- December 12, 2012
- Posted by: poundedyam
- Category: Blog
Does your IT Security protect your computer?
It is very fascinating to look at the methods and ways with which computing systems security are compromised by malware in the present day and age. There are simple ways of detecting or sensing that a system has been infected and this is quite simply by observing the system performance which might suddenly be degraded or the computer’s behaviour changes which is an obvious pointer and thus alerts you to a need for further observation and investigation. Although the above is not a fool proof way of knowing for sure, neither is it the best way of measuring, but at least it gives you an idea so as to be on the lookout for your system being compromised. There are many ready-made tools that allow us to protect our computers; and most of them actually do the job quite well or at least to some extent. However, due to the number of malware attacks occurring daily, as well as the sophistication of these attacks, it does seem that these tools are no longer as effective as they once were and thus do not work properly against these new malware. We do need to ask ourselves one pertinent question, “Why are all these tools i.e. anti-malware, anti-virus, firewalls and IPS not protecting our systems?”
The answer is simple, malware writers are producing very sophisticated software that will evade almost all anti-virus, anti-malware and firewalls on any computer system, and because they are designed to load their payload using existing trusted websites, your system will become infected with a malware by just visiting the infected website. Once infected, you might spend hours trying to fix this problem.
Earlier this week during a routine system check by our in-house IT security expert, we came across a file called conduit.dll that seemed to have been signed by conduit, but when using Sysinternals, it was discovered that the signature of that dll was a broken signature, which raised our suspicions. We thereafter ran various tools like Process explorer, Process Monitor-procmon to find out more about that dll, after a few hours of investigation it was clear that the system was infected by a malware, and this happened as a direct result of visiting a website that was deemed to be safe. It has to be noted here that the following preventive and protective tools such as Avast, AVG, Norton, Comodo did not pick up this file.
What is the best IT Security Measures available to Businesses
The way this malware installed itself, it loaded its payload in users/appdata/local/temp and from this location injected a dll on windows/systems32 before installing a new directory and programs files thus making it appear as a genuine app. This process of infection can be negated by simply using a “bubble” or creating a virtual layer between the OS kernel and the browser on the machine. Despite this being a simply way of solving this common problem, there are not many tools out there that can effectively carry out this job. The only software that can be installed in my machine that puts a virtual layer between the OS kernel and browser is the Invincea pro, as it can readily create this virtual environment. If we had the software already installed on our systems the malware would have found it impossible to penetrate any of our systems. Even as we pride ourselves as being savvy users, one of our systems was still infected which goes to show that there is a real danger out there in the tech world where a lot of people do not have the expertise or even the knowledge of the existence of these malware.
We at iTM Systems have a long history of computer knowledge dating back 20 years, at a time when Windows did not exist and Microsoft OS was was just a shell called DOS. Some of our experts have navigated this computer world from DEC Alpha, to Apple Mac OS and Unix System 5 and then windows 3.1 to all the variations of windows that have come afterwards and still keep on coming. It is our view that Windows 7 is a good OS, but it gets infected easily like the rest of Windows operating systems, because Microsoft opted on democratic usage of operating systems, i.e. by allowing people create products that will work on windows seamlessly. On the other hand, Apple took a completely different vision which was to lock out the OS and only allow approved applications to run on their systems. Even though we are be fans of both the windows and Apple mac OS, we very much prefer to use Linux nowadays because it is by far safer and more secure with less malware being found in it than on Apple and Windows operated machines.
We have learnt our lessons and although we sorted it out rather timely it still took us a far bit of valuable time which could have being put to other more productive use. This is an eye opener and also an advice to everyone, you must use the right solutions that protect your systems especially when they operate on Windows and Apple. If you are concerned with Malware attacks, call us to demo our solution that will protect you from malware and other Security Threats.