April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
OPINION / With Malware, everything old is new again
By Andy Hayter
If you look back through the history of malware, you can expect the bad guys to use special occasions such as holidays or major world events to trick unsuspecting end-users into doing something with dangerous consequences.
Take, for example, the CHRISTMA EXEC that was released on IBM-based VM CMS systems in 1987. It displayed a Christmas tree and message on “dumb” terminals. Following the instructions on the screen, those who received and ran the EXEC allowed it to send a copy of itself to all e-mail addresses it could find. In the 22 years since the infamous CHRISTMA EXEC, nearly every holiday, disaster or major world event has brought with it new malware.
The 2009 holiday season was no different. Sadly, exploiting end-users is as easy today as it was two decades ago.
One change in the application of technology is the explosion of social media Web sites such as Facebook and Twitter that opened the world of online communications to many more people. Becoming a member of Facebook or signing up for a Twitter handle takes only a few minutes. The biggest shift is that the people signing up are audiences who never previously embraced technology in their lives, and therefore are lacking cyber-safety knowledge and education.
What may not be obvious when signing up for a social media site without reading the fine print is that it is the user’s responsibility to protect him or herself. These social media sites are a bit like the Wild West, where anything goes. Users should be skeptical about opening links and new applications. When in doubt, be wary of a Facebook application.
Twenty-two years ago when the CHRISTMA EXEC invaded corporate systems, they were relatively closed environments. Connectivity to the “outside” world did not exist like it does today with the Internet and the advent of social networking sites. Businesses face a dilemma that was not part of the enterprise-computing environment then.
Allowing employees to access the Internet from their workplace computer also allows them to access social media Web sites from the office. While social media Web sites can be a valuable and professional tool, it is very important to establish policy on which social media sites employees are allowed to access, who is allowed to access them, and most importantly, to educate users on how to recognize potential cyber-threats.
While many employees access social media sites as part of their job, other employees may be accessing their favorite social media Web sites for personal reasons. If you allow unfettered access to the Internet (and I think it is a good thing), those charged with the company’s cyber-security programs and policies should run mandatory education programs to educate employees on cyber-security, cyber-ethics and cyber-safety. Show me a company that has an acceptable use policy limiting Internet access to business purposes only and I’d bet every single employee has at one time or another viewed a Web site that was not related to business. Perhaps it was simply to get the weather forecast.
What I don’t see happening when you sign up to participate in a social media Website is mandatory education on cyber-security, cyber-safety and cyber-ethics from the site itself. What the world needs now, besides “love, sweet love,” is to be educated in the responsible use of technology.
What can help users better protect themselves? You mean PC users can protect themselves?
Of course they can. But as we IT folks hear all the time: “Is it easy to do because I’m not a computer expert?” The answer: protecting your own computer is as easier than it has ever been.
Here are some steps anyone can take. Hopefully your corporate IT staff has already taken care of this for you, but it is always better to be safe than sorry:
First, make sure that you have the option to receive and install automatic operating system updates enabled. This includes Mac users. Many of the threats that befall end-users can be prevented by simply keeping your operating system and key applications such as your browser “patched.” Take the case of a recent virus called “Conficker.” This virus is preventable when the correct patch is applied to the operating system as is the case with the majority of other PC infections.
The second step is just as easy. Install an anti-virus product on your PC. A good practice is for companies to offer their employees a copy of the same product they use in the office for ALL their home computers.
Why is this good practice? Protecting your employees’ home computers will prevent malware from finding its way on to company computers. If you thought the days of “sneaker net” spread of malware were over, take a look at the number of infections that are transmitted by portable flash drives.
It can be difficult to decide which anti-virus product to use. When selecting an anti-virus products look for one certified by a third party, such as the ICSA Labs Anti-Virus Certification logo. The ICSA Labs Anti-Virus Certification logo signifies that the product has met specific testing criteria and can help prevent malware infections on your computer.
Keep all operating systems, browser, applications and security software up to date.
Finally, think twice before sharing personally identifiable information (PII). Any and all of that collected and used against you. If you would not provide your birthday and social security number to a stranger on the street, why would you give it out online? It is not so much giving out one piece of PII, but after a while all of this information can be combined and used to construct and accurate personal profile. This could potentially allow criminals illegal access to more important personal or financial information.
One final reminder: before you “click” make sure you know where you will go in cyber-space…or you just might not come back!
Andy Hayter is anti-malcode program manager, ICSA Labs. For more information, go to www.icsalabs.com.