Our General Cyber Security Philosophy

Today I had an employee of a customer as me to “unblock” a website so they could purchase some snowboard equipment.  I found myself saying, “you know . . . personal computing really ought not be done on a business computer.”  In a nutshell, this is our “general cyber security philosophy”.  If you are an employee, who gets blocked from personal websites, you might simply ask, “what’s wrong with going to MSN or CNN on my own time?”  As we discussed earlier this month in our blogs about Malvertisement, there are more and more people clicking on the wrong links even on trustworthy websites.  Additionally, many people don’t know but Yahoo.com had their homepage hacked a little over a year ago in which people just going to yahoo.com were potentially infected with Malware.

It makes sense that blocking non-business related websites is a simple way to help reduce the potential of having a security incident.  For those who employee family or friends and have a lot of pressure to please, we recommend having an isolated wireless hot-spot that is not part of the office network in which employees or customers can access the internet on their handheld devices or by using an employee shared laptop just for personal surfing on their breaks.

To summarize, those of our customers who have a computer designated solely for business purposes have little to no issues on their computers.  Those who try to mix business with pleasure on their computer see our shop often.

We hope you learn from our posts.

Learn more about our products and services by visiting our website http://www.mcsmetro.com

Daniel Multop

IT/IS Specialist & Owner of Multiple Computer Solutions, Inc

To Download or Not to Download?

After last week’s post you may find yourself wondering, “How can I tell whether or not the program I am about to download is legitimate and not a malvertisement?” One of the best ways to avoid falling victim to malvertising is to pay close attention to the source of the download.

A google search of many programs (i.e. iTunes, Google Chrome, OpenOffice) will return many pages where a program is available but may be riddled with malware hitchhikers. This is the part where caution is key. The easiest indicator to spot is a little yellow box that says “Ad” under the title of the search result. This will typically appear on the first three results of a search of a commonly downloaded program and, more often than not, will be a site to avoid. The green text under the title of each search result is the website where the download will come from. If the site looks anything like: “www.openoffice.download-spree.com”, “download-iTunes.downloadxy.net”, or “www.programdownload.com/Google-Chrome”, it’s best to steer clear.

The safest way to download a program is to get it directly from the source, for example: http://www.apple.com for iTunes, http://www.google.com/chrome for Google Chrome, and http://www.openoffice.org for OpenOffice. Finding a legitimate source for your program download will ensure you get the program you want and (almost more importantly) none of the ones you don’t.


Learn more about our products and services by visiting our websitehttp://www.mcsmetro.com

Nick Chambers

IT Assistant at Multiple Computer Solutions, Inc.

The Rise of Malvertising!

5 years ago customers who would come to me to fix their virus infection would ask, “where did this come from or how did I get it?” and my response was easy and straight forward.  I’d say “you either opened a virus in an email, downloaded a free program that contained malware or from visiting unethical websites.  Today we say, “just about anywhere”.  Unfortunately for them, I am not being sarcastic.

This leads me to introduce Malvertising.  Six or so years ago, malware makers decided to use the legal system to help their crooked venture.  They started wrapping their malware in legitimate programs they would offer on the Internet for free or very little cost.  These legitimate programs are called “freeware”.  Not all “freeware” has malware but most do.

This is where customers ask, “why doesn’t my anti-virus product block it?”.  This is where the legal loophole is.  To make it so anti-virus software cannot label it as a virus or malware, they gave you the freeware which while being installed disclosed they were going to install another product.  If you “Agree” to the terms, you just legally said you wanted this product even if you didn’t realize they were installing it.  This is why it has become extremely important to read these terms of agreements on any program you install.

This leads us to Malvertising.  Another crafty yet deceitful way to pay for advertising on really well-known websites such as “New York Times” and even Yahoo.  These criminals create a shell company, buy advertising on websites and then lure you to click on the advertisement which brings you to a malicious website or get’s you to download freeware/malware.  So to answer my customers question, “yes, you can get malware just by going to Yahoo.com!”.

I hope this helps explain why we make it our standard principle to block all non-business domains on business networks.  The era of giving employees free rein to surf the internet on their workstation during their lunch break should have ended.  The new era should be to provide a “dirty Internet” connection that they can use with their tablet, laptop or smart phone to surf as they wish.

Learn more about our products and services by visiting our websitehttp://www.mcsmetro.com

Daniel Multop

IT/IS Specialist & Owner of Multiple Computer Solutions, Inc.

Kaspersky – An Anti-Virus Product or Potential Backdoor

I’d like to start off saying this is all opinion based on reason and probability.  We have enjoyed using Kaspersky for the past 5+ years and think the product in-of-itself is a great security product.

The facts are, Eugene Kaspersky (the founder and owner of Kaspersky), has a great relationship with the current Russian government.  “wired.com” wrote a very thorough article about Kaspersky back in July of 2012 which you can find here http://www.wired.com/2012/07/ff_kaspersky/all/

Due to the rise of cyber terrorism and the recent illegal/questionable actions of the Russian government, we have decided that it was in the best interest of security to no longer use kaspersky products.  If the Russian government either covertly or openly took over this largest anti-virus software company in the world, it wouldn’t take them long to utilize Kaspersky’s built in auto-updater to update itself with a malicious code that could do damage to your computer or use it for illegal or unethical use.

I understand that just about any anti-virus company could be in a similar predicament but if it was a US owned and operated company, at least we wouldn’t be assisting a potential enemy.

What are your thoughts?



Learn more about our products and services by visiting our websitehttp://www.mcsmetro.com

Daniel Multop

IT/IS Specialist & Owner of Multiple Computer Solutions, Inc.