You are currently browsing the tag archive for the ‘malware’ tag.

dangerous-software-1200_croppedImagine that you are working to meet a midnight paper submission deadline.

Suddenly your computer freezes. Reboots don’t help. The Engineering major down the hall can’t help. Midnight passes helpless. The next day the repair specialist tells you that a wicked virus trashed your machine and only a total reformatting of the hard drive will save it. It is expensive.

Even worse, all of your data including your paper, drafts, research and earlier works are just plain gone.

This heartbreak is a genuine possibility, but the odds against it can be radically shifted in your favor.

“OSU is subject to 16 million hostile network attacks every day of the year.”

To understand how we may ward ourselves against digital catastrophe at OSU I spoke with Lois Brooks, Vice-Provost of Information Services (IS), and Dave

lois_brooks

Lois Brooks


Nevin, Chief Information Security Officer for the Office of Information Security.

These guardians of our networked community had two salient calls to action for you: be aware and compute safely.

dave_nevin

Dave Nevin

 

Being aware means paying attention to the daily changes in our network ecosystem in order to take appropriate action.

For example, are you aware that this week OSU Information Services is recommending an Apple computer patch and device update in order to address new security risks to the Apple OS?

If you are not aware of this current threat, then you are not network secure, no matter what operating system you use.

“Criminal hackers seek to access your personal information (e.g. SSN) and sell sell it to high-end information identity thieves.”

Nevin is blunt about the risks to the inattentive; “OSU is subject to 16 million hostile network attacks every day of the year. The hostile attacks are from criminal organizations seeking personal information and intellectual property. OSU can prevail against this assault only if students, faculty and other members contribute by safeguarding their computers and devices against the hostile hackers.”

I was like; “Did I hear that right? 16 million attacks per day? Why would anyone even do that?”

The answer is that your Social Security number and other personal information is stored digitally at OSU which criminal hackers can immediately sell it to high-end information identity thieves.

Nevin observes; “It’s tough. We’re out-numbered. The people we’re fighting against to protect that information are smart, and have a lot of resources available to them. But we have smart people too, and we’re working together to do everything we can to prevent t1hat from happening.”

norse_map

NORSE Attack Map

To see a live display of network attacks around the globe, see the NORSE Hack Attack Map (do check this out because it is amazing!)

Brooks is OSU’s chief information officer and is ultimately responsible for the University’s information technology (IT) policy and budget.

She explained to me in detail the delicate balance between security, safety and privacy at the large scale of the university enterprise.

“All OSU members participate in a social compact with one another to ensure a secure community of trust and shared resources. It requires that every individual take personal responsibility to meet that overall aim.”

Do your part by keeping all of your devices fully patched using current anti-virus and anti-malware available to you for free from Information Services.

Sometimes safety goes beyond network hacks and enters the realm of physical threat.

Brooks and Nevin affirm that OSU cooperates with law enforcement to protect public safety.

osu_recommended_software

On occasion this involves accessing information from the accounts of individuals.

Brooks emphasizes how extraordinary such instances are; “Even though we need to be able to respond when there is a problem, we at OSU go out of our way to not look at people’s data unless necessary.”

Ours is a culture of respect and I speak from experience to vouch for the integrity of our university leadership in upholding these values.

For you, dear reader, there follows from this balance of privacy and safety a principle based in the wisdom of discretion.

That is: do not use OSU network resources to post information that potentially puts you and others at risk.

Create your own balance of safety and privacy by keeping your machines full patched against hacking and by maintaining intellectually responsible content.

This is what it means on Overheard at OSU when someone posts; “Keep it classy Beavers.”

“We at OSU go out of our way to not look at people’s data unless necessary.”

Here are two simple steps that you can take to do your part in upholding safety and respect at OSU.

Be Aware: Build your expertise about the OSU’s security ecosystem at “Be Aware!”

is.Oregon State.edu/accounts-support/be-aware

Free Software: Turn your computer and devices into a personal anti-hacking fortress by installing the free and essential software at:

“Anti-virus is a requirement while you are at the university as it is part of the Acceptable Use of University Computing Resources agreement.”

Nevin invites all OSU members to contact him about network security and privacy issues: Dave.Nevin@oregonstate.edu.

Brooks has an open door policy concerning all OSU IT matterantivirus-icon[2]s: Lois.Brooks@oregonstate.edu.

You can always write to me about anything.
drtech@oregonstate.edu

I promise to make sure that your comments get to the appropriate people and I will write you back.

Have a great start to Spring term, invest some time in your network awareness and safety and keep it classy, Beavers.

Resources

OSU Office of Information Security

OSU Antivirus Software

OSU Campus Civility and Inclusivity Campaign

 

Image Acknowledgements

dangerous-software.jpg
http://is.oregonstate.edu/office-information-security-created

Dave_nevin.jpg
https://www.linkedin.com/in/david-nevin-a9a9b2

lois_brooks.jpg
http://is.oregonstate.edu/adminserv

norse_map.png
http://map.norsecorp.com/#/

osu_recommended_software.png
http://oregonstate.edu/helpdocs/security-and-tuning/computer-viruses/antivirus

antivirus_icon.gif
http://oregonstate.edu/helpdocs/security-and-tuning/computer-viruses/antivirus

imageConsider the following; “Installing and running anti-virus software on all of your devices is an OSU requirement.”

True or False?

It is true; anti-virus software is a requirement while you are at the university as it is part of the “Acceptable Use of University Computing Resources” agreement, which you should read because by being at OSU you have implicitly accepted that agreement.

I am not saying that you have to buy anti-virus software, because OSU Information Services and Dr. Tech have got your back on this; go to

>oregonstate.edu/helpdocs >Software >Recommended Software

You will there find pages which explain how to configure Windows Defender or install ClamXav for Mac OS X; neither program will cost you money.

The resources referred to in this article with annotations and more are available at Dr. Tech’s Bookmarks.

They are “recommended” in the sense that these are OSU’s supported anti-virus solutions.

You can use other solutions (i.e. Symantec, McAfee) but you are required to have anti-virus protection on each device.

This protection is required at OSU because your devices share common networks with tens of thousands of others.

An unprotected device is a threat to everyone.

Consider the taxonomy of software called “malware,” which is code used to replicate itself, disrupt computer processes, gather information illicitly, or gain unauthorized access to a computer.

McAfee Labs collects malware and produces anti-virus software.

In “The State of Malware 2013" McAfee reports cataloging over 100,000 new malware samples every day.

That rate is increasing and the malware is growing in sophistication.

To put this into context, as McAfee Labs states; “Malware infiltration and data exfiltration almost always occurs over a network.”

That means that whenever your devices are on the OSU wireless or wired networks, they are exposed to malware.

It does not make me feel better to know that my own government is creating and spreading malware.

Malware infiltration is the infection of a computing device by a malicious program; data exfiltration is the unauthorized transfer of data from a computing device.

I hear someone asking; “Sure, but how bad can that be? It’s just a program.”

imageConsider some of the major types of malware and what they do.

Virus: this type of program replicates and spreads by inserting copies of itself into programs, data files, email, web pages, etc. Successful viruses can do many evil things from stealing and corrupting your data to wrecking your computer.

Worm: these replicate themselves in order to spread to other computers, but unlike a virus do not attach to another program. Like a virus they are evil.

Trojan horse: they don’t replicate but covertly invade a computer in order to execute commands or steal passwords. They sneak through protections by hiding within legitimate programs, like the Greeks did at Troy (read The Iliad).

Ransomware: invades your device in order to ruin your day by encrypting files or blocking programs, then it demands payment from you in order to be removed.

Spyware: these stealth programs sneak into your devices and quietly steal your data, passwords, and credit card numbers to send to their malefic masters.

Adware: invades a computer, often to hijack the web browsers, in order to force the display of unwanted advertisements and search engines. Does this malvertising actually work as a marketing strategy?

Rogueware: these horrors impersonate an anti-virus solution which warns you that your device is infected. If you fall for it and install the lying rogueware, your device will now be infected.

Scareware: a variation of rogueware that plays on all kinds of fears from internet security to social reputation. Everyone has a secret fear (read 1984 by George Orwell) and for each there is a scareware eager to strike terror into your heart.

PUP: a “Potentially Unwanted Program” that may not be directly malicious though they surreptitiously take over functions of programs that you have chosen to use and use up resources slowing down your device.

You have probably seen PUPs in the form of weather apps, search bars, shopping tools, browser redirects that you did not consciously choose to install.

I call PUPs ‘predictably unwelcome parasites.’

That’s just the short list, but isn’t it reason enough to implement anti-virus protection now?

Even better, add malware protection to your computer.

OSU recommends MalWareBytes and SUPERAntiSpyware and has links to them at the above referenced web pages.

Both programs have free and premium versions.

With them you run scans for malware. When they find malware code it is put into a delete folder that is quarantined from the rest of the computer. You can review those programs and choose to keep or delete them.

These anti-malware tools can be set to run scheduled scans and the premium versions provide real-time protection.

While writing this I ran a scan of my desktop from MalwareBytes. It found eight Trojans and ninety four PUPs on my computer.

My last act in writing this article will be to select “delete all” (heh heh).

I strongly recommend that you visit the IS helpdocs, install anti-virus software and malware protection software and use them regularly.

In good spirit,

Dr. Tech

 

Acknowledgements: Creative Commons Licensed images

http://pixabay.com/en/malware-virus-hacker-trojan-297722

http://www.cyberlawcentre.org/unlocking-ip/blog/2007_02_01_archive.html

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 316 other followers

RSS thought currents

  • An error has occurred; the feed is probably down. Try again later.