antivirus | Small Business Tech Tips

What this means to you

As a trusted IT adviser, one of our jobs is to constantly evaluate new technologies that come our way. After reviewing Webroot SecureAnywhere Antivirus endpoint protection software, we are confident it will be the best solution for many of our customers.

Webroot offers a revolutionary, cloud-based Antivirus technology that protects against advanced security threats in real-time. According to PCMagazine, “Webroot joins Bitdefender and Kaspersky as Editors’ Choice for commercial antivirus.”

What you need to know

Webroot provides full remote user/endpoint management via cloud-based management console. Because it is cloud-based, there is no on-site-management hardware or software to operate or maintain.

Webroot also provides real-time threat detection. It can proactively protect against new security threats as they’re detected – sort of like your own, personal bouncer standing right outside your computer. While it requires an Internet connection, its offline mode protects the user against potential infections from removable media (CD/DVD, USB, etc.). It does this by taking a snapshot of the current computer configuration and then watching for any changes made to the system while the user is offline – especially changes that are typical of malicious software behavior.

Webroot graphic 2

Webroot also offers automated monitoring, roll-back, and infection remediation for the highest efficiency. In the MRG Effitas 360 Full Spectrum test, which measured a software’s time to detect an infection, Webroot was noted as being one of three solutions able to remediate a computer either on or before the first user reboot. Scan times are also dramatically reduced by logging only newly-introduced software and scanning only that software.

Is this solution ideal for you?

After the initial full system scan, additional scans typically take only 26 seconds compared to the industry average of close to 10 minutes. (This is according to the PassMark Software Performance Benchmark Testing, which gave Webroot an overall score of 97 out of 104. The second place software was a distant 70.)

Historically, the installation of an antivirus came with limitations that the user had to accept in order to get some level of protection. An antivirus could not be deployed in tandem with another antivirus, as these caused conflicts. Typical antivirus software also required a server console in order to adequately manage all workstations within a business.

Webroot alleviates the need for a server console by allowing full management of clients through the web-based console. It can be installed alongside other software because of its ability to heuristically scan for infections both on and offline. This is an ideal solution for companies with employees in remote locations, who don’t have direct access to a console server, or who have no server at all. This also means that license renewal is no longer a tedious, manual process for those workstations. Everything is managed directly through the web console and our installed monitoring software.

What should you do next?

So you’re interested in Webroot? If you are a current Everon customer, please feel free to contact your account manager to discuss whether this solution fits your current environment and needs. Not an Everon customer? No problem. Everon offers a remote IT department equipped to fully manage your small business’ technology needs. Please call us at 888-244-1748, or email us at [email protected].

March 18, 2015 Jeff

True Story: Rescue From a Zero Day Virus

Standard

DoD photo by Shane Hollar, U.S. Navy. (Released)

A zero day virus is a brand, new virus that has just been released to the public, and for which there is not yet any information or antivirus protection. This is the story of how our team encountered and identified a new Cryptolocker variant, and then raced the clock to prevent its spread and data loss.

Last week a client called in stating that their server was filled with files with the extension .ECC. This was an extension that we had never seen before, so it immediately flagged us of a potential threat.

According to our research, .ECC files are associated with DVDisaster — an application created by a developer named Carsten Gnörlich. This didn’t really make any sense; we doubted our clients were using this new application. And even if they were, why would the application create .ECC files on their file server? We couldn’t figure it out.

Unless…!

Suddenly we realized we were dealing with a virus. We began scanning their file server with our antivirus and malware tools. But our tools came up empty. What gives?

Still playing on our virus-hunch, we decided to bring one of the .ECC files into our test environment. Carefully, we opened it up.

And there it was: a variant of Cryptolocker, in all of its terrible glory.

Our client’s network was infected.

We scoured the Internet but couldn’t find anyone, anywhere, who had seen this Cryptolocker variant. Not only were we dealing with a vicious form of ransomware, but, we realized, we were dealing with a zero day virus. There was no antivirus for it yet, because it was brand-new.

Our team has had extensive experience in dealing with Cryptolocker in the past, so we had a baseline for this virus’s potential behavior. Cryptolocker will first encrypt users’ own hard drive and then try to encrypt mapped network drives. We immediately began looking for a host machine.

A host machine is the machine that introduced the virus into the network.

Once you locate the culprit, you can choose to wipe Cryptolocker with your AV or Malware tools from the infected machine. In this case, for precaution, we decided to pack up the machine and wipe the hard drive completely. Cryptolocker has a nasty habit of encrypting files and hiding them on the hard drive. Being that this was a zero day infection, we were not sure if this variant left any malicious files on the server — or anywhere else.

In past versions of Cryptolocker, once you found and killed the host machine, you could delete the files. (They are pretty much useless without the encryption key, and the files themselves are not malicious.) But since we weren’t sure, we decided to use our Microsoft partner account to reach out to the WOLF team.

WOLF is the team at Microsoft that is dedicated to security, vulnerabilities, and virus/malware removal. They are essentially the software world’s version of Navy SEALS. They are fantastic. We called them up, and, like a true black ops team, they jumped in with their custom-built tool and scanned the server and the network, looking for any traces of the virus left behind.

The WOLF team was able to determine that the .ECC files were merely encrypted, and no further infection existed. They were also able to determine how the virus came into the network and what vulnerabilities caused this.

We patched machines to keep them secure, and we also recommended that users do the following:

Ensure your antivirus is up to date and properly scanning.
We recommend installing a complimentary malware scan in addition to the antivirus scan. (We recommended Malwarebytes Pro.)
Install AdBlock Plus for all Internet browsers. This helps block unwanted ads and can potentially protect them from anything trying to get through as well. For information on AdBlock Plus for Chrome, click here.

With good, current backups, patching of your Windows and 3rd party applications, and these steps above, I believe this can help any company stay safe out in the cloud without compromising any employee freedom to go where they choose.

For more information about Cryptolocker, or any security issues, feel free to call our engineers at Everon at 1-888-244-1748.

November 7, 2014 Jeff

Silk Road 2.0: The Latest in the Cybercrime Fight

Standard

Most consumers have probably never heard of the stuff I am going to discuss here, however, it’s very important for the security and health of the Internet. This week police forces made a great breakthrough against what is considered the “black market” of the Internet. Seventeen arrests were made in cooperation between US and European forces, in relation to the Silk Road 2.0. This is a secret cache of websites that runs off the Tor Network, a specialized network that is not searchable via common search engines. The websites that were shut down total around 400. Most of them dealt in illegal drugs and weapons.

The Tor Network, sometimes just called Tor, is a very dark place within our Internet world. It was originally set up by the US to assist people fighting against oppressive regimes, however, it is now overrun with illegal sites, including ones that do more than just selling illegal drugs and firearms. It includes sites for child exploitation, and it is a place where extremist groups (such as ISIS and Al-Qaida) operate, so it is constantly targeted for shutdown through all specialized cybercrime sources. To get to the Tor Network (which I am not going to explain here), you have to set up specialized proxies and VPNs to re-route your traffic and find these sites.

The Silk Road 2.0, a notoriously dark area within Tor, was set up in October after the original Silk Road was shut down and the owner arrested. (Not everyone agrees with the latest shutdown.) As a consumer, there is not much needed to protect yourself from the Silk Road. It is not a location that targets consumers. It is really a place for black market activities. You should be aware of where your family members go online. You should also be aware of similar things with your staff, if you own a business. There are many nefarious locations on the Internet that you need to be aware of so you can protect your family and/or your company.

First off, ensure that your antivirus is up to date on all machines in your home and office. If you have a special router, ensure its firmware is up to date and all passwords have been changed from their default settings. In addition, you can download tools to help review where your family or staff goes online. You can also put proxies in place to prevent people from stumbling onto bad websites.

Here are some great sites to protect your children from dangerous sites online:
http://www.onguardonline.gov/topics/protect-kids-online and
http://www.netsmartz.org/Parents.

If you need help setting up similar protections for your workplace — or if you even want to manage (or block) the time your employees spend on social media (or other adult sites) - feel free to call our experts at Everon. We are just a phone call away: 1-888-244-1748.

October 29, 2014 Dawn

Five Things You Should Do to Clean Your Computer This Weekend

Standard

Fall cleaning? Don’t forget your computer!

There’s no time like now to get in all that fall cleaning you want to do before the holiday season kicks in. So why leave your computer out of all the fun? I asked the techs at Everon what they would do to clean their own computers. Here are their top five responses:

1. Run a virus and/or malware scan. If you don’t want to spend the time running both, pick one and do the other later. You can get good virus removal programs, like Avast, AVG, Symantec, or Malwarebytes, a malware removal program, for free. Each of these scans could take several hours. A good idea is to start the scan before you go to bed and let it run all night, while you sleep.

2. Get rid of extra programs that you don’t need. A lot of times, when you download or install new software, you’re also saddled with extra programs you neither asked for nor need. Those can be a real memory-suck. Look for ones that redirect your browser. (Any extra toolbars on your Internet browser?) Now is a good time to uninstall these pieces of baggage. Also, bloatware – preinstalled software on a device – is another nuisance. Check out this blog, by James, for one way to get rid of it. This process should take around 30-45 minutes.

3. Blow the dust or lint out of your system, especially the fans. This can be done with one of those handy cans of compressed air, available at just about any store that sells office supplies, or with an air compressor. If you haven’t done it in a while there will be a lot of dust, so you may want to take your computer outside. Remove the outer casing and blow away. (Note: do not use your breath! The moisture from your mouth can damage the microprocessor. Plus, if you get too close to all that dust you will probably sneeze.) Pay particular attention to getting those dust bunnies out of the fans. If they stay clogged up, your computer can overheat.

4. Clean your keyboard. While you’re taking your computer outside to power-blow it, unplug and bring along your keyboard. Tilt it upside down, and blow it out, too. You will be both grossed out and amazed at what falls out of there. But all of that stuff can build up between the keys and make them stick or not work properly.

5. Clean your screen, mouse, and keyboard (again). As long as we’re doing a proper cleaning, let’s do it right. You can get out the isopropyl (rubbing) alcohol and cotton swabs, or you can just buy pre-moistened, disposable electronic wipes (my preference). Wipe down your computer screen and your mouse. Pay attention to the buildup on the mouse’s underside. Also, before you plug your keyboard back in, give the keys a good wipe down. These last three steps will take you 30 minutes or less.

There, all done. This entire process can take an hour or so (not including the scan that ran while you were asleep), but once done your computer will run more efficiently. You can add years on to the life of your machine with regular maintenance like this. Not to mention how good it feels to have a sparkly-clean desktop.

October 1, 2014 Curtis Kelley

What Does HIPAA Compliance Mean To You?

Standard

For the small business owner, compliances can sometimes be complicated and overwhelming to figure out. You may be asking if there is even any compliance your company needs to meet. If you work in the health care industry, chances are you must adhere to HIPAA — especially if you are transmitting or storing protected health information (PHI). PHI, in a nutshell, is any health information regarding individuals.

Here are a few examples (but not the full scope) of what your business should be able to answer yes to, to help ensure HIPAA compliance:

Do all your workstations and servers have up-to-date antivirus?
Are you using encryption when emailing PHI?
For phones/tablets accessing email, do you have a policy in place to enforce a screen lock password?
If you have a server, is it in a locked room or closet?
Has your company fully migrated off of Windows XP?

You are also required to have a Business Associate Agreement (BAA) in place with any partners who have access to this sensitive data. This would apply if you use a Managed Service Provider (MSP), such as Everon*, to help handle your IT support. In this case, you would want to contact your Account Manager to provide you with a copy of our BAA. HIPAA violations can result in up to $1.5 million in fines for those who are willfully negligent. It is not something to be taken lightly.

If you have any questions about meeting compliance, I highly recommend you consult with your compliance officer, company auditor, etc. There are many other items outside of what your IT provider would typically cover that need to be addressed, as well. Some examples would be employee training for privacy policies and procedures, what happens when an employee leaves, and having a business continuity plan in the event of an emergency.

Everon can assist you in implementing changes, or we can get you in touch with one of our partners who specializes in compliance consulting. We also have tools available to help ensure your computers remain updated and that you proactively get alerts for issues, including antivirus. Just give us a call (888-244-1748), or email us ([email protected]), if you would like more information.

hipaa_logo

* Everon is a HIPAA compliant Managed Service Provider.