Unlike some security professionals, I still regard antivirus as a necessity. It doesn’t catch advanced threats, and everything it does catch can be caught through other methods, but it is the most cost- and labor-effective way to catch the best-known, least sophisticated attacks. If you put a $100,000 incident responder to work hunting ordinary viruses, you’ll waste a lot of money on salary and quickly lose that incident responder to another company offering more interesting work.
Of course, there’s a great deal of discussion in the mainstream computer magazines about which antivirus is the best. I don’t agree with their methodology though–they might as well be looking for the longest 8-foot 2×4 at the home improvement store. Yes, you can probably find some variance if you get out a micrometer, but what have you accomplished?
SANS has a good real-world test to see how much protection your antivirus software is really giving you.
Continue reading Use this file to find out how much your antivirus is protecting you
One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.
The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.
- use application whitelisting to help prevent malicious software and unapproved programs from running
- patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
- patch operating system vulnerabilities
- restrict administrative privileges to operating systems and applications based on user duties.
Continue reading Application whitelisting on Windows, even home editions
There was a fair bit of talk last week about a study that compared security advice from security experts versus security advice from people who are at least somewhat interested but don’t live and breathe this stuff.
There were significant differences in the answers, and a lot of security professionals panned the non-expert advice. I don’t think the non-expert advice was necessarily bad. Mostly it was out of date.
Continue reading Five things security experts do vs. five things non-experts do
In case you haven’t heard, it’s possible to hack into about a billion Android phones by sending them a text message with a specially crafted picture or video attached.
Google has a fix. The carriers and phone makers are taking their sweet time pushing it out. They may never do it. Here’s how to protect yourself.
Continue reading How to keep your Android from being hacked by a text message
After having an incredibly bad week last month, Lenovo started saying the right things, and perhaps doing some of the right things too. But some laptops with the Superfish malware preinstalled on them are still in the supply chain, which means some people are unwittingly buying them.
This isn’t terribly surprising. But there are a couple of things you can do about it, and they’re things worth doing anyway.
Continue reading Lenovo is penitent, but its customers aren’t out of the woods yet
I was talking breaches last week when a very high-up joined the conversation in mid-stream.
“Start over, Dave.”
“OK. I’m talking about breaches.”
“I know what you’re talking about,” he said, knowingly and very clearly interested.
Continue reading You’re telling me someone gave a stranger his password?
This week, Google published a vulnerability in Windows 8.1 after a 90-day countdown timer automatically expired. Microsoft has not yet released a patch.
Controversy ensued. Obviously, yes, an unpatched, well-known vulnerability in Windows is troubling. But the alternative is worse.
Continue reading Why Google ratting on Microsoft isn’t all bad
Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined!
Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet. Continue reading USB malware: What you need to know
Late last week Microsoft released a new version of EMET. I’ve written about EMET before and I still recommend it. EMET 5.0 adds a couple of new mitigations, tries to be harder to bypass, and offers improved compatibility, so there’s little reason not to upgrade.
EMET does more than anything else I can think of to protect you from the many things that get past your antivirus software and firewall’s defenses, and it’s free. I can’t think of any good reason not to run it. Of course, the people not running it at all stand to benefit the most from it, but if you’re already running EMET 4.1, upgrading to get better protection is worthwhile, too.
One myth that I hear over and over is that having a router on your Internet connection makes you invisible, and makes you somehow invincible. I even heard someone say recently that if you have a router/firewall, you don’t need to run antivirus software.
Security researcher HD Moore appeared last week on Risky Business and he talked about ways that entire classes of routers can be compromised. Give it a listen. Continue reading Listen to this if you think a router makes you invincible