Nuke Modified | AntiVirus Remover

Applications, virtualization, and devices: Taking back control

An evolving workforce, reared on Web 2.0 technologies, is bringing a different perspective to how computers are used within an organization.

With a mindset that is highly tuned to sharing information and applications, and emailing and messaging friends, the new “employee 2.0” is redefining how individuals interact with the internet and the IT environment as a whole. While the new internet technologies they are exploiting can bring business value in helping employees communicate, share files and work collaboratively online, they also pose a range of new threats.

Internet-enabled applications such as Instant

Messaging (IM), peer-to-peer (P2P) file-sharing applications and Voice over Internet Protocol (VoIP) services have been causing concern for some time.

A Sophos online poll asking IT administrators what kind of software applications they would like to prevent their users from being able to access and use shows that even by late 2006 they recognized the need to be able to exert more control and to prevent users from installing and using unwanted applications.

Today the problem is even more pressing.

While businesses have put in place systems and processes to defend against malware, these defenses do not typically provide adequate protection against the new set of threats posed by today’s user behavior. Employees, many of whom have considerable IT knowledge and expertise, continue to introduce applications onto their desktops – very often simply to make the tools they work with more suited to their own idiosyncrasies – unaware of the associated potential risk.

Internet browsers

Many people are rejecting company-approved web browsers in favor of other browsers. Although these are a very real threat as hackers regularly exploit unpatched vulnerabilities in browsers to infect users’ computers, nearly a third of respondents to a Sophos poll said they did not consider browser control important.

28%

Virtualization

Of particular concern currently is the growth in the use of unauthorized virtualization software on company desktops and laptops.

Virtualization separates the logical (software) from the physical (hardware) allowing multiple systems to be run on one piece of hardware. It can represent real value at time of increasingly constrained IT budgets and organizations deploying managed virtual desktops are running no significant increased risk. Unmanaged virtual computers, on the other hand, create a black hole in an organization’s security system, with applications running in an environment about which IT administrators are completely unaware.

The ease with which virtual computer image files can now be downloaded means there is a much higher risk of end users running unauthorized applications – from games to browsers to beta software – in a virtual environment, making corporate systems and data much more vulnerable than in the past.

Removable storage devices

An organization’s vulnerabilities are exacerbated by the unchecked ability to launch unauthorized applications from removable storage devices like USB keys, CDs and DVDs, and wireless networking protocols, such as WiFi, Bluetooth and Infrared – particularly if these applications are then run in a virtual environment.

Compounding the problem is the use of these devices and protocols to transfer business data around and out of an organization. In a recent survey, the inadvertent exposure of company confidential information was cited as the number one threat, above viruses, Trojans and worms.

The business risk

The unauthorized or uncontrolled installation and use of applications, devices and network protocols can negatively impact organizations in several ways.

Security risks

The risk of infection through unauthorized applications is clear. IM-based malware attacks, for example are growing exponentially, and P2P applications are similarly on the increase and are notorious vectors for malicious code such as remote command execution, remote file system exploration or file-borne viruses. Infected files can also come in through wireless connections.

Once infected, computers can be used to send out spam or launch denial of service attacks, or to spy on and capture confidential business data.

As discussed above, data can also be easily taken outside an organization on CDs and USB keys and many recent high-profile incidents confirm how easy it is for these then to be accidentally lost.

Legal and compliance breaches

The installation of unauthorized applications and devices can pose significant legal risk as well as security risks. The need to protect data is particularly important.

Government regulations such as the USA’sSarbanes-Oxley Act and HIPAA (Health Insurance

Portability and Accountability Act), Canada’s PIPEDA Personal Information Protection and Electronic Documents Act), and the UK’s Data Protection Act place requirements on IT administrators to maintain and protect data integrity within their networks. There is further pressure from recognized industry bodies, such as the Center for Internet Security (CIS Benchmarks) and the Payment Card Industry (PCI DSS).

In addition to the repercussions of failing to protect data properly, there are other legal pitfalls. For example, the content of IM chat often includes attachments, jokes, gossip, rumours and disparaging remarks, confidential information about the company, employees and clients, and sexual references.

Extra IT support burden

As discussed, unauthorized applications and devices can introduce infection to the network, but even without this, they can create an additional IT support headache. Applications that are not properly tested and deployed can cause stability performance issues across the network.

Network and system overhead

The corporate network bandwidth and computer processor power consumed by unauthorized applications can have a direct negative impact on network resources and availability.

For example, distributed computing projects harness the “spare” processing power of millions of computers to help create models or simulations of scenarios such as climate change. VoIP also uses such spare capacity.

Employee productivity issues

Although applications like VoIP and IM can have business value, in most cases they are a distraction and are not required by end users for business purposes. In a virtual environment, applications that are normally banned by an organization, such as games, can be freely run, or users can simply use the environment to organize their own private affairs, all of which has a hugely adverse effect on productivity.

The challenge of the legitimate

The difficulties presented by some legitimate software applications raise particular challenges over and above “straightforward” protection against malware.

The fundamental step for organizations to increase security and productivity is to create and enforce an acceptable use policy setting out rules on what applications and devices are and are not approved, containing prescriptive advice on best practice, and clearly defining prohibited behavior. Beyond this, from the IT administrator’s perspective there are two distinct challenges:

Allowing controlled use of authorized applications, devices and network protocols.

Preventing use of unauthorized applications, devices and network protocols.

In practice this presents a significant challenge, not least because many users have to be allowed to be local administrators, being given privileges necessary to download applications that they need to do their job, for example downloading updated Adobe Acrobat software. However, this means that they can also download a variety of other software that they might want to install and use. This makes life particularly difficult for the IT administrator: malicious software would be blocked by anti-virus software but applications like IM are not malicious in any way.

Skype End User License Agreement

3.3…Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between You and third parties.

Control strategies

In response to the wide-ranging threats posed by the unauthorized use of applications and devices, IT administrators have tried a number of different strategies. While each strategy has some merit, there are also disadvantages.

Locking down computers

One of the most straightforward ways to stop the installation of unauthorized applications is simply to enforce a blanket lockdown on all computers, or to ban the unauthorized use of removable storage media, and to assign only limited administrator rights. However, this is precisely where application control has broken down in the past.

Some departments – notably IT and technical support – have a clear and obvious need for administrator rights. It might seem an obvious answer to allow these technical groups to install applications and to prevent everyone else from doing so. Unfortunately in practice this is not as simple as it sounds.

Many organizations find it expensive to lockdown computers for some or all of their non-technical end users. The inflexibility of the strategy means that countless policies need to be created. For example, many simple Windows functions, such as adding a printer driver, changing time zones and adjusting power management settings, are not allowed with a standard user account and therefore do require constant changing of the assigned rights. The increased staffing requirements and response times related to centrally administering every change to a computer

create a significant cost for the business.

Installing specialist control products

There are products on the market that are designed specifically for controlling which applications can and cannot be run on a computer.

These products typically involve validating usage against large databases of allowed and blocked applications.

For IT administrators they are yet another product that needs to be evaluated, purchased, installed and managed. Management of these solutions is not an insignificant task and is often difficult due to the size and complexity of allow and block lists. In addition, while application control products can be effective in blocking execution of applications, it is more difficult to stop the initial installation.

Finally, specialist application control products do not provide comprehensive protection against malware and businesses still have to invest in other security products to protect against viruses, spyware, and other threats.

Implementing corporate firewall rules and HIPS

Firewalls and HIPS (Host-based Intrusion Prevention Systems) are generally focused on blocking potentially malicious network traffic and attempts to execute a code, rather than controlling which applications users can and cannot install and/or run. They can play a role in limiting the use of unauthorized applications by controlling access to network or internet resources, for instance by looking for and blocking VoIP traffic, but are far from an adequate solution to this problem.

Applications, virtualization, and devices: Taking back control

Getting more from an anti-malware solution

Most anti-virus and anti-spyware solutions do not offer application or device control capability. However, a business will get more from its investment in protection against malware and save system and management resources if the same scanning and management infrastructure is used by the product to intercept and manage the use of legitimate software applications and devices.

Deploy only one client

Anti-malware is a necessary investment that IT administrators have no choice but to purchase, install and manage. Deploying a single client that incorporates anti-virus, anti-spyware, antiadware and control of unauthorized applications and devices will save time, money, and system resources, and improve security.

Simplify control and policy setting

Anti-malware solutions allow different policies to be set for different user groups. Being able to set policies to remove unauthorized applications and devices alongside anti-malware policies, can enhance efficiency and allow for specific needs of particular users. For example, VoIP or the use of USB keys could be blocked for office-based computers, but authorized for remote computers.

Eliminate administrative overhead

Using the same management and updating mechanisms for application and device control as for anti-malware software has obvious infrastructure and overhead benefits. However, the overall success of this combination of features, in terms of efficiency, depends on the actual way in which applications are detected. Some solutions require administrators to create their own application signatures using filenames that appear in the application, and to maintain allow or block lists. This approach is timeconsuming and IT resource-intensive. It puts the burden of updating onto the administrator and is also unreliable as users can simply change the

filename to avoid the application being detected.

A better approach is for the vendor to create and update application detection signatures in exactly the same way that malware detection is automatically updated, simplifying administration,

updating and maintenance of detection.

Reduce the support burden

By using signature-based detection that not only stops applications from being run but also blocks their download and installation, organizations reduce the time that their technical support staff have to spend sorting out computers that have been destabilized by the installation of unauthorized applications.

Conclusion

The challenges posed by the installation and use of unauthorized applications and devices on company computers are significant. While there are a number of solutions available that help IT administrators to manage the problem, many require additional investment and, for many organizations, they can be expensive, unwieldy and difficult to maintain. A better solution is one which completely integrates the blocking of unauthorized applications and devices into the existing antimalware detection and management infrastructure.

This gives IT administrators – for whom IT antimalware protection is a must have – a simple solution that removes the cost and management overhead from the equation.

About the Author

This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.

iYogi Online Software Setup and Install Service $19.99 iYogi experts will remotely access your machine via the internet for setup and configuration of more than 100 commonly used software applications. Instant, 24/7 remote access to configure and personalize settings for your Software. Get help from Microsoft Certified technicians for installing latest updates, and resolving software conflicts and incompatibilities. Award winning service is available …

Anti-Virus 2012 $27.99 AVG Anti-Virus 2012 – - Win

Anti-Virus 2012 – subscription license $41.99 AVG Anti-Virus 2012 – Subscription license – 3 computers – Win

2u Virusbarrier X6 Licens Anti Virus & Firewall $49.99 2U VIRUSBARRIER X6 LICENS ANTI VIRUS & FIREWALL

Anti-Virus 2012 – 3 user $33.99 Award winning anti-virus that just works Brilliant protection for surfing searching and social networking.

Anti-Virus 2012 – subscription package $58.99 Kaspersky Anti-Virus 2012 – Subscription package ( 1 year ) – 3 PCs – Win

CA Anti-Virus v.8.1 $50.99 1 User 12×5 Phone-Based Support Centralized Virus Management Quick Response Ease of Distribution, Implementation and Management Provides Anti-Virus Protection Extensive Reporting Recommended configuration for servers: Processor: Pentium 4 – 2.6 GHz or higher Hard Disk: 10 GB Memory: 1 GB of RAM minimum (2 GB recommended) Recommended configuration for each client running the agent: Processor: Pentium 300+ MHz recommended (200 MHz minimum) Hard Disk: 256 MB Memory: 512 MB of RAM Supported Platforms: Microsoft: Windows 95, 98, ME, NT 4.0 SP6a, 2000, XP (32/64-bit), Server 2003 (32/64-bit), as well as Microsoft Exchange 2000 and 2003 Linux (32-bit): Red Hat Enterprise Linux 3 and greater, SuSE Linux Enterprise Server 8 and greater, SuSE 9.0 and greater UNIX: Sun Solaris 8 and greater; HP-UX 11.0 and 11.11 Novell: NetWare 5.1 and greater Citrix Presentation Server 4 for Windows Lotus: Notes/Domino 4.6.2 and greater Network Appliance NAS Devices: Filer Appliance Cisco NAC and Microsoft NAP Support for Windows Apple: Macintosh OS X 10.3 and greater for Power PC; Macintosh OS X 10.4 and greater for Intel Gateway: Microsoft Windows NT 4.0, 2000, XP, 2003 and Red Hat Linux Gateway Plug-In: Microsoft ISA Server; Apache; CVP PDAs: Palm, Microsoft Windows Mobile 2002/2003/2005, Microsoft Smartphone 2005, and Pocket PC 200 CA Anti-Virus is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against viruses and malware with powerful management features that stop and remove malicious code before it enters your network, reducing system downtime and outbreak response costs. Anti-Virus v.8.1 Antivirus CA Computer Associates International, Inc EAV8101BPE Security Software www.ca.com

Email Anti-Virus Mcafee and Time Zero – subscription license $1159.99 SonicWALL Email Anti-Virus Mcafee and SonicWALL Time Zero – Subscription license ( 3 years ) – 1 server 25 users

What the Virus $111.53 Antivirus software is a key security technology on todays end user systems. Current antivirus engines use two complementary techniques to detect malware. One is to statically scan potential malware sample files for certain patterns which are known ( malware signatures ). The other is to dynamically detect typical malicious behavior (e.g., modifications of registry keys, DLL injections etc.) upon execution of a sample. No antivirus product can reliably detect malware. Rather, all products are plagued by false positives and false negatives. An interesting approach to improve the reliability of detection is to run several antivirus products on a given malware sample. There are several online scanning services, that implement this approach. However, for performance reasons these services only use the static signature detection functionality of the anti virus products, and thus do not take advantage of the full functionality of current antivirus engines. This book explains how to overcome this limitation and to build an efficient online malware scanning service that fully utilizes the capabilities of current antivirus engines. Author: Winkler, Patrick/ Schneider, Robert Binding Type: Paperback Number of Pages: 108 Publication Date: 2011/05/29 Language: English Dimensions: 9.02 x 5.98 x 0.26 inches

Koko (Computer Virus) $68.51 High Quality Content by WIKIPEDIA articles KOKO Virus is a memory resident parasitic virus created on March 1991. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. On July 29 and February 15 it displays a message and erases the disk sectors, and the next day everything goes back to normal. In 1991, an Egyptian Engineer Developed the virus for testing and research purposes, become the first Virus Creator in Middle East for EXE COM TSR Virus over DOS and workgroup windows, after a straight order from the government he release the antivirus (AAV Adham Anti Virus ). the virus spread fast and easily and it became one of the famous names KOKO in Memory resident Viruses. KOKOs name came from the creator himself, which was his nickname used by his friends in 1991 Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 84 Publication Date: 2010/08/25 Language: English Dimensions: 6.00 x 9.02 x 0.20 inches

The Panic Virus (Paperback) $22.6 WHO DECIDES WHICH FACTS ARE TRUE? In 1998 Andrew Wakefield, a British gastroenterologist with a history of self-promotion, published a paper with a shocking allegation: the measles-mumps-rubella vaccine might cause autism. The media seized hold of the story and, in the process, helped to launch one of the most devastating health scares ever. In the years to come Wakefield would be revealed as a profiteer in league with class-action lawyers, and he would eventually lose his medical license. Meanwhile one study after another failed to find any link between childhood vaccines and autism. Yet the myth that vaccines somehow cause developmental disorders lives on. Despite the lack of corroborating evidence, it has been popularized by media personalities such as Oprah Winfrey and Jenny McCarthy and legitimized by journalists who claim that they are just being fair to “both sides” of an issue about which there is little debate. Meanwhile millions of dollars have been diverted from potential breakthroughs in autism research, families have spent their savings on ineffective “miracle cures,” and declining vaccination rates have led to outbreaks of deadly illnesses like Hib, measles, and whooping cough. Most tragic of all is the increasing number of children dying from vaccine-preventable diseases. In The Panic Virus Seth Mnookin draws on interviews with parents, public-health advocates, scientists, and anti-vaccine activists to tackle a fundamental question: How do we decide what the truth is? The fascinating answer helps explain everything from the persistence of conspiracy theories about 9/11 to the appeal of talk-show hosts who demand that President Obama “prove” he was born in America. The Panic Virus is a riveting and sometimes heart-breaking medical detective story that explores the limits of rational thought. It is the ultimate cautionary tale for our time.