Friday, August 26, 2011

The evolution of online security



In my last blog entry, we had a few brief graveside words about our recently departed old friend, Antivirus Software.

For 12+ years now, our company, Turn Key Solutions, LLC has been selling it to every customer that would listen to us.  99%+ of them did listen, by the way.

In the last 3 years, though, I have had way too many conversations with clients that went roughly like this:

Me: "We need to format your hard drive and either restore from backup, or reload the OS from a clean start.   It's completely bogged down with malware."


Customer: "AAAGGHH!!! <insert the occasional !@#$!%%!!!!> "


Me: "I'm sorry, what was that?  I couldn't hear you because of all the spit coming through my phone."


Customer: "I paid you good money for <insert brand of Antivirus Software> and now you tell me I have a virus!   My <insert position> is going to be down for a whole day!   Do you know what <he/she> costs me???!!!"


Me: "No sir, not exactly.   But it's not a virus that wiped out the computer, it's malware."


Customer: "Don't get smart with me, Henry.  It's the same thing.  This software you sold me didn't work, and I don't want to pay for this!"


Me: "Er, actually, it's not the same thing.   Your employee intentionally installed the <insert name of malware program, usually it's something like "Antivirus 2010">.   Had it really been a virus, your Antivirus software would have stopped it."


Customer: "AAAGGHH!!! <insert the occasional !@#$!%%!!!!> "   


Moral of the story: most of the downtime caused by junk on computers these days seems to be coming from malware.   And my company and our customers are both stuck dealing with the problem.

    A quick recap - here's the basic difference between malware and computer viruses:

    What is a computer virus?   A program that spreads by itself much like a human virus, causes computer harm, compromises security, almost always an intentionally malevolent creation.

    What is Malware?   Software that often sounds like a good software package to the user (ie, free antivirus software), and often does most if not all of what it said it would do.   Harmful results range from loss of productivity to slower computer performance, to forced purchase of software.

    So the obvious solution is this, right?....  SELL ONE STINKING SOFTWARE PACKAGE THAT WILL BLOCK EVERYTHING!

    Okay, phew!   Problem solved?    We can go home now?    NOPE.   Not even close.

    "WHY?" you ask... 

    Simple reason?  Most computers come to a complete crawl when running 3rd party software that provides all the services you need (antivirus, antimalware, phishing protection, inbound and outbound email scanning, firewall, content filter, and, last but not least, logging).   Yes, even your bad-to-the-bone, brand new PC will run noticeably slower when you ask it to do all these functions at a software level.  

    Another very significant problem with the "single package blocking everything" route is that it is inherently insecure.   Users forget to renew the licenses, viruses kill the software, or the software just plain old breaks and leaves you vulnerable.  

    Good Grief.   So what are we supposed to do?

    SIMPLE (sort of) SOLUTION:   LAYERED SECURITY.

    What?

    What's that?

    A basic overview of some pieces of a layered security plan.
    Okay, here's a quick layout I just drew that shows some of the basic pieces of the puzzle that make up a good layered security setup:

    Piece 1: "THE CLOUD":  There are tons of good service providers that you can use as a filter for your network.  These services get rid of bad stuff before it ever gets to ANY of your equipment.

    Piece 2: A current Firewall / Router appliance.   If you bought your office's firewall at Walmart or Office Depot, chances are it isn't cutting it.   Here's a link where Watchguard describes what current, good firewalls can do.

    Piece 3: A firewall package on your PC.   From Windows XP sp3 & up, there's been a decent attempt from Microsoft to integrate this.   IMHO, it's not bad.

    Piece 4: A good antivirus package.   Hint: Use the same one on all your computers, and have them all renew at the same.

    Piece 5: Your PC:  Yep, it's critical to keep it patched, and control what programs get installed on your computers, and how people use your computers.  

    If you're the kind of organization that handles medical data or financial data, you'll need to step up how you secure your computer itself even more. Ie, encrypted hard drives, physical security, etc.

    Piece 6: YOUR USERS.   This is probably the most important piece.   If your users don't want to keep your data secure, or don't know how to, in our experience, the end result is that you're not going to be secure.




    SO..............

    There you have it.

    That's the beginnings of a game plan to truly do best efforts at keep you secure & safe.

    Yep, you read in between the lines correctly.  EVEN THE BEST LAYERED SECURITY ISN'T GOING TO PERFECTLY PROTECT YOU FOREVER.

    So how do you keep a computer perfectly safe & secure?

    Turn it off.

    For those of us that need to use our computers, though, I can tell you the basic stats:

    Since 1999, our customers that have employed all of the steps I've lined out above just don't get hammered by problems.   It's weird.   Almost spooky.   Their stuff just works.

    And customers with virus & malware problems that adopt a layered security infrastructure?   Strangely enough, the problems just go away.

    It's simple, it's not expensive, and it works.   And it will be worth it, I guarantee.

    -Henry




    Henry D. Overton



    President & Co-founder
    Turn Key Solutions, LLC


    We make technology work for you!









    Friday, August 12, 2011

    Antivirus software is dead

    
    
    Antivirus software is dead.

    Oh, the good old days w/ Norton.
    And it had such a sweet, short life.  For a decade or more, there was no argument that a your basic AV software package like Norton Antivirus or Mcafee Antivirus was all you needed to fight off a relatively small (under 250,000) group of viruses.


    What we have now, though, is an unimaginable, unbelievably huge mess. The number of known, documented "regular" computer viruses topped one million in 2008. Now, a short 3 years later, most simple antivirus products are aware of over thirteen million virus signatures.

    Here's a very depressing quote from Trend Micro's 2009 "Threat Roundup" Executive summary:
    ...security vendors collected 1,738 unique threat samples in 1988.   [...]Ten years later, the number of unique malware samples had risen to 177,615. [Now,] on average, over 2,000 new, unique malware threats hit the Internet every hour. It now takes less than a week to produce the entire malware output of 2005.

    (Yes, it's a few years old, but it's a good read, if this subject matter is interesting to you. Read the full report here. )

    Okay, so did you catch that?   Let's put it this way:
    1988 - 1,738 threats
    1998 - 177,615 threats
    2008 - 1,000,000 + threats

    An exponential growth in viruses isn't the biggest problem, though.   The bigger problem is that there are so many other electronic threats online.  There are countless resources online dedicated to just trying to help you understand all the other things trying to harm you and your computer. (Here's a good glossary of threat terms from Trend Micro - http://us.trendmicro.com/us/trendwatch/awareness-and-prevention/threat-glossary/)  

    Here's a quick summary of what we at Turn Key Solutions run across day in, day out, and what our customers are struggling against:

    1. Viruses.   The occasional computer still gets viruses, even with antivirus software.
    2. Malware.    Basically, this is software that makes your computer perform less than it could, or in ways you'd rather not.  (Anyone remember Incredimail???)
    3. Phishing.   You wouldn't believe how many people STILL go for the emails that state they need to "click here to reset your Capital One password."   Here's a good wikipedia article on what phishing is. 
    4. Time wasters.    This is a HUGE category, from social media sites, to personal email, to just checking on the news.
    5. Predators & actual people wanting to hurt you, your family, and your business.  
         A. Your kids aren't the only ones that are threatened, but let's start there - Focus on the Family's safety resources is a good place to read more.
         B. Your businesses' data is valuable to someone.  It's not just the likes of Sony, TJMaxx and other fortune 500's that are threatened by hackers.    Your SMALL BUSINESS is at risk, too.    There have been several businesses here in my home town of Baton Rouge, LA that have had to stop taking credit cards lately because they either failed to secure their networks and were hacked, or were cut off preemptively. 


    SO, if you've got antivirus software on your computers, congratulations. If it was updated yesterday or today, it may not be completely worthless against the bigger threats.


    So what in the world do you do?   What's a small business owner supposed to do to protect their interests, stay PCI compliant, and not have ridiculous I.T. expenses?

    Coming up next, we'll outline a series of relatively inexpensive, simple things that small and big business alike can do to fight these threats.   


    Come back & read more about what you can do.  (Here's a sneek peek: For starters, any one vendor that tells you they have the whole solution solved IS LYING.)



    Henry D. Overton



    President & Co-founder
    Turn Key Solutions, LLC


    We make technology work for you!

    Friday, August 5, 2011

    What is the Meaning of Meaningful Use?







    It's hard to remember a more elusively defined subject than that of "Meaningful Use"


    Well, maybe the word "IS" was a bit tougher...
    http://www.youtube.com/watch?v=j4XT-l-_3y0

    If you're struggling with "Meaningul Use," here's a great slide deck from the American College of Radiology that should help as a primer:

    http://www.acr.org/SecondaryMainMenuCategories/GR_Econ/FeaturedCategories/federal/hhs/Stage-1-Meaningful-Use-Overview-Deck--March-2011.aspx



    The long & short of it is that MOST (but maybe not all...) healthcare providers are going to have to be very careful about who they partner with in deploying their core information systems.

    Need more information?  Call us anytime.




    Henry Overton

    President & Cofounder



    We make technology work for you!

    Can Office 365 save the world?

    I can just hear Steve Ballmer (big dog @ Microsoft) singing it now:

    "Give me one more chance
    And you'll be satisfied
    Give me two more chances
    You won't be denied"  

    (lyrics to U2's "Even Better Than The Real Thing")

    Ever since Apple has become so unbelievably successful (again), Microsoft's advertising has taken that distinct tone - Please give Microsoft one more chance.

    So is it worth it?   Is Office 365 going to be what it takes to keep Microsoft relevant against Apple, Google, and the rest of the hordes of pretty good products out there?

    Well......  as your friendly consultant, I have to defer to a very old, very safe position:  It depends on what you want to do.   

    So, What is Office 365? Office 365 is, at it's heart, just a hosted version of many of Microsoft's most popular products.   (Office, Exchange, Sharepoint & Lync).

    So what's the uproar?  What is the OVERT BENEFIT of Office 365 for your business?   SIMPLICITY.

    I'll keep you posted as we use it more here at TKS, but at this point, I'd have to say here are my favorite perks:

    1. Office 2010 deployment & licensing nightmares are significantly reduced.   You log in to your portal, click on the right link, and as long as your computer is compatible, it downloads & installs your fully licensed version of Office.   No keeping up with the license card, no hassling with where you put the DVD's, etc, etc.

    2. Sharepoint 2010 is pretty slick.   Integration with Office 2010 is almost seamless, so this means that sharepoint can become your central intraweb, your central file store, and your team's calendar, all in the space of a few hours.   More to come about Sharepoint 2010 in this blog later, I think.

    3. Hosted Exchange.   Someone else has to manage your exchange server?   Okay, sign me up.   After doing this for close to 15 years now, here's my take on Microsoft Exchange:  It's still the best email server platform out there for teams, workgroups, and small businesses, but it costs a lot to keep it secure, backed up, and stable.   And GOD FORBID that your own, in-house Exchange server crashes.   That can often translate to a TON of work, which, for a small business, means A TON OF CASH going out the window.   So if you don't use software systems that require that you have an in-house Exchange server, then as of right now, this is really worth looking at.

    4. Improved security.   Let's be honest here - Microsoft spends more on the firewalls keeping this platform secure than most of us spend on our entire I.T. environment.   Here is a cool video tour of some of their datacenters: http://blog.insidelync.com/2011/07/microsoft-shares-video-tour-of-its-cloud-datacenters/

    So is it worth it?    Should your business transition to Office 365?   Give me a call anytime to talk it over, but it's probably worth a look.



    Henry Overton

    President & Cofounder


    We make technology work for you!