The vast majority of threats encountered online are collectively known as malware. This term can refer to a wide variety of issues including spyware, adware, viruses, rootkits, Trojans, and other such malicious software. We are going to discuss spyware: what is it and how to remove it.
As some of us know, spyware is computer software that is installed without the user's knowledge or consent and which is specifically designed to collect various types of information. The information may be related to the user's internet surfing habits, or it can be personal information that the user inputs into the computer.
Spyware can also be used by businesses legally to keep an eye on their employees' day-to-day activities. These are commonly known as keyloggers. Nevertheless, the most common use for this type of software is to steal someone's identity, or worse.
What's more, once a computer is infected with spyware, there are additional problems that may also arise. Your system may start working slower without explanation, as the spyware is secretly eating up memory and processing power. Your web browser may have an additional toolbar, or the browser may present a different home page.
Error messages may also appear on screen, as well as previously-unknown icons that may pop up on your desktop. These are just a few telltale signs of spyware finding its way into your system.
Below are several steps that you can take to remove any spyware that's on your computer.
The Traditional Uninstall
Though it may seem surprising, some spyware and adware applications do have fully functioning uninstallers, which means that you can remove them from your Windows' own Control Panel.
In the Add-Remove Programs list, search for any unwanted programs listed there and uninstall them. Be careful not to confuse any useful apps or programs with spyware. Reboot your system after the procedure was successful, even if you are not prompted to do so.
Computer Scan
Most spyware, especially the dangerous kind, do not have the previously-mentioned option, in which case you will need to remove it via an up-to-date antivirus scanner. You will first need to disconnect your computer from the internet. If your antivirus allows it, perform the scan in Safe Mode.
If by any chance you don't have an antivirus installed, which you definitely should, choose one of these free versions, or go for the paid variants for better results. Whenever you are using these tools, always make sure to update them. New spyware is created on a daily basis, and only up-to-date antivirus software will be able to detect and remove them.
Undo any Potential Damage
After one or both of the steps mentioned above have been performed, make sure that the spyware will not reintegrate back into the system once you reconnect it to the internet. To do that, however, you will have to reset your browser start and home pages, make sure that it hasn't hijacked your HOSTS file or that any undesirable websites haven't been secretly added to your Trusted Sites List. Only after you've completed these steps, it is a good idea to reconnect to the internet.
Conclusion
Like with any other online threat out there, the best way to protect yourself is through prevention. Make sure that no spyware will make it into your computer by keeping your security systems up-to-date. Likewise, be more skeptical about what programs you install on your PC, especially if it is part of a package or if it promises something that seems too good to be true. Contact us today to discuss possible solutions.
[vc_row][vc_column][vc_column_text]
Meltdown and Spectre: Current Status 01/12/2018
By Robert Meyers and Sean Andrews
The vulnerabilities known as Meltdown or Spectre are new vulnerabilities announced last week to the world at large. They are based on a process called speculative execution which is a technique that became popular in the mid-nineties to improve processor performance.
In most cases, these vulnerabilities don’t allow an external unauthorized party to gain access to a system, although it could allow a party that has access to the system to access unauthorized data. However, this is the current state. These vulnerabilities are typically weaponized into malicious websites and malware. At that point these vulnerabilities will become significantly more dangerous. These at that point we can expect these exploits to be used to recover all information in memory (including passwords and tokens) as well as inject commands into the computers processor.
As your technology partner we are working on building a strategy to aid in defending our clients. Currently that is mainly still in testing, the same as ever other provider. We wanted to update you with current findings.
Windows Workstations
On average current machines will see around six percent performance degradation on average from the Microsoft patches. However, there is a complication around anti-virus and anti-malware platforms which is currently be worked on. This complication causes boot issues and crashing. Additionally, the patches currently have a similar impact when deployed to AMD based machines, there are similar issues. As it is common to have more than one anti-virus Microsoft and the anti-virus and anti-malware providers are working on a solution. Additionally, a new patch attempt by Intel is causing random reboots and is simply not recommended for production. Please note that older systems will have increasing impact from the patching. Our current recommendation and practice is to test and monitor. These solutions are not yet ready for wide spread production without a level of predictable instability and should be limited to administrative systems on demand.
Mac Workstations
Currently only High Sierra from Apple is being updated. There are no currently reported errors from our or our partners testing that we have seen. As such, we are agreeing with the Apple recommendation on deploying the upgrade to any Macs to High Sierra (10.13.2 supplemental update) and patch. There is a performance impact, however in testing it has appeared stable and between 1% and 6% performance degradation.
Applications
We are currently waiting on updates from most software vendors, however Chrome should be updated on Jan 23 (as currently advised), however they have a recommendation to help mitigate part of Spectre. IBM will start rolling out some fixes in February, although there is limited information so far released. Microsoft currently has a series of patches for Internet Explorer, Edge and SQL. Due to the instability being seen, our current strategy is to only deploy these to administrative systems.
Anti-Virus / Anti-Malware
We have confirmed that one of our partner’s Webroot SecureAnywhere 9.0.18.xx is compatible with the Microsoft patches, however it does require that a registry key is set before being deployed. There is a version being developed that will place and manage this registry key (a part of a Windows Computer’s DNA) automatically, and we recommend waiting for this.
Microsoft currently deploys Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials that are compatible with the January 2018 security updates and have set the required registry key.
Currently there are versions of Avast, Avira, AVG, ESET, F-Secure, BitDefender, Kaspersky, Sophos, Malwarebytes, and Symantec that are declaring as compatible and deploying the required registry key as per Microsoft’s guidelines. However, please note that Microsoft has published that future updates will require the registry key is set. As always, our recommendation is to maintain a system under protection. However, version changes will need to be managed.
Servers
Performance on servers can be critical, and the Microsoft and Linux patches that have been released are showing very large performance degradation. Often averaging 30% degradation once patched. As such a strategy is being reviewed for server protection although please note that as long as there is no browsing or general use of a server, there are less attach vectors. Patches are being refined and alternative strategies are being reviewed including isolation. We are working with partners and monitoring the industry recommendations.
Cloud Providers
Azure, AWS and Google have been deploying mitigation. At this time other SaaS and IaaS providers are working on independent strategies. We are monitoring this situation.
Firmware Updates
Most systems will need to install both operating system and hardware/firmware updates for all available protections. Intel has committed to releasing updates to more than 90% of processor products by 1/15. AMD is making firmware updates available for Ryzen and EPYC owners this week, and the company is planning to update older processors “over the coming weeks.” These updates are given to the hardware manufacturers who then have to make the bios updates for each system. Expect newer and higher volume systems to have firmware updates available first. See Additional resources of this Microsoft Article for links to OEM Device Manufacturers. Please note that we are waiting for more feedback from testing and community results for future planning before making full recommendations for firmware.
SCCM and WSUS
The community has identified issues with some of the patches deployed by WSUS, and SCCM which utilizes WSUS, are not showing up as available to install on some systems. The patches will show up as Installed / Not Applicable. These systems have the Anti-Virus registry key in place. Even bypassing WSUS and scanning directly from Microsoft will not show the patches as needed. This TechNet forums post documents the issues the community is having. If the issue really is the requirement of older parent patches being installed then we expect the patches will be re-released to address this. Our strategy and recommendation at this point is to delay patching and wait for more information at this time.
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][vc_message]
Managed Solution customers that do not have a managed service agreement could contact their account executive to discuss further details.
Not a current customer? Contact us today to get started 858-429-3084
[/vc_message][/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row]
Built to work nearly seamlessly with Azure, Deep Security provides a suite of security capabilities for your VMs in a single platform for cloud and hybrid deployments. Take advantage of the free 30-day trial and see how easy it is to get the security you need while preserving the agility of Azure.
Visit Marketplace page
Snapchat, less ghostly than ever, now lets you pay to replay snaps
Snapchat has just released version 9.15 of the popular messaging app, and for the first time it includes a feature that users can purchase in-app.
It's called Replay, and for 99 cents you can replay an additional three snaps per day - additional because users already have the ability to replay one snap per day for free.
The ability to buy additional replays is new (currently only available to US users), but Replay as a feature has actually been around for almost two years.
The paid replay option only allows you to replay any given snap once, but that's still one more time than you might expect for an image that's supposed to be automatically deleted after it's viewed.
When Snapchat debuted in 2012, the company marketed its app as a way to send "fleeting messages" that would "disappear forever" after they were viewed - once - by the recipient.
Well, that turned out to be a blatantly false claim - one so misleading that the US Federal Trade Commission (FTC) stepped in to sanction Snapchat for unfairly deceiving users.
Snapchat settled with the FTC in May 2014, and since then, the company's privacy policy has explained just how un-fleeting the supposedly fleeting messages are (you have read the privacy policy, Snapchatters, haven't you?).
Snaps - the photos and videos users send to one another with written messages, drawings, and so forth - can be retrieved after sending in several ways:
-
The recipient can take a screenshot of the snap. Snapchat says it will try to notify users if their snaps are screenshot, but by then it's too late - the recipient has created a new image of your snap that is under his/her control.
-
Snapchat stores snaps on its servers for an undefined period of time. Although Snapchat says it deletes your snaps at some point, they can remain in backup for a "limited period of time."
-
Snap images that you send stay on your phone in a folder that can be recovered with forensic software.
-
And of course, your images can be viewed again via Replay, the feature that Snapchat is now offering as a paid service.
With Replay, you'll get a notification whenever a recipient replays your snap.
But as GigaOm reported in 2013, when Replay first became available, you only have control over Replay on your own device, and you can't prevent recipients from replaying your snap.
That's right - there's no way to opt out.
In a post on the Snapchat blog announcing paid replays, the company said its users were "frustrated" without the ability to replay more than one snap per day:
We've provided one Replay per Snapchatter per day, sometimes frustrating the millions of Snapchatters who receive many daily Snaps deserving of a Replay. But then we realized - a Replay is like a compliment! So why stop at just one?
Here's another question for Snapchat: now that you've done away with the ruse that snaps are "fleeting" messages, isn't it time to change the ghost on your logo to something a little more permanent?
There may finally be some good news in the war against spam. The overall percentage of spam among e-mail messages dropped to 49.7 percent last month, the lowest level since 2003 and the first time the figure has been below 50 percent in more than a decade, according to a new study by Symantec.
Symantec reported its findings in its "Symantec Intelligence Report" for the month of June. Enterprises in the mining sector had the highest spam rate, at 56.1 percent, according to the report. The manufacturing sector was a close second at 53.7 percent. The finance, real estate, and insurance sectors had the lowest of any industry, at 51.9 percent.
Spammers seemed to treat all businesses pretty much the same with regard to size, however. On average, companies experienced a spam rate of between 52 percent and 53 percent no matter the number of employees. The only outlier to this pattern was companies with 251-500 employees, which experienced a 53.2 percent spam rate.
Phishing Falling
Although it may have seemed as though attacks were on the rise last month with a number of high-profile hacks, phishing and malware-based attacks actually fell slightly in June, as one in 2,448 e-mails was a phishing attack, down from one in 1,865 in May. Manufacturing was once again the biggest target for spear-phishing attacks, as 22 percent of all such attacks were directed at manufacturing organizations. Nevertheless, that number is down from 41 percent the previous month.
Phishers also continued to concentrate their efforts on both the smallest and largest companies, with enterprises with 1 to 250 employees experiencing the most attacks, and companies with more than 2,501 employees in second place.
The number of vulnerabilities also declined in June, down to 526 reports from 579 in May. There was also one zero-day vulnerability reported last month, stemming from Adobe Flash Player, the same number as in May.
Not All Good News
Despite the good news, there were several troubling developments in Symantec’s report. There was a grand total of 57.6 million new malware variants reported in June, up from 44.5 million created in May and 29.2 million in April. The increase in malware variants may indicate that hackers are changing tactics, according to Symantec.
“This increase in activity lends more evidence to the idea that with the continued drops in e-mail-based malicious activity, attackers are simply moving to other areas of the threat landscape,” Ben Nahorney, cybersecurity threat analyst at Symantec, said in the report.
In addition to the increase in malware variants, ransomware attacks were up in June, with over 477,000 detected during the month. While still below the levels seen at the end of 2014, June represented the second month in a row that ransomware attacks increased since reaching a 12-month low in April. Crypto-ransomware was also up in June, reaching the highest levels since December.
On social media, meanwhile, hackers continued to rely primarily on manual sharing attacks, which require victims to propagate the scam by sharing content themselves. In the last 12 months, manual sharing attacks accounted for more than 80 percent of social media attacks.
