Security « VITMAN Blog

Archive for the ‘Security’ Category

CSE Awarded ESET Silver Partner Status

Tuesday, August 10th, 2010

We are very pleased to announce that CSE have achieved Silver Partner Status with ESET.

This has been achieved within the first 12 months of registering as a reseller for the ESET products and is in recognition of our having completing both technical and sales training as well as reaching certain revenue levels and shows that we are able to supply, install and support the products to a high standard.

Have a look on our website for more information, there is also a link to a free scanner that you can run to see if you have any infections www.cselimited.co.uk the link is neaxt to the blog link.

If you have any requirements why not drop us a note from our contacts page and we can get back to you, there is an offer on at the moment for 3 years for the price of 2 until the end of August 2010 so could be a good time to switch. www.cselimited.co.uk/contact.html

We have been very happy with the ESET range of products and would recommend them but if you are not convinced we can also arrange a free trial for you. See www.cselimited.co.uk/security-antivirus.html for more details.

Tags: adware, anti-virus, antivirus, BOT, cleanup PC, data security, data theft, eset, microsoft, network security, Security, silver partner, virus, virus protection
Posted in Security | No Comments »

Windows Help and Support Vulnerability

Friday, July 2nd, 2010

A vulnerability has been recently discovered in the “Windows Help and Support Centre” as used in Windows XP. Basically this is a tool that is used to offer basic assistance to users and makes use of the internet to gather information and offer advice and downloads including drivers and updates.

The problem is that it uses the HCP protocol as well as the http one and it’s not too fussy about the sites it connects to as it cant validate URL’s properly when using the HCP protocol.

This has led to the bad boys writing websites and links that exploit this vulnerability and if a site with this code is browsed, or a link in an email followed to this code it can then download the “payload” to your PC and in effect do what it wants.

There is more information here on Microsoft’s technet site if you want to learn more.

The best advice for the moment is to keep your antivirus and security software as up to date as possible. There is a workaround listed on the site that involves editing the system registry to disable the HCP protocol but this should not be attempted by the feint hearted as in the words of warning at the beginning of the post “Using registry editor can cause serious problems that may require you to reinstall your operating system” and this is not a fix, its just a workaround until a fix is available.

The worst affected countries at the moment seem to be Portugal and Russia but it will spread.

Windows 7 is not affected by this problem.

Tags: antivirus, malware, network security, Security, virus, Windows help and support
Posted in Security, Software | No Comments »

Retrieve that document or folder without going to your backup.

Friday, June 11th, 2010

At one point or another most of us have accidentally deleted a file or folder on our systems, hopefully you have a good backup and your IT team can recover the file for you. But this takes time of course, wouldn’t it be good if there were a way to retrieve the file yourself?

Volume Shadow Copy or VSS has been available since Windows Server 2003 and what this does is take a snap shot of your network drives at set points, this then allows you to look at previous versions of files. If this has been set up on your servers, or if you are using one of the later operating systems such as Windows 7 or Vista then you can access previous versions of your folders via the Explorer screen. Once you have opened up Windows Explorer simply find the folder that contained the file or folder that you deleted and highlight it, then right click on your mouse and select properties.

Screen shot of previous versions of folder

Once of the tabs that will be revealed will be “Previous Versions” clicking on this will offer you a selection of previous versions of the folder which you can look through and find the files that you are missing.

These are the files that are recoverable in this folder

From here you can then restore them or save them to where you want and hey presto you have your file or folder back again and without going to the tape backup.

Make sure that you have your VSS turned on and set to take snapshots correctly so that the next time you accidentally lose some data you can get it back again quickly and easily. If you need help then look here for how you can get help to set this up correctly.

Tags: data recovery, data security, microsoft, restore from backup, Security, shadow copy, VSS
Posted in Security, Software | No Comments »

Cloud v’s On-premise

Friday, June 4th, 2010

I thought that this week I would air my thoughts on the pro’s and cons of cloud computing against having the hardware and software located on-site on the local network. It would seem that cloud computing is the latest “big thing” and it may well take off in a large way over the next few years as people first prove and then trust the technology.

In effect cloud computing allows companies to buy in to services hosted in the “cloud” or “on t’internet” if you prefer. So rather than buying server hardware and all the associated software and licences that go with it such as Microsoft Exchange server and sharepoint it is possible to subscribe to a service and pay per seat per month, typically about £5 per user per month for Exchange and about £9 for Exchange and Sharepoint with some data storage etc.

The cloud computing concept is a good idea in theory, however it’s not quite as cut and dried as you might think, firstly you have to get over the idea that your data is not held in your offices, if you are a smaller firm of less than 250 staff then it wont even be on a dedicated server, rather you will have a slice of a shared server with your data ring fenced just for you. My problem with this is that once your data is up there in the cloud it is very difficult for you to be sure that no one else has access to it. We have all heard of several big names that have been compromised lately by cyber attacks and some could even be called cyber warfare, and one could imagine that an orchestrated attack against these resources would be attractive to those who are interested in this sort of thing and once they are in to the system presumably they would have access to hundreds or thousands of companies details/data or even just turn off the service to cause economic havoc. I know that you could be targeted directly if you had your own server in any case but it’s still worth bearing in mind.

My second issue is that once you host most of your data off site you become totally reliant on your communications lines, and if like most small businesses that’s a broadband line then the risk of it being off for a day or so once or twice a year are not that unlikely, and if you are unlucky enough to have had a problem then you will know that they often come in spurts so you may have a period of time where a line is unreliable. This would cause major business disruption if your data was in a data centre in London and you were sitting in your office in Wigan!

On the other hand if you are the type of company that has a lot or remote staff and not many internal people then it might make more sense to host this type of service in the cloud than at your office, you may not even have an office in which case it could help with collaboration on projects and smooth workflows. Another point to consider is that with the subscription based model you would get all the latest updates and upgrades applied automatically within the cost of the agreement so if that’s important then it could be good for you.

Talking about the costs, don’t think that the cloud based option is a money saver, it’s not meant to be, when you think that the average server is in use for 4 or 5 years for a small business and that you pay a one off fee for the perpetual licence for the software then its easy to run a comparison, lets look at a 10 user SBS Standard network running Exchange. A simple server (ML150 with 4 hard drives) might set you back about £1K and the server software another £750 plus installation & configuration (bear in mind that you still need someone to do the configuration on the cloud based system so not much saving there) then at the £9 per user per month it would equal the online option after about 20 months, meaning that you would have 2 years “free computing” and of course if you have your own box then you can run other software on there too such as your accounts package and other business software etc. The cost equasion seems to stay like this through the range of users ( 150 users = £16,200 / year) so cost is not the reason to go to the cloud in my view.

In conclusion, whilst I can see that it would be very useful for some small businesses to go to cloud computing it’s not for everyone, I think that the good old box in the rack or in the corner is here for a while yet, and for those who need the functionality that cloud based systems offering, there is the option to have a mix on both on premise and cloud based services, they will work together and will synchronise well.

Tags: Cloud computing, cloud v's on premise, email systems, microsoft, online computing, prevent data theft, work from home
Posted in Security, Software | No Comments »

83% of small firms suffer I.T. security incidents!

Friday, May 28th, 2010

A recent survey of businesses reported that, 92% of firms with more than 250 employees, and 83% of smaller firms (up to 25 employees), said they had an I.T. related security incident of some sort in the last year. That seems a very high figure but its not all that surprising when you consider that most people still don’t take computer security nearly seriously enough!

I am sure that a lot of the firms in the statistics above will have had some basic protection in place and a proportion of the incidents may well have been relatively minor, but a general lack of knowledge and a false belief that “they won’t be interested in my data” leads companies to neglect the security of their networks and allows others to take advantage of the fact.

We would recommend that regular reviews of network security are undertaken and whilst the full on security audits are perhaps a bit much for a small company, and lets be honest penetration testing sounds painful and social engineering is a bit of an overkill when there are only 30 of you in the company to start with! But there are things that you can do to improve the security, look back at previous posts about stronger passwords and there was the one about preventing your systems from being used by spammers other things that you should think about are what you allow your users to do on the network.

Do the users on your network need to be able to install software on their PCs? if not then why not consider taking away the local admin rights? This will stop them from installing software that could potentially cause problems later such as peer to peer file sharing, “free software” that comes with a load of viruses and can prevent quite a few user induced problems.

Are all the users on the network set up with the right level off access? Too few rights and they wont be able to work and too many and they will be able to see things that they shouldn’t and make changes that could affect your whole network. If there are users on your network with full domain admin rights then this is probably a bad idea. Even the network administrator should have a standard logon for the day to day stuff and just use an admin account to log on to make system changes.

Setting up effective user groups can help with this in the long term, that way you can assign rights to the group such as sales, admin, management etc. and add individual users to the groups so that they have exactly the rights that they need depending on what role they are performing making future management much easier.

Are your firewalls set up correctly so that they only allow the traffic, both in and out, that you want to allow and prevent all other traffic? As they come out of the box they are quite open and need to be configured to get the best out of them so its worth checking the rules are all set correctly, we can help with that if you need help call us on 0161 941 4555.

There are lots of quite simple checks and modifications that can be made to a network to reduce the risk of becoming a victim of a security breach, so do take some advice on how to protect yourself before its too late. you could do worse than give us a ring and have a chat.

Tags: antivirus, computer security, data security, data theft, employee steals data, firewall, malware, network security, passwords, PC performance, Security, spam, virus
Posted in Security | No Comments »

Oooops! McAfee Anti-virus update cripples PC’s

Friday, April 23rd, 2010

It would appear that a mistake by McAfee, one of the largest anti-virus companies, has caused thousands of PC’s around the world to fail because of a “false positive” issue, i.e. identifying a clean bit of code as infected/bad. Not a bad little virus in itself I suppose

The problem has occurred because an update that they sent out, wrongly identified a part of the Windows operating system, svchost.exe as the wecorl.a virus. This meant that the antivirus software quarantined the file which stopped the operating system from working and resulted in machines constantly restarting and not being able to complete the boot sequence.

The problem was spotted quickly and McAfee have apologised for the mistake and released a fix, of course because the eroneous update was only in the wild for a short time not everyone will have been affected and it appears that the bulk of the problems were in the US…… this time. This has caused McAffee a major problem and I suspect rather a few red faces as they work to help their customers who were affected by the problem to recover. The other anti-virus companies are, in public at least, sympathetic, no doubt thinking that “there but for the grace of God” etc.

So how can this happen? Well in truth I can’t say what caused this particular issue. McAffee say that there was a problem with their QA process (having made recent changes) which allowed a faulty code to get in to the update. However a simple overview of how anti-virus software detects viruses might be useful here.

Viruses like any other software are just a bunch of code, long string of characters, the antivirus software is looking at this code and checking the character sequences against known sequences that it holds in a database. Now if you are looking for the whole virus then you can have the AV software look for the very long sequence of characters and only identify code as a virus if it is an exact match, fine but what happens if the virus writer changes the code slightly and re-releases the virus, as a variant? Well some of the code will be the same so you have to look for shorter and shorter sequences. The shorter the sequence that you are looking for the more likley it is that it can match a sequence in existing legitimate software, so you can see that there always needs to be a balance to ensure that the software identifies viruses positively whilst not identifying good software as a virus, a false positive.

Of course there are other methods that the antivirus software packages use such as sandboxing code (allowing it to do what it wants to do in a controlled environment where it can’t get at the main system and watching to see if it tries to do something naughty) and then quarantining the code if it is likely to be a virus.

So for all of you who have not been affected you can smile a bit, but just be aware that your antivirus software is updating several times a day and hope that your antivirus vendor does not have a similar problem in the future.

And before signing off, in answer to those of you who are wondering if you would be better off not having any anti-virus software at all? The answer is NO.

Tags: antivirus, malware, microsoft, network security, Security, virus, virus protection, XP applications
Posted in Security, Software | 6 Comments »

Which web browser offers the best protection?

Thursday, April 1st, 2010

With the choice of Internet browsers available it can be difficult to know which one is best to use. In the end it comes down to a matter of personal choice of course and often not a little prejudice.

However we came across some interesting statistics recently by NSS Labs showing how in tests that they carried out there was a large difference across the major browsers in use at the moment. The results below are from Q3 2009 but if you want to see more information click here

In our chart we have reproduced the results for the four most common Internet browsers, Microsoft IE8, Apple Safari 4, Google Chrome 2 andMozilla Firefox.

The tests aim was to determine how effective web browser protection was against two of today’s most prevalent security threats, namely socially engineered malware and phishing attacks.

Internet threat protection comparison

So based on these tests results it looks like the majority of us are right to stay with IE8 for the time being.

It goes without saying that this will not remove the need for antivirus software, keeping your operating systems (see my previous blogs and these one two) updated and perhaps most importantly of all using your common sense, but it’s good to know that there is another layer of protection there to help in the fight against malware.

Happy Easter.

Tags: Browser, Internet, malware, Protection
Posted in Security, Software | No Comments »

Don’t get blacklisted as a spam sender.

Friday, March 12th, 2010

If you have read other posts on this blog you will know that we have covered various security topics including making sure that your antivirus software is up to date and that you run regular scans, set your users up with strong passwords etc. etc. etc.

This is another good tip for making sure that you’re getting the best protection out of the equipment that you already have.

The issue we are looking at today is one way of preventing getting blacklisted as a spam sender.

Assuming that you are not a spam sender (at least knowingly) one way that you can get blacklisted is if one of your machines gets infected with a bot that is programmed to send out email for someone else. This can result in thousands or tens of thousands of emails going out of your network at which point your ISP (Internet Service provider) along with the anti spam databases will tag you as a spam sender. Your ISP will most likley turn your ability to send email off altogether preventing you from sending any mail until you prove that you have corrected the problem and are not going to send more spam, and secondly your domain/IP address will be listed on the various anti spam databases as a spam sender so any one using these to detect spam will reject your legitimate mail in future.

If you are using a mail server such as Microsoft Exchange on your network then this should be the only machine that is sending email out for you. Your firewall should be set so that the mail server is the only machine that is allowed to send email through the firewall, that way if one of your machines does get infected with a virus and starts sending thousands of emails out it will be prevented from doing so and you will not get blacklisted or have your mail turned off.

So what changes do you need to make? Firstly if you are not very clear on what you need to do then get an expert to make the changes for you, you could end up causing yourself major problems if you attempt to do this yourself and get it wrong. Basically what needs to happen is that the firewall needs to be set up so that:

The firewall should be set so that all outbound SMTP traffic is blocked from every host unless there is a further match
Then the next rule should be set a rule allowing outbound SMTP traffic from source “mail server”

OK it’s a bit more complicated than that but that gives you the basics. I hope that you found this article interesting, leave a comment and let us know.

Tags: network security, Security, spam blacklists
Posted in Security, Uncategorized | 30 Comments »

Cyber Skivers could be costing you a fortune in lost productivity!

Friday, March 5th, 2010

Do your staff use or abuse the internet? And how would you know?

The first thing to say is that you should have a formal internet use policy and an email use policy in place within your business. This should make it clear what is acceptable and what is unacceptable.

Estimates suggest that about 40% of browsing at work is non-work related (and this is a conservative estimate) which means that there is an awful lot of lost productivity out there.

For example one employee on minimum wage was to spending only 2 hours a week cyber-skiving would cost your company over £560 a year in wage costs alone, then multiply this figure by the number of employees and take into account that they are likely to be paid much more than the minimum wage and it adds up to a huge problem. And that’s assuming that they only cyber-skive for 2 hours a week! And with the football world cup coming up we would expect this to rise even more over those few weeks.

The other problem that can occur is that users can access inappropriate material, pornography, illegal file downloads, peer to peer file sharing etc. potentially leaving you as an employer in a difficult position legally. OK most employees are are sensible but hey it does happen!

There is also a security issue, as well as users downloading ”dodgy material” they can also inadvertently be downloading hidden viruses and malware so its best to prevent it.

It is possible to put software packages in place that control what can be accessed by employees on the internet, with most you can tailor the settings so that they suit your business needs, for example you could set hard rules that permanently ban porn sites whilst having a more flexible rule to block shopping or news sites during working hours but allow access over the lunch hour. You might also have different rules for different departments or individuals.

Most packages generally also have the facility to generate reports on how the internet is being used in your business allowing you to fine tune the rules you choose to put in place as time goes on.

Have a look here for information about this subject.

Tags: filtering internet, internet abuse, internet at work, internet use, internet use reporting, web monitoring, web use
Posted in Security | 13 Comments »

Get the best from your antivirus software

Friday, February 19th, 2010

Make sure that you get the best out of your antivirus and antispyware software, you have paid for it so make sure that it’s working at it’s best for you.

Firstly, make sure that the antivirus signatures are updating on a regular basis, this should be at least once a day if not more often. you can usually check this within the software where it will tell you which revision you are using and what the date of the last update was.

Secondly, from time to time check to see if there is an updated engine available to install, the AV vendors are constantly updating their software to protect against emerging threats and as well as the updated definitions produce updates to their packages, these sometimes need manual installation rather than happening in the background. The updates are generally included within your subscription price so its well worth checking from time to time to make sure that you are as up to date as possible.

Thirdly, as well as using the real time scanning engine (that’s the bit that checks files as you access them) make sure that you schedule regular deep scans on your system. A scheduled scan is different from the real time scanner in that it will look in all the files and folders on your system and check them against the latest virus definitions that it has, this means that should anything have slipped through the systems real time scanner prior to an update being available it will be picked up and dealt with during the scheduled scan.

Depending on what type of antivirus software you use you may notice that scanning the computer whilst you are using it slows it down a little (or in the case of some packages a lot) so you might want to scan the computer when you are not using it. The next time you are looking to renew your antivirus software why not look around to see which packages offer high levels of protection without hogging system resources, we use Eset here and that sits very lightly on the system whilst offering excellent protection.

Our home page has a link to a free online scan which you may want to try out to see if your current antivirus package is doing its job, follow this link to run a free scan. If you are a business user, feel free to contact us on 0161 941 4555 to discuss how we can help you with your antivirus protection, we are able to offer 2 years subscriptions for the price of one for a limited period see here.

Tags: anti-virus, antivirus, virus scans
Posted in Security | No Comments »

VITMAN Blog