Blog

The changing face of antivirus

Perhaps the turning point for antivirus was in 2014, when a Symantec executive declared that antivirus was dead. The statement was in reference to the traditional antivirus approach of comparing software against a database of known viruses.

The “traditional” approach misses new viruses that have not yet made it into the database, and is ineffective against exploits that directly attack computer memory without deploying malicious software onto the compromised computer.

The challenges with “traditional” antivirus were well known in 2014 and various companies had developed solutions. Companies like Hitman Pro with protection against in-memory exploits (acquired by Sophos in 2015), SentenielOne with the ability to rollback encrypted files from crypto viruses, and Malwarebytes with virus cleanup tools.

Now, four years since the “antivirus is dead” statement, we have significant improvements in the capabilities of “modern” antivirus solutions.

If you are planning a Windows migration project it may be the perfect time revisit your antivirus technology.

In this post I’ll highlight the key advancements to consider. Read more

Windows 10 S, interesting, but not for business

Last month, Microsoft released Windows 10 S, a skew of Windows 10 that is “inspired by students and teachers and it’s the best Windows ever for schools”.

Microsoft claims Windows 10 S is “also a great choice for any Windows customer looking for consistent performance and advanced security“.

Despite the claims, Windows 10 S is unlikely to be a great choice for business, even though no one will disagree with the benefits of consistent performance and advanced security. Read more

As the dust settles on WannaCry

Get ahead of the next WannaCry

One week after the WannaCry crypto virus made headlines, it is perhaps worth remembering that the crypto virus used NSA developed exploits that were leaked by a group called TheShadowBrokers. It appears other parties have then used the leak to power the WannaCry attack. But the intelligence can go both ways. Take the time to have a quick look at the summary of the leaked exploits as there are many more systems other than Windows that are vulnerable, including; Avaya Communications Manager, Lotus Domino, MDaemon email server, Samba, and Exchange Web Access. If you have a vulnerable system get ahead of the game and patch your systems, or put in a protective layer of protection.

Slow computers?

The same exploit used by WannaCry also used to infect computers with bitcoin mining software. Indicators of compromise include slow performance and lost file and printing (yep, SMB again!).

SMB can’t catch a break

WannaCry has highlighted the vulnerabilities in legacy SMB protocols. Aside from patching, a strategy is to remove legacy SMB protocols from your environment and tackle the challenges of legacy applications. So SMBv3 should be safe? Well, unfortunately, attacks that rely on any SMB version exist. Protection methods include using signed SMB and restricting SMB to trusted networks.

Hacking the hackers

XP machines infected with WannaCry can be hacked to get the recovery key, if you didn’t reboot. The hack exploits a vulnerability with Windows XP encryption process.

 

Remotely stealing Windows credentials with help from Google Chrome

A security researcher has demonstrated how to remotely steal a user’s Windows credentials through Google Chrome. I expect this will be seen in real world hacks soon, so take some simple preventative measures now. Read more

Future Lawyers Summit: cloud versus on-premise computing

During the week past the Future Lawyers Summit was held in London. It was a good conference and had a multidisciplinary mix of lawyers, marketers and a few technology folk. I provided a short presentation about using cloud versus on-premise computing. The day was streamed over the Internet and you can view my presentation from the recording below (total time is about 15 minutes).

 

A self assessment IT security checklist

The following check list incorporates guidance from the ICO and GCHQ on data protection, IT security, and cyber security.

In addition, we have included our own experience.

The checklist provides a very easy way to get a view on your level of IT security in place.

Ask the appropriate person, or people, to go through the list, and tick each item that is covered.

Then you can take a measured decision on the action to take on the items that are not covered. Read more

Three potential weaknesses in encryption

Encryption is often identified as a significant way to protect data.

Encryption takes your data, and then using an algorithm, scrambles the data to make it unreadable.

Without something called an encryption key it is effectively impossible to decipher encrypted data.

As an analogy, encrypting data is as simple as closing a padlock – however, unencrypting data is very hard, just like attempting to open a padlock without a key is very hard. If you have the encryption key, then unencrypting data is easy, just as opening a padlock with a key is easy.

With that said, there are three potential weaknesses in encryption that you should validate in your IT environment. Read more

SRA requirement to inspect cloud computing provider data centres

This is a quick post summarising the publicly stated position from the Solicitors Regulation Authority of England and Wales on their need to inspect cloud providers data centres used by regulated members. I’ve discussed this many enough times with clients that I think it is worth writing down. Read more

How mature is your law firm’s cyber security?

There are many security standards when it comes to cyber security. Unfortunately the standards can be overwhelming to understand. This means many law firms can not easily assess their level of cyber security maturity. For this reason, we created the below chart. We think it provides a simple method for any law firm to quickly determine their cyber security readiness. Read more

Why your IT projects cost more and take longer

There’s an interesting article posted by the Society of Computers and Law about the challenge of getting realistic IT project estimates on cost and time. The author, Michael Bywell, a Partner at Arnold & Porter Kaye Scholer, asks two questions;

  1. How do we explain the tendency of planners to routinely underestimate costs and over-estimate benefits?
  2. Why do projects get the go-ahead when it is (or at least should be) obvious that they are bound to overrun?

Read more

Page 1 of 512345