by Jeff Gable, Edafio Systems Engineer

We all have experienced it at one time or another. Your computer becomes infected with some little nasty and the performance has been degraded to the point that you are ready to throw your computer out the window. So, what causes this and how did I get infected with it?

Most of these infections fall under the broad umbrella of Malware. However, Malware comes in many forms.

So what is Malware? It is “malicious software” that gets installed on your computer without your knowledge or consent. Some forms of malware are just a nuisance where others have a more viral or criminal intent.

Some common forms of Malware:

Adware: programs that run and display an advertising banner and produce the infamous pop up advertisements. This is usually associated with some free software that was downloaded such as a special toolbar for Internet Explorer.

Spyware: programs that are designed to gather and steal data from the infected computer. These are programs such as keyloggers and data miners which are two of the more common forms. They try to steal passwords, credit cards, social security numbers and anything else that can be used to aid in identity theft or monetary gain for the thief.

Trojans: These are virus programs that conceal themselves as a legitimate program. By design, they hide themselves as a common process so that they can run undetected on the computer for lengthy periods of time or until they are triggered to run, and may damage the computer to the point that it cannot boot up and run.

Exploits: These are some of the most dangerous out there! They typically are setup using a spam email that contains a link to a website in the email. It typically is a link that is preceded by a statement that is designed to get you curious, and the embedded link is nothing but random numbers and letters with no identifiable site at the beginning of the link. The user clicks on the link, Internet Explorer opens up, but then it appears as if nothing happens. The page may go blank or just disappear. Unfortunately, something did happen. A payload was downloaded that allows the hacker to remote into your computer whenever he likes. It is undetectable to the untrained eye after it is installed.

These types of infections are becoming more numerous because of their ability to be stealthy. They allow the cyber thief to obtain information that can be turned into a profit without the infected computer‟s owner even knowing that any information has been stolen.

The data is still there and nothing seems to have changed, but it has been stolen because it has been copied or read.

How did I get infected?

For the last ten plus years it has been widely understood that email is the number one avenue for virus infections and before that it was the famous floppy disk. Well times are changing and although email is still considered a major avenue for virus infections, these avenues are evolving into more of a web based threat.

As you surf and search for information across the internet, you are directed to many sites that have information on them related to your search parameters. Some of these are legitimate sites and some are sites to which you are actually redirected. These sites are created and designed by the “Black Hats” or hackers to “spoof” or imitate legitimate websites. The evil people who create these viruses and exploits have found that many sites built using older code and security measures can be “hacked”, and then used as a way to install a small piece of code onto any computer when the user visits the site.

I got a Windows Security Alert that said I was infected with numerous viruses?

First of all, Windows will “NEVER” alert you to a virus infection! This message is usually associated with a web link to download and scan your computer to clean it. This is a trick to get you to download what is referred to as “Rogue Anti-Virus.”

Rogue Anti-Virus is a program that tries to imitate an anti-virus program but it has another intention all together, and will cause some major disruption for the user. It is very hard to clean because it disables the anti-virus and many of the tools used to remove it. It will also not let the infected IE browser go to security sites; windows update site or any other site that has been predetermined to have tools to remove it.

In most cases, a System Restore to a date prior to infection is the most cost effective way to recover. Note: All user data created between the System Restore date and the current date will be lost when this action is performed.

Malware infection removal is quickly becoming one of the most costly expenses for companies as well as home users. So what to do now?

What to do when my computer becomes infected?

There are several anti-virus programs and anti-malware programs out there that can be used to remove malware and virus infections. I would only recommend products from “known” IT management companies.

The problem is that these malicious programs are learning how to prevent the user from using these programs and in some cases, the windows tools themselves. Some will disable your anti-virus, and when you try to open up the registry or the other windows tools, a message appears that this file is infected and this prevents the program from being able to run.

A well designed malicious program will have self healing properties associated with it. These self healing properties within the program will have several executables that recreate a file if it is deleted. So, if you go into the registry and delete one of the executables that is identified with the infection, the particular file that is monitoring it will execute and reinstall the file you just deleted. These self healing properties make removing these infections very difficult, time consuming and extremely costly!

Anti-Malware Program

One of the best anti-malware programs on the market is Malwarebytes. You can download the program from http://www.malwarebytes.org. There are two versions offered.

Free Version: The free version is basically a “clean and remove” only tool with just a few extra tools. It does not offer “real time” protection so the user is required to open up the application and manually update it to get the latest definitions and updates for the scan engine.

Full Version: This version offers real time protection, automatic updates and a host of extra tools.

One thing to note is that it is a best practice to install Malwarebytes “before” becoming infected. This is due to the fact that some of the Malware programs out there prevent you from going to this site so keep it updated as much as possible.

For Businesses: A good way to protect your business is to install Web filtering software. Edafio recommends Websense for small businesses.

Windows System Restore

If you are a little tech savvy, the Windows System Restore can be run to restore your computer back to a date before it was infected. If unsure how to do this, consult your owner‟s manual or search for it at the manufacturer‟s website.

How do I prevent getting Malware infections?

1. Good web surfing habits are a good start. Just be careful where you go and “especially” what you agree to download. If you receive a pop up READ IT before clicking okay. Clear any checkboxes for any unwanted additional software that is included in the download.
2. If you decide to download something, do it from a respected site. If you are looking for drivers for example, go to the manufacturer‟s website to download the driver, not some erroneous driver download site.
3. Don‟t include the word “Free” in your web search. We all like to get „free” stuff but beware if you type “free” anything in your search engine. Many infections start out just like this with the user looking for something free on the internet.
4. Use a “Real Time” Malware scanner. It should proactively prevent malware from getting installed on your computer at all.
5. Keep your computer updated with the latest Windows Updates. Microsoft patches vulnerabilities with their products on a regular basis. The second Tuesday of the month is known as “Patch Tuesday”. Internet Explorer, Java, and Adobe should be kept up to date with the latest releases.
6. In corporate environments, utilize a Web Filtering product such as Websense. These products, when configured properly, will help prevent users from downloading malicious content into your environment.
7. Install respected Anti-Virus software such as Symantec or McAfee. Keep it up to date! Anti-Virus and Malware prevention programs are only as good as their latest definitions. That is how they know what to look for and remove.
8. Use the best Spam filtering hardware or software you can afford! Spam is not just junk mail for Viagra anymore. Many spam email contain links to hijacked or spoofed web sites where malware and other exploits use their tricks to get it installed.
9. Social networking sites such as Facebook, My Space, and Twitter offer a new playground for hackers. They can spoof a message from an infected computer so that it appears to come from one of your friends but contains a link to a malicious site. Always verify that the person sent you a link. If you receive a message from a user with whom you rarely communicate, be very suspicious and confirm with the friend that they in fact did send it.

Finally, NEVER click on a hyperlink that only contains numbers and random letters! If you do receive a link contact the friend to make sure they actually sent it.

If you have ever copied a link you will notice the first part of the link normally contains the site name not just an IP address! For additional support, we would be happy to assist you. Contact us by phone or email.

A zero-day vulnerability known as “Hydraq”, “Aurora”, “Google Attacks”, and “Microsoft IE Vulnerability” has allowed cyber attacks on a number of large enterprises. This is the reason to have a good firewall in place (especially with inside AND outside access lists), Web Filtering, good patching levels, and a business class Anti-Virus application.

In this exploit the hacker opens up a program using Linux and assigns the program to accept or “Listen” for incoming traffic on port 4446, then sets the payload. The corporate/home user using XP with IE6 opens up a website (that could be a link that was provided in an email or a normally visited website that was hacked/redirected to the malicious program). Once the site is accessed, a specially crafted packet is used to gain access to the corporate/home user’s pc by the vulnerability that has not yet been patched. This attack gives the hacker full access to the user’s machine.

Here are some of the different managed IT services that would help in an effective defenses against these types of attacks or malicious events.

1. Firewall: This is usually the first line of defense. If rules are properly configured it would usually block these ports that allow a hacker to gain access to the internal network/workstations by using INSIDE and OUTSIDE access lists. Reminder: 99% of all firewalls allow internet traffic out or in).


2. Websense/Internet Filtering: A properly configured internet filtering appliance would help as a secondary defense and in most cases would not allow the port to be opened or the website that had the exploit would have been (again in most cases) unauthorized to visit.


3. Microsoft Critical Patches: Keeping these up-to-date assist in “Plugging the holes” that not only keeps the system stable, but also helps in keeping the system secured.


4. Spam Filtering: A decent spam filtering product like IronPort properly configured, would in most cases keep e-mail out of a system that would normally be delivered to an end user. As an example a company without an adequate spam filtering product might receive emails with hyperlink attachments that an untrained end user could expose these types of vulnerabilities by simply just “clicking” on the link.


5. Antivirus: Last line of defense usually would be the anti-virus software application. A decent/properly configured anti-virus application would help defend against an attempt to install malicious software/applications on the server/machine.

Conclusion: Although nothing is 100%, having these types of hardware/appliances and software in place, properly configured, and with regular scheduled maintenance you can greatly reduce your risk.

Come and join us on October 13^th, at 2:00, for our NLR Chamber of Commerce Ribbon Cutting Party.  After a few works from our president, Robert Russell, we will have the ribbon cutting followed by a quick tour of the new office.   We look forward to having you celebrate with us.

Edafio has been selected as a council member of Level Platform’s Partner Council.

 

Council members are selected based on their demonstrated innovation and market leadership as well as their commitment to work with the broad managed service provider community to shape the future of Managed Workplace and the Level Platforms Partner Program.  The council is comprised of up to 50 partners who work with the Level Platforms’ management team to help guide the joint success of Level Platforms and their partners.

 

Edafio has 5 years experience as a managed service provider, and its position as a Level Platform Council member makes it unique from other business technology providers in central Arkansas.

 

“We are honored to have an organization with the depth of experience and demonstrated success of Edafio participating on the Partner Council” said Dan Wensley Vice President Partner Development at Level Platforms. “Edafio has already been actively working informally with our partner and product teams and we welcome the opportunity to formalize this relationship for our mutual benefit and more importantly, for the benefit of our thousands of Partners that will benefit from the work of the Partner Council.”

 

About Edafio

Edafio Technologies is an IT management company and technology consulting firm in Little Rock, Arkansas specializing in helping clients increase business efficiency. We help our clients with design, implementation and support for their IT networks to accomplish their financial objectives. With accreditations from Microsoft, Cisco, HP and others, our team of highly trained engineers is ready to solve your problems.  For more information, visit http://www.edafio.com.

 

About Level Platforms

With 3000 Partners in 30 countries, Level Platforms is the leading provider of managed services software for IT solution providers servicing small and midsized end customers through its award-winning agentless remote monitoring and management software, Managed Workplace.  http://www.levelplatforms.com/

With the help of Little Rock web design company 1011 Web Solutions, Edafio is proud to launch their updated website. The new site contains information about the latest technologies that Edafio offers. Also, from our website, current clients will be able to start trouble tickets without having to pick up the phone. We would love to hear your thoughts on our new site.

By Stuart Crawford

Businesses today wrestle and grapple with the thought of hiring their own technology support staff to support their daily need for IT support without fully understanding the risks and the costs associated with having their own team of technology professionals.
 
Business owners, C level execs and Managers are attracted to the idea of having a team or a consultant readily available within shouting distance down the hall, basically having an IT resource committed to them 24 hours a day, 7 days a week. However, many of today's business owners across the country are not aware of the total risks their business is exposed to by electing to bring their technology support in-house.
 
More often than not it is purely a cost based decision, on the surface it may appear to be more cost effective to hire a consultant or employee who is committed as a full time employee. CFOs and Accounting Managers often look only at the cost of having their IT outsourced and or attracted to hiring someone for a few thousand dollars a month as part of their staff will save their company in the long run. This is not the case in reality and by having a full time employee will actually end up costing business today more in the long run.

So what are the advantages of having an IT Partner who focuses on delivering a complete managed technology solution? There are a number of immediate benefits over having a full time employee. These benefits include:

The average technology professional with five years experience may be worth $60,000 a year. This is great when you looking at the bills from your IT provider and see that you have probably spent paid the same in their consulting bills for only a fraction of the time. When a business elects to go internal, a $60,000 salary now buys the business one person and not a team of professionals offering depth in expertise and knowledge.

IT Partners will provide around the clock monitoring and coverage throughout the entire term of the contract. When a company hires their own IT staff, now the challenges around vacation scheduling, training and time off from illness impacts the company. An outsourced IT Partner provided full time coverage, vacations, illness and other absences now are not an impact on your technology support.

There are hidden additional costs when a business elects to hire internally. The costs associated with training can rise rapidly, when you have a trusted IT partner, training is no longer the company's challenge. The IT partner ensures that the skills of their team are up to date. Combine this with costs associated with procurement of equipment that include SmartPhones, laptops and other supplies can quickly add up and then there is the added payroll expenses associated with healthcare, payroll and others logistical items.

IT partners can offer a wealth of knowledge and great resources when needed, offering networks of partners who can help geographical and even across town. When a company turns to hiring their own staff, this experience often is not available to them and they are stuck with just a single person or a very small team with limited expertise. Now when these skills are required outside of the skills level of their staff, this is now an additional expense that normally the right IT partner can extend to a company as part of their program.

IT technicians always like to be challenged even the ones that you hire. What happens at the average company when the challenges stop occurring? Boredom is disastrous. There are two possible outcomes that occur with in-house staff who deal with challenges with boredom.

They choose to leave to seek out challenges - When a company loses a member of their own internal staff, the intellectual property and knowledge goes with them. This leaves a huge void in the understanding of your systems and network layout. With a trusted IT partner, this knowledge is retained and companies continue to function as if nothing occurred.

They decide to adopt "make work" projects - When this occurs it can be disastrous as well. Many make work projects are the result of boredom and complacency because of lack of challenges. When make work projects appear, what isn't getting done is the attention to the daily needs of your systems and network. Make works projects are distractions and your IT partner doesn't worry about finding stuff to do on your network. The daily attention to your systems is still the main focus of their services.

Michael Fafinski, President of Syand Corporation in Minneapolis states about the value of having a full service IT partner can bring to a company, "having a full feature IT partner eliminates the "tunnel vision" found with internal employees. Too often, employers are limited only by the expertise of their internal employees and lose opportunities to improve their business."

Many firms that elect to go with their own in-house IT person, more often than not resent this decision down the road. What seemed like a great idea quickly turns into a huge business mistake that ends up costing them.
 
Randy Biggs from VACS in St. Catharines, Ontario shares "Hiring a trusted IT partners allows a company to have access to many additional certified resources without having to keep paying for their staff to get certified. I find that with hired staff, you get one of two types. One that always wants the latest and greatest that many companies cannot afford to keep up with and the second, someone who becomes complacent and only does what needs done. In either case, they aren't looking out for the best interest of the company."
 
When a company elects to retain an outsourced firm over hiring internal, they are getting service from a company who is focused on ensuring the IT needs are being addressed in the most efficient manner possible. Many trusted IT partners are focused on the bigger picture, ensuring everything is looked after in a company's environment including:
Vendor Relations
IT Budgeting
Network Monitoring and Proactive IT services
Knowledge Base Management
Disaster Recovery Planning
 
Partnering with a trusted IT Partner brings value to any business no matter what the size, what makes more sense to you? Limiting the knowledge, options and having to deal with people challenges such as complacency and boredom or expanding available options by having a wonderful relationship with a trusted IT partner who understands what business needs to grow, increase profits and the importance of the right technology solution.

Stuart Crawford is the Vice President of Business Development for IT Matters Inc. A Calgary based Professional Services firm focused on delivering Managed IT Services in Southern Alberta. IT Matters is a Gold Microsoft Partner and Small Business Specialist. Visit their website at http://www.itmatters.ca - You can contact Stuart at scrawford@itmatters.ca or through his blog at http://blog.itsuccessmentor.com Article Source: http://EzineArticles.com/?expert=Stuart_Crawford

Edafio Technologies has relocated to its newly constructed, 4300 sqr foot, state of the art office in the North Shore Business Park. Robert Russell, president of Edafio, says the new location “will allow us to provide better service to our clients by being more centrally located.” The new office also has a gas generator so that in case of outages, Edafio will still be online to help customers. The employees at Edafio are excited about the additional space, but for Justin Schwilling, he is eager to cycle the River Trail after work. If you are in the area, Edafio invites you stop in and tour our new facilities.