New Malware That Hides Your Data

For the last day or so we've been fighting battles for multiple client locations that are infected with a malware that McAfee calls a variant of W32/autorun.worm.aaeb-h.  The malware seems to travel on portable flash drives as well as possibly coming in as an email attachment.  It changes the attributes of files and entire folders of data so that they seem to disappear and the replaces them with similarly named .EXE files.  When a user accesses an infected flash drive or an infected folder on a network share, other folders to which they are connected will disappear from view right before their eyes.  (Talk about freaking out users!)  It also appears to infect in such a way that other users that access an infected folder will see it propagate itself to even more folders.  You will have to use Command line DOS prompts to change the attributes of the now hidden files to restore them and then delete the replacement executables that all have identical creation dates and file sizes.

McAfee sent out their alarm fully 7 days after we first encountered it in the wild which underlines just how overwhelmed many A/V vendors are trying to keep up with the flood of new malware and their variants.  As recently as 2007, A/V companies reported a few thousand viruses and malwares per year.  Now we're seeing several thousand new items PER DAY!  This one is a new variant of a well-known malware but it's tweaked enough that it avoided the original counter-measures.

This guy is a real stinker to remove on even a mid-sized network because of it's use of autorun to spread itself around a network.  If you disable AUTORUN on your network via Group Policy you can slow down it's spread but get ready to spend some time going from PC to PC searching for the original infection point.  The McAfee countermeasure/removal tool is called Striker.

Read More

What? Apple leads in vulnerabilities? AND What the heck is Moodle?

I was as surprised as everyone else when Trend Micro released their Malicious Top Ten for Q3 2012 and found Apple at the top of the list of vendors with the most vulnerabilities.

Rank	Vendor	Number of Reported Vulnerabilities 3Q 2012	Vendor	Number of Reported Vulnerabilities 2Q 2012
1	Apple	163	Oracle	97
2	Moodle	93	Linux	76
3	Google	72	Google	74
4	Oracle	71	Microsoft	55
5	Mozilla	57	Mozilla	48
6	Cisco	55	Cisco	45
7	IBM	53	IBM	37
8	Ffmpeg	53	Adobe	27
9	Adobe	42	Apple	26
10	Microsoft	35	HP	24

Maybe this will shut up some of those Apple snobs that sneer at PC products and brag about how secure Apple products are?  Nah, probably not!

In case you're wondering what the heck Moodle is and why it's number 2 on the list, you're not alone.  I had to look it up too.  It's an open source authoring language for teachers who want to write their own teaching applications.  Good luck with that one Rocky!  I even found a YouTube intro for it.  Based upon the quality of the presentation, I won't be trying it out any time soon.

http://www.youtube.com/watch?v=mXBdNdPUwKA

Open Source:  For those too cheap to buy programs from companies that have quality control departments.

"QC?  QC?  We don't got no stinking QC!"

Read More

Microsoft Windows 8 - Introducing Chaos In The Workplace?

A couple of days ago, I sat down with fellow Microsoft partners for a Boot Camp of sorts for the new Microsoft products roll-out.  More than a few of us left scratching our heads with the same thought in our heads - "What were these guys thinking?"  Oh don't get me wrong, much of what the gang at Microsoft has rolled out is pretty cool technologically.  What they seem to have forgotten AGAIN is that sometimes average users aren't alwasy ready for "cool".  Their first priority is to get their job done and introducing major changes intimidate them.  I think businesses that migrate to Windows 8 are biting off on a big chunk of confusion and the need for big-time staff re-training.

Let me give you a couple of examples.  Microsoft is currently marketing the daylights out of Windows 8 and their new Microsoft Surface tablet simultaneously.  At first glance, they look the same BUT THEY"RE NOT!  Surface runs Windows RT while PC's will run Windows 8.  They're not compatible!  Windows RT will not run Windows based programs although they did build in a variation of a couple of office programs.  Don't expect to run Windows-based programs on RT!  The Surface won't join a network domain either which is the backbone of any company network.  It's a consumer product but they've blurred the marketing of the two products so that the average business decision maker may not understand the differences.  Those of you thinking about having your staff using Surface in your office, you'd better think twice.

Windows 8 was supposedly designed to blur the distinction between portable devices and the desktop to create a more "unified approach" to computing.  When Beta testers yelled "Hey, where's the Start menu and Task Bar?" in Windows 8, the "rumor" was circulated that there would be an ability to convert the new desktop back to the more traditional desktop used in businesses that favors keyboard use.  Now that it's out, there's no ability to go back to the tradtional desktop view.  Microsoft seems to have taken the stance "It is what it is, deal with it!".  Anybody getting any Vista vibes?  The Windows 8 desktop is designed with a touch screen in mind not  a keyboard.  Someone at Microsoft seems to have forgotten that in the business world the computer is more production device than consumption device.  Employees in the real world are expected to enter data for the business not just read it. 

I think we're going to find a slow acceptance curve in the business world.  I hope that I'm wrong but from what I'm reading on other Blogs, that belief seems pretty prevalent.  The tech that demonstrated the login/ authentication process in Windows 8 seemed pretty impressed when he showed us that signing into the new system consisted of swipes and circles and such and no keyboard use.  For more years that I'm willing to admit to, I've been coaching computerphobic business users on how to navigate their computers that has been pretty static for a long time and now Microsoft have re-arranged the entire environment!

We're looking at a LOT OF RE-TRAINING to do when we start rolling out Windows 8 platforms in the office.  Microsoft seems intent on catering to the BYOD philosophy for portable devices.  All I keep thinking about is that poor office clerk who has to enter invoices and type e-mails working on an operating system and desktop that has pretty much ignored the use of the keyboard.

To be fair, the demonstrator did point out that several third parties have already jumped in with add-ons that you can buy to "adjust" Windows 8 to put back the Start Menu and Task Bar but should that really be necessary?

For you Windows XP hold-outs that have been downgrading your new PC acquisitions back to XP to keep a standardized look and feel on your comporate desktops, the game is over.  Microsoft was quick to point out that their downgrade feature only applies to 2 previous generations and XP is no longer in that category.  You can't legally downgrade your computers to XP because with the introduction of Windows 8, Windows Vista is as far back as you can downgrade and they won't allow you to re-use previously registered Windows XP licenses on new PC's.  Sorry!

Tune in later and I'll tell you how they screwed up the Windows Server 2012 product roll-out by making it incompatible with legacy companion applications.

Read More

Addressing Data Ownership In The Cloud

I was discussing the use of cloud applications with a friend and client of mine who is an attorney the other day when he struck upon the essence of what should always be the chief concern of anyone considering using cloud applications for their business – who owns the data?  In other words, if you’re going to entrust your data to someone else, what is the status of YOUR data on that provider’s servers?  Taken a step further, who is responsible for that data if it is compromised and who could be liable for that loss? He went on to say “As an attorney, I see businesses come and go with great regularity.  How can I be sure that, if they go bankrupt or suddenly shut their doors that my client information won’t just disappear or wind up in the hands of someone outside of my control?”  That is the very heart of the issue of using cloud providers.

I’m surprised everyday by business people I meet that don’t do their due diligence on data ownership in the cloud before turning over custody of their critical business information to someone they've never met in person.

There are several key questions that every organization should ask any cloud vendor before moving their data to that provider:

1.      Where is my data housed? (state and national laws and jurisdictions vary drastically)

2.      Is the vendor hosting the data themselves or contracting with a 3^rd party facility (The answer might surprise you.)

3.      What level of security is in place there?

4.      Is my data encrypted on that server?  What level of encryption? (If their facility is compromised and your data isn’t encrypted YOU could be liable for loss of client information)

5.      How do you download backup copies of your live data? (if they close their doors, you could lose it all)

6.      What is the SLA (Service Level Agreement) for up-time and data availability?  (what’s their service availability and how will they compensate you if they don’t live up to that agreement?)

7.      Do they have a fail-over system in place in case their primary server fails?  (If they go off line, what provisions do they have to get your data back up and running?)

Of course, there are other operational business questions that should also be asked that may be unique to your organizations business needs but these are the core questions that should be asked to assure your data remains secure, available and is still yours if something ever goes wrong.

Read More

Malware on Mobile devices like Smartphones and Tablets

There's been a recent explosion of malware targeting portable computing devices like Smartphones and tablets.  There's a really nice PDF article on this from Trend Micro.  Here's a link to check it out.

Trend Micro article on Mobile Malware

Read More

Helping a Client With e-Discovery

How many of you are familiar with e-discovery or FOIA?  Not many I'll bet.  We're in the middle of assisting a client deal with an e-discovery request.  Even with our automated systems it can be very time consuming.  They've been hit with a request to provide copies of all communcations either incoming or outgoing from any employee with any of about a dozen organizations for a very long period of time.

For those of you that haven't yet had the task of dealing with either an e-discovery request or an FOIA (Freedom Of Information Act) request, here's the CliffsNotes version of what's involved.  E-discovery is the electronic version of the legal systems "discovery" system where parties in a law suit can demand any and all documents or other material (including e-mails and instant messages) related to a given person or issue for any period of time.  FOIA is similar but is confined to governmental organizations but requests can come from just about anyone.

We're assisting our client sift through about a million e-mails trying to find communications between any of about a dozen organizations by any employee in their organization over the last 5 years.  Fortunately, we automated their e-mail archival process several years ago so the process should only take a fraction of the time it would take an organization not so well prepared.  Still, this isn't a huge organization and the realization that there would be so much information to sift through is kind of staggering now that we're going back through the archives!   This project would have taken hundreds of hours to complete without the archival system.

More and more organizations are required by law to retain copies of documents and communications for longer and longer periods of time.  Whether you're a HIPAA regulated agency, a governmental agency or school subject to FOIA (Freedom of Information Act) requests or just a regular business, you should recognize that you need to be able reach back in time to pull togther communications and documents of all kinds at a moments notice.

There are systems out there that can cost hundreds of thousands of dollars to buy and even more to install but we've got a very affordable alternative that won't break your budget.  If you'd like a demonstration, please give me a call at (847) 639-7000.

Read More

Portable Device Security On Your Network

I'm frequently stunned by the lack of attention being given to the security risks of portable computing devices on business networks by SMB management.  Especially with more and more applications being used in the cloud, security for personal device is more important than ever.

The current term is BYOD as in Bring Your Own Device and businesses have to recognize that employees CAN be more productive using these devices but without proper planning for security the risks to business can be dramatic.

Especially if you're in a regulated industry like health care, the risk of exposure of confidential personal information is enormous as are the financial penalties associated with those exposures. 

A 2010 study by Ponemon Institute, found that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected.  As portable computing devices proliferate in the workplace that number is probably going to go up exponentially.

Administrators must look to protect all layers of the mobile computing environment – both the endpoint devices and the communication channels that connect the device to the network. Some strategies that are effective include:

• Network access controls to ensure outsiders cannot hack into the wireless network and infiltrate devices
• Education to help users be smarter about how they use and protect their mobile devices
• Improved authentication to control device access.
• Many organizations use role-based policies to control who has access to what applications, when and on what devices access is permitted.

There are a wealth of portable device management solutions once you determine that you're going to allow employees to use their own devices for business purposes.  There's no one-size-fits-all solution for everybody so if you need help in developing a policy for portable device use on or off campus or need help picking the most appropriate solution based upon your unique circumstances, don't hesitate to give me a call @ 847-639-7000.

For those of you that would like to see a short 6 minute video by Symantec on the possible ways to secure portable devices, here is a link to a video by them: http://bcove.me/wy22iac5

Have a good weekend!

Read More

Conventions in the Cloud? Where will it all end?

Debbie and I have been in the computer industry a long time and one of the fun events we used to like to attend was Comdex in Las Vegas every year.  For those of you outside of the industry, it was the largest IT industry trade show attracting over 250,000 geeks and vendors from around the world every year.  It got us out of the office for a few days and we could see what everyone else in the industry was developing and where trends were taking us.  It used to take up 4-6 event centers in Vegas and we'd walk the aisles all day and rest our feet in the lounges or at the blackjack tables at night. 

Sadly, the show became too big and unweildy, and the major vendors started to pull out because it was almost impossible to carry on real conversations in the press of humanity.  That plus the delivery methods for introducing products via the Internet grew so efficient that the bother and expense of reserving exhibit space and shipping staff out of the office for over a week eventually caused it's demise a number of years ago.

Now it's back?  SORTA!

We just got this years invitation to Virtual Comdex 2012.  Now we can walk the "virtual aisles" of the New and Improved Comdex without leaving our desk and even "linger" in the lobby to make virtual friends.  We can chat with sales reps, watch product demos, attend lectures and pick up literature (always a chore getting it all to fit into our luggage on the way home from the show in the "Live" days). 

Technology has come so far that they have almost completely replicated the experience of the huge conventions of the past.  No more sore feet from walking literally miles of exhibit aisles.  No more expensive air fares and hotel rooms.  No more shoulder to shoulder crowds peering at small booth exhibits.  (Although Debbie once stood shoulder to shoulder with Bill Gates outside the WordPerfect booth before he needed body guards.)

Somehow, it just won't be the same.  Sure, it's more efficient and less expensive but I think the excitement will be lacking and so will some of the fun.  It was fun to watch the groups from Japan and China in their matching caps scurrying along behind their immaculately uniformed tour guide with a bicycle flag stuck to their back.  Or the hopelessly geeky Comdex attendees trying to blend in with the regular Vegas clientele and failing miserably.  I once opined that the entire pocket protector industry could be wiped out if something happened in Vegas that week.  Ok, I know I just dated myself because pocket protectors are obsolete but you get the idea.

There's something to be said about the value of in-person interaction that I don't think can be replaced in the virtual world.  Maybe I'm too old-school, but I still like to look someone in the eyes face to face to "get a feel" for whether or not they're for real or just blowing smoke (or is that now virtual smoke?).

Read More