Ransomware, better responsibilities for computer safety required

In many years we did hear that users have to take their responsibilities and protect their PC, some recommendations are:

  1. Update the OS, SW,..
  2. Install antivirus, antimalware, …
  3. Avoid using same password in different places
  4. Choose password in a clever manner
  5. User are lazy, change password regularly
    (well, recently the recommendation is do not change password too often)
  6. Do not open files until you are sure about it is not suspicious
  7. Do not click on links you are not sure about
  8. Do not use public WiFi
  9. List of the recommendations goes on and on …

Ransomware has been a real pain since couple of years which caused a lot of damage and pain for the end users, companies, organizations. The following schematics shows possible scenarios that a pc and file system gets infected by Ransomware

  1. User gets an email with malicious and hidden link, when user opens the email and clicks on the link, a program downloaded to the PC and infects the PC with a virus.

RansomWare1

2-     User receives an email with a file (usually a zip or another executable, or photo file and when the user opens the file, either the malicious code infects the PC with a virus directly or fetches codes from another site and finally infects the PC.

RansomWare2

in my opinion some more attention must be paid from “the other side”. The OS-provider, anti- virus/malware, ISP:s, SW companies etc. Why?

Here are some obvious reasons that the involved “providers” should take more responsibilities

  1. ISP
    Everything goes through your ISP, Internet service provider. Serious ISP:s do have a lot of tools to detect suspicious network traffic. They monitor the network and automatically receive alarms about data packets with sender or receivers (the IP address) which are blacklisted or with suspicious reputations. This means that ISP:s have possibility to inform about possible virus
  2. The network (internal network for companies, organizations, etc) Most companies are using data communication equipment’s with lots of good utilities it is up to the decision makers to require good network security even on installed basis. Monitoring suspicious external activities is among the first steps to protect the investments, information, customers.
  3. Emails goes to your email server (provided by ISP, WEB hotels or other email provider like Microsoft Outlook, Google Gmail, Yahoo, Etc..). Usually emails scans to detect and discard malicious codes, unwanted email etc. They are also preventing receiving emails from the “black listed” IP addresses and even users. In another word the Email providers does have a huge possibility to prevent and inform about the possible malicious code/virus
  4. User has a big responsibility to prevent his/her PC getting infected and they hear almost every day that they are the weakest link so we do not need to go more in depth.
  5. The PC
    1. Operating system in my opinion it should be a built in prevention against malicious code like Ransomware.  What Ransomware usually does is to locate and systematically encrypt files like document, calculations, drawing, presentations etc. The encryption codes needs high use of the CPU power and must perform a lot of file access, in other word it is not hard to detect and provide a build in prevention in the operating system. This means that OS-providers must take a better responsibilities for their product.
    2. File Servers In some cases the malicious code also encrypted files on common file servers, this also means the company should always work on and detect “worst case” scenarios and handle common network disk area more carefully. Fast Backup and restore system could be complementary but preventive actions are crucial.
    3. Anti-virus and malware SW

If user has installed the anti- virus/malware then the SW should detect and prevent encryption of your hard drive/network files. If it doesn’t then you may need a better SW, change your SW.

Comments are most welcome!

 

 

Your face, your “future” access method, you should consider to be more careful

Your face, your “future” access method, you should consider to be more careful

Authentication is more important than ever in our modern society. It makes it possible for one to pay the bill, taking out money from your bank account by using ATM, start your computer and access to your data, Etc. In decades eyes and iris where the key access as “more secure” authorization while fingerprint has been around since 1870 both as proof of ID (authentication) and in some cases providing proof against criminal acts. Fingerprint as authorization method for access to personal computer have been used during the past 8-10 years and since 2013 in “every man’s hand” when Apple introduced it’s TouchID in it’s new iPhone 5S.

Apple TouchID

Apple TouchID

Figure 1, Apple Touch ID how it works, http://www.imore.com/how-touch-id-works

Your fingerprint, Iris, face is your key access to computer, Credit card systems, clouds,….

Microsoft using facial recognition as one of the authentication method in coming Windows 10. Google started discussion about “blink to pay” in 2013. Now it seems that many companies working together with MasterCard to use the facial recognition as a more “secure method” for authentication.

Some reflection about the facial recognition method

What happens to the authorization when

  1. Unshaved
  2. Change color of hair
  3. Hang over (day after wild party)
  4. Using phone when it is hot or cold
  5. Becoming fat or smaller
  6. Tanned
  7. Nose surgery
  8. Longer eyelashes
  9. Allergic reaction to some strong medicine, bee, dust, Etc.

And the most important question is the possibility to change your face, compare to change of password/PIN code.