properly, especially on a highway with high speed limits, could lead to a horrible crash.  Emergency services may already be delayed in their response due to computer malfunctions. The airline industry has plenty to worry about. What if trains fail to stop and crash into another train or the end of the line?

Apparently the Spanair diagnostic computer does not connect to the Internet so the infection likely came from an infected USB device, CD-ROM, or some other form of removable media.

Just last month, control systems manufacturer Siemens, who manufactures control systems, warned that malware called Stuxnet is spreading through infected USB devices to penetrate industrial control systems. I wonder if there are any control systems at nuclear power plants infected yet.

More and more regulations and laws are forcing organizations to wake up to the fact that IT security is very important.

Business executives and IT professionals alike must realize:Viruses and other malware do not necessarily make themselves obvious for the simple reason that, if you know a computer is infected, you are likely to have a qualified IT professional fix the problem.

• Anti-virus programs do not always catch all viruses
• Firewalls are not perfect either
• End users can, accidentally or on purpose, bypass some of the best security you set up

How many more people will need to die, how much more money will be lost, before people become aware of the importance of IT security?

Please post your comments on this blog.

A strategy that keeps gaining ground is the concept of “white listing” applications. In plain English, this means your computers have a list of programs that are on the “approved” list to run, such as Word, Firefox, Acrobat, Excel, etc.

Then, any other program cannot run. Period. That means virus 1, virus 2, virus 999, etc. is not allowed to run. This solves the whole problem of needing anti-virus. In theory, even if a virus does come into your network through e-mail, web site drive by download, or Ernie in shipping carrying in an infected memory stick, it doesn’t matter. The virus cannot run anyway!

The challenge lies in your IT department being able to keep an organized white list of “approved” programs. When an update to a program arrives, the new update has to be listed too or it will not run.

Many providers are offering solutions including Bit9 Parity and Lumension Application Control and there are constant advancements in making administration even easier.

Yes, some day anti-virus may be old news and never used again.

The primary reason we perform vulnerability assessments as parts of security assessments is to generate an inventory of all the computers currently alive on the network and a list of vulnerabilities those computers have.

The challenge is that the human brain loves a “list of what’s wrong.”  Most of the IT professionals at organizations go immediately to work solving the identified problems thereby “killing alligators.”

We always implore executives and IT professionals alike to focus on “draining the swamp” in addition to, and sometimes instead of, “killing alligators.”

In our ongoing effort to help IT professionals and organizations focus on strategic, as well as tactical, plans to take IT to the next level, I sometimes feel like a dentist who hands out new toothbrushes as well as a gift certificate to the local candy store in the same visit.

Vulnerability assessments are wonderful—just remember to focus on the one or two strategic changes that can fix one hundred or more tactical issues.

This article from the Washington Post has more details: http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html

The reason criminals keep using the same old tricks is that the tricks work. Warn your fellow executives and other workers about the importance of never opening attachments you were not expecting even if they appear to come from a trusted source. When in doubt, contact the sender to see if they really did send you an attachment.

Your IT department can help you scan the attachment for viruses, and some of you have services that scan all of your attachments. Just remember that the scanning may not catch the virus. Some viruses have new code every four hours so the anti-virus programs cannot keep up with the changes.

Practice many levels of protection and be wary!

While that strategy may help some, it is far from being a reliable way to protect your network. First of all, without performing some technical detective work, it is hard for a non-IT professional to tell who the e-mail came from anyway. You may get an e-mail from a cybercriminal who uses “spoofing” to make the e-mail message appear that it is coming from your best friend, bank, the FTC, or anyone else.

Better protection comes from scanning tools running at one or more locations including your e-mail server, your firewall, your spam filter, and the anti-virus client on your local machine.

Training users “not to open e-mail from strangers” is a moot point if your user is supposed to open e-mail messages from prospects interested in your company’s products and/or services.  There is some training that matters though…

Train your users to NEVER click on a link in an e-mail message. The link may say to the user, “click here to read an important announcement about your future employment at this company” and the link underneath may take the user to, “hose the network now dot com.”

Also train the users to never send out any private information in an e-mail message or attachment. The message can be misaddressed, intercepted or forwarded to the wrong person. If something is private, it needs to be encrypted using an effective encryption method. In another blog entry I addressed data loss prevention tools that can even help identify these messages and stop them before they leave your organization.

If your executives or other users use the strategy of “not opening mail from someone they don’t know,” that is a red flag alerting you to a problem you can resolve ASAP.

The virus goes by the name of Conficker and it is also known as Downadup (and also Downup and Kido).  My advice remains the same as always: be concerned about a really bad virus every single day of your life. If you are following IT security best practices, then there is nothing more to do in preparation for April 1.

Still, I was amazed during the Y2K bug nine years ago how many executives decided, “ok, let’s go ahead and take appropriate IT steps since there is a deadline.” If your organization has been postponing some of the simple IT security basics, maybe Conficker’s “bright side” is that you’ll do what needs to be done.

Click here to view the embedded video.

Details of some of the steps to take include:

• Make sure all your critical Microsoft and Apple patches are installed. Organizations should use a centralized patch management tool. For short instructional videos for home users click here for Macintosh: http://www.fosterinstitute.com/blog/update-your-mac.html and here for Windows: http://www.fosterinstitute.com/blog/update-your-pc.html
• Make sure other applications are patched.
  See http://www.fosterinstitute.com/blog/useful-utility.html#more-149
• Make sure your anti-virus program is using the current version of the program, has the latest signature files, and is performing scheduled scans of all your computers. More information here
  http://www.fosterinstitute.com/blog/daily-it-checkup.html#more-23
• Continue your practice of having a good backup at least once a day
• Use excellent firewalls and Web Content Filtering tools http://www.fosterinstitute.com/blog/block-sites.html#more-144
• Have regular IT Audits – See www.KeepMyNetworkSafe.com and http://www.fosterinstitute.com/blog/easy-it-audit.html#more-96 for more information
• Educate your users so they help protect your organization’s reputation http://www.fosterinstitute.com/blog/easy-it-audit.html#more-96

Even if the economy is having a negative effect on your business, protecting yourself is very economical. The expensive part is suffering the monetary loss from downtime, lawsuits, and loss of your company’s reputation.

Protect yourself today – and every day!

If you have never tried the scans at www.secunia.com you may want to. There is a simple online version of the scan and also more in depth scans you can purchase. One of the most useful parts of the program is that it shows you where to find patches and updates that your system needs to be fully functional.

When Secunia scans your computer, it will look at many applications other than Microsoft. If any of your applications are out of date, it will show you how to fix your system.

The tool helped me track down problems on a new laptop I was building recently. In addition to helping me find patches for applications, it helped me identify that I had multiple copies of tools installed. The multiple copies were causing other problems on my new machine including the dreaded blue screen of death.

Really the only concern is that a cybercriminal could redirect you to put the wrong patches on your system potentially causing an infection. If you trust the professionals at Secunia, they can help you avoid being redirected to the “wrong” site for your patches.  I found the tool so useful I want you to know about it as well to see if you like it too.

As always, check with your IT professionals to get their approval, and maybe even assistance, and you may find Secunia fixes some bugs you always wondered how to resolve.  At the very least, it can potentially make your system more secure.