That Hideous Malware

“The universe is so very complicated," said Dr Dimble.

“(Security software) is in fact no protection. Those who seek it in that hope (they are not a negligible class) will be disappointed. "  -quotation and (mis)quotation from "That Hideous Strength" by C.S. Lewis


Everyone knows that malware is a bad thing, but how many of you know just how bad the threat really is? In 2007 there were about 250,000 strains of malware virus with not much in the way of specific targeting. Your anti-viral had a reasonable chance of handling any malware that came your way. By 2012, just last year, the threat landscape had become polymorphic,malware, trojans, viruses oh my self-modifying program code designed to defeat anti-virus programs, with over 250 million strains of malware constantly mutating in nanoseconds! This is a 1000 fold growth in just 5 years, or a 4 fold multiplication per year. Anti-viral programs could catch only 49% of these malware strains and 70% of them were specific targeted strains attacking enterprises, small businesses, end-users, Governments and the web.

     Malware is the new crimeware and ransomware. Criminals around the world are using these specific targeted strains of malware to create data breaches, (the intentional or unintentional release of secure data into an untrusted environment), end-user disruption, (anything that disrupts you, the end-user, from working at your computer because it is not functioning correctly due to viral attack), distributable denial of services, (an attempt to make a machine or network resource unavailable to its intended users), theft of bank account information, business disruption, (anything that causes a slow down or halt of business activity because the computer system is down or slow due to virus attack), ID theft, scams, cyber sabotage, politically motivated hacking with the design and purpose to knock out a Governments computer resources, cyber espionage, hacktivism, (the use of computers and computer systems to promote political ends), and forcing an ever growing amount of money paid out to remove and repair as well as increasing misery on the part of end users and customers. Your current anti-viral is probably not going to stop a truly persistent malware strain.

     If you get the idea that the inmates are running the asylum, you are very close to the truth, but the security industry has not been idle for the last six  years or so, and they are constantly improving their products. The new generation of Symantec EndPoint products, such as EndPoint v.12.3, have created a five layer protection that can detect “program execution behavior”. These next-gen AV programs constantly scan incoming data sources for specific behaviors that indicate a probable malware attack. They establish a reputation file for incoming programs. Programs containing or piggybacking malware will, understandably, have very low reputation scores and will be blocked. They are also unobtrusive and work reasonably well with general computer utility cleaners such as Advanced SystemCare. They do NOT work well with programs specific to anti-malware removal such as Iobit Malware Remover. You can have one or the other, a complete package or just a malware remover, but you can’t have both, they do NOT work well together.

     Symantec EndPoint v.12.1 through v.12.3 have 5 layers of protection for your computer. The first is a Firewall and Intrusion Prevention layer that blocks malware before it can spread to your computer and control traffic. Layer two is AV that scans and eradicates malware that arrives on the system. Layer three is called Insight. Insight is unique to Symantec and is a reputation screener. It determines the safety of files and websites using “the wisdom of the community”, a fancy term meaning if it has been determined to be safe for most computers, it is probably safe for yours. Vice versa, if it has been determined to be disastrous for most computers, it is probably disastrous for yours. Each incoming individual data stream is given a “reputation value”. Data streams with poor “reputation” are blocked, or you are given the choice to block or not block depending on how badly you “really” need that particular data stream. Layer 4 is called Sonar. Sonar monitors and blocks programs that exhibit suspicious behavior, such as malware. Layer five is Symantec’s Power Eraser. Power Eraser is an aggressive remediation program for hard to remove infections. The last resort as always, is to completely wipe the data store, and reload from backups.

     The days of the old AV programs with their scan and quarantine are over. I have had personal experience with AV programs that could not tell me my computer was infected, even though their definitions were completely up to date. Whether you are a business or home end-user you must invest in a better multilayer EndPoint program and a good backup program or you can kiss your computer goodbye, some of these malware viruses are NOT repairable. Remember, we're all pulling for you because we're all in this together, EXCEPT THE HACKERS!

     You can purchase Symantec EndPoint Protection, Advanced SystemCare,  Iobit Malware Remover and our award winning backup program, Brella, directly from us by calling the number in the upper right hand corner, or click here to email us. 



Related posts

Protecting Azure resources with Recovery Services vault

Like many businesses, as their organization began rapidly migrating and deploying solutions to...
Continue reading

Microsoft increases productivity and protects assets with OneDrive for Business

Losing data because a device goes down is not an option. Cloud solutions like OneDrive for business...
Continue reading

Office 365 keeps your business compliant - around the clock

While implemented with the best of intentions, remaining compliant with data security requirements...
Continue reading