CryptoLocker

There are people who design software specifically to; hijack and then ransom your computer documents; steal banking information; remotely control your webcam; flood your inbox with unwanted emails; store undesirable images on your computer, redirect your internet searches; and generally any malicious activity that can be imagined.

There is a $19 billion dollar industry developing software to help protect your computer against malicious software, but choosing a solution, and knowing that you have sufficient protection can be challenging.

This is the first in a three part series on selecting end point protection software, which includes anti-virus and other related protection that we will outline. This post will provide background on the type of threats and the protection options. Part 2 will provide a brief outline of the leading solution providers. Part 3 will provide our own solution evaluation and recommendation.

Our guidance is given in the context of small businesses with up to 10 users, and in the context of our other IT recommendations, these include using Microsoft Windows and Microsoft Office 365. For a current overview of our recommendations please follow this link.

Type of threats

Before we outline the protection options let’s cover a few of the end point threats that you may have heard in the news. For a full list of IT protection considerations, beyond anti-virus, please read my post on Small business IT security considerations.

Type What do they do? How do they spread? Examples
Malware Malicious software, or Malware, includes Viruses, Trojans, Worms, Key Loggers, and Ransomware and Spyware. Each are described in more detail below. See the table entries for Viruses, Trojans, Worms, Key Loggers, and Ransomware. 80% of malware infections are caused by Trojans, followed by Viruses and Worms. See the table entries for Viruses, Trojans, Worms, Key Loggers, and Ransomware.
Virus A Virus is a type of Malware that replicates itself, or infects, a computer program or file. A Virus spreads when an infected computer program or file is shared by users to new computers. The Melissa virus, which appeared in 1999, was a Microsoft Word document, that when opened emailed itself to the first 50 people in the address book of Microsoft Outlook. The reported impact was $80 million.
Worms A Worm is a type of Malware that replicates itself onto other computers. Worms, as opposed to Viruses, can spread without human interaction, and do not directly modify computer programs or files. For this reason, Worms, can provide a rapid method for spreading a secondary malware payload. A Worm takes advantage of computer vulnerabilities, for example in the operating system, to automatically replicate itself, resulting in very fast spread in infections. The Blaster worm, which appeared in 2003, spread automatically between computers causing them to continually reboot, reducing their performance and clogging up network bandwidth. The worm took advantage of vulnerabilities in Windows XP.
Key logger (Spyware example) A Key Logger is a type of Malware that covertly logs your key strokes, and then send these to a remote computer. A common motivation of key logging programs is to gather password or banking information. A Key Logger is often spread by using a Trojan (see definition above). Hardware key loggers also exist, that cannot be detected by anti-malware. A harmless looking help file, installs a key logger, without user consent. This is also an example of Spyware.
Ransomware Ransomware is a type of Malware that denies access to your computer until you pay a ransom. Ransomware is typically distributed via a Trojan. See the Trojan example provided earlier for CryptoLocker.
Botnet A robot networks, or Botnet, is a collection of connected computers that complete tasks. Botnets are not necessarily bad, but when created illegally for malicious activities, then they are a problem. Botnets spread via Malware. The BredoLab Botnet, which appeared in 2009, took control over over 1 million computers, capable of sending billions of spam emails daily. Access to the Botnet was also leased to other malicious organisations.
Browser Hijacker A Browser Hijacker takes control of your web browser and re-directs your searches to destinations that you did not intend. Not all Browser Hijackers are malicious, some are just annoying. A browser hijacker is typically spread using a Trojan. The Babylon software, is a browser hijacker which, in 2011, was bundled into some software downloads at Download.com. Download.com had previous been known to be “bundled software” free, but changed the policy without most users of the service noticing.
Spam Spam is the unsolicited messages received by email, Instant Messages, SMS and fax, amongst others. Spam operators often illegally take over other computers to send spam (see the Botnet example provided earlier). Once these machines are identified as spam origins (and thus the spam is blocked) they then move to new machines. Nearly 70% of all email is Spam. Spam includes offers for adult content, chain letters, and fake notifications of lottery wins.
Phishing Phishing uses various methods to attempt extraction of private information by impersonating trusted sources. Phishing is typically spread through email, together with links to a website. Techniques used can also include telephone contact, which in isolation cannot be detected by anti-malware. A long list of Phishing examples targeting customers of banks, telecommunications companies and online banking is provided here.

Types of protection

The protection options identified in the following table can be loosely combined as End Point Protection (EPP) services.

Type What is it? How does it work?
Anti-malware (Anti-virus) Anti-malware is software that defends against malware. It is often referred to as Anti-virus, which is a category of Anti-malware, as the term “virus” is more widely recognised by the general public. Anti-malware software can be integrated into: firewalls (see below); PCs; smartphones; tablets; web browsers; and, may also be part of your Internet or email service. Anti-malware looks for matches against a database of known malware definitions. This assists identifying malware when opening files, receiving email, scanning your computer or visiting websites. In addition, anti-malware looks for suspicious behavior of programs on your machines. Both approaches depend on pre-defined rules, as such, anti-malware is continuously updated as new known malware is discovered. For this reason, malware, can often be the most dangerous when just released, before updates to anti-malware are released.
Anti-phishing Anti-phishing is software that defends against phishing attempts. Anti-phishing is often integrated into the same devices and services as anti-malware. Providers of anti-phishing software maintain databases of known websites and email addresses that engage in phishing. This allows phishing attempts to be blocked.
Anti-spam Anti-spam is software that defends against spam attempts. Anti-spam is most often found as part of email services or infrastructure, however it can also be integrated into firewalls. Providers of anti-spam use different methods to defend against spam, including checking the origin and content of emails.
Firewall A firewall is software that is installed on PCs, and on broadband routers or equivalent. Depending on their placement, firewalls can protect against unauthorised communication to computers within your organisation, or to other organisations. A firewall can block communications that are not expected. This helps reduce security threats. Depending on the capabilities of the firewall a decision may be based on where the communication is coming from, where the communication pointed at, the computer program that initiated the traffic, and the type of traffic (i.e. does the traffic contain malware, or is it music streaming related).

My next post will provide a brief outline of the leading solution providers, this will then be followed by my own solution evaluation and recommendation.