New and dangerous malware

Transient

The last few years has shown us some very interesting new security holes in the software we all know and love. Gone are the notions that just having a machine off of a network would completely remove all security worry or that having a Mac was a shortcut to peace of mind. Recently, Microsoft released a particularly critical patch (MS12-020) for a common tool most businesses utilize in some capacity: Remote Desktop.

For those who haven’t heard of it, Remote Desktop is a method of connecting to another computer and being able to use it as if you were right in front of the screen yourself. It’s been security best practice to make sure this service isn’t available from the outside of a company network, but that isn’t always possible from a usability standpoint. This issue underscores a few, common methods to keep your computers free from those unwanted bugs.

  • Run a security suite (and keep it updated!). While this shouldn’t be your only line of defense, it will nab the most common malware. Having a Mac isn’t an excuse any longer as well. Examples include AVG, Symantec, and Trend Micro.
  • Stay updated! The vast majority of successful exploits rely on unpatched computers; that means Microsoft Windows, Microsoft Office, and our favorite problem children Adobe Acrobat Reader, Adobe Flash, and Oracle Java.
  • Turn the firewall on. All modern operating systems come with a firewall that’s enabled by default. This has some usability consequences but will enable you to hop on those free wifi networks at your local coffee shop and not have to worry so much about a nefarious cohort in caffeine prying into your files.
  • Don’t plug in unknown flash drives. Found a flash drive in the parking lot and want to see what’s on it? Chances aren’t bad that there are some latent baddies lingering on that free hardware, and the likelihood that there’s something interesting on there is much, much lower.
  • Practice safe browsing. Just browsing is an easy way to get infected, usually called ‘drive-by downloads’ even popular sites aren’t safe from third party advertisers loading virus-ridden files directly to your computer, oftentimes bypassing the antivirus as though it wasn’t even there. From using Firefox and Chrome browsers in lieu of the much maligned Internet Explorer that comes preinstalled on Windows to utilizing OpenDNS (which trims most of those bad sites of known bad stuff) there are a number of ways to protect yourself.
  • Avoid attachments from unknown or unexpected places. Anti-spam filters have gotten a lot better, but there are still emails that occasionally ask you to run a program attached to the email to view shipping details for a package you never ordered. Most communication doesn’t require an attachment of any kind, so it’s better safe than sorry.
  • If you’re suspicious, stop! If you think something’s fishy, contact whoever sent you the email or close the page. If you think you’re infected, don’t ignore it, you may lose private data to unscrupulous people around the world. A professional opinion is a safe bet.

Catalyst Technology Group’s Managed Service provides automated and enforceable security policies on your company’s servers and workstations to make unexpected downtime a thing of the past. Contact us for more information.