Call
it a virus … call it spyware or malware … whatever you want to call it, it
seems like I’ve been getting calls for years about this major nuisance. The pop-up might tell you that your hard
drive is failing or your registry is corrupted or your computer is infected
with 43 viruses, and to the untrained eye it can be quite convincing, but these
days, warnings like these are more often than not a hoax, what Wikipedia calls rogue security
software.
So if it’s a hoax, Dovid, does that mean that I can just
ignore it?
Unfortunately, you cannot.
Worst case scenario, this hoax carries some damaging payload and is a
virus itself; best case, it’s a nuisance that’s just trying to steal your
credit card info. (I’ve actually had clients pay to activate the fake antivirus
software with hopes that this would remove it.) The important thing is to
recognize that responding to any requests from this malicious software will
only make things worse.
How do I know whether it’s real or a hoax?
Another line of defense is knowledge – which is why it’s a good idea to familiarize yourself with your antivirus
software before there’s a problem.
Learn how to check to make sure it’s active and up to date. Many people are sitting ducks for this kind
of scam precisely because they don’t know
what their antivirus software is supposed to look like. (The truth is, it’s easy to recognize t a hoax when it’s written
in Pidgin Englis;, but thanks to all of those outsourced call centers, it may
be that hackers’ English seems to be getting better all the time.)
How did I get it?
Since I’m generally a believer in holistic computing
practices, I’ll always start by telling you that your computer got infected
because it didn’t have a healthy immune system and was therefore vulnerable;
but to be more pragmatic, more often than not, there’s an infected website
involved. Either you were conned into clicking a link in a deceptive Email
message, or mistyped an Email address, or were on a site that you probably
shouldn’t have been on, or as mentioned in our
last blog posting, visited a perfectly reputable site that was hacked or
infected itself.
Unfortunately, it can happen even if you are “protected” by top name
antivirus software and even if you’re “careful.” I can certainly admit to being fooled before
and it can happen so quickly that you
don’t know what hit you. Other times it takes getting fooled into an act of
collusion by clicking through a number of steps, functionally voluntarily
installing this bad-ware on your own computer. (They may even be kind enough
tell you what they’re going to do to your computer in the fine print.) Even if
this happens just once, it can be an expensive learning experience.
Ok. Well, I got whacked, so now what?
Save your work if you need to and shut the computer down
right away; if necessary, hold the power button down for ten seconds to turn
the computer off or unplug it (on a desktop computer that’s the box or CPU, not
the monitor or screen). To state the obvious, viruses can’t cause damage if the computer isn’t on.
Sometimes what looks like a legitimate alert may only be a deceptive video clip
from a website pop-up. If you’re lucky, you caught the problem in its tracks
and the computer will be fine when you start back up.
But if there are any
signs that the virus is still there when you restart, call your competent local IT expert (shameless
plug #2). While sometimes these issues can be resolved with the right
utilities, more often than not, if it got by some barriers to get installed in
the first place, it might be require a more complex removal process. Of course, if you went so far as to give up
credit card information, after you finish kicking yourself, call your credit
card company.
What can I do to avoid these problems for my business?
There’s no question that prevention is the best medicine.
Feel free to share these strategies with your office team.
Educate your staff. Periodically remind them not to open an Email attachment or website link unless they know the sender and what it is that they’re opening. Computers used exclusively for appropriate business certainly tend to be less vulnerable. (That said, it’s not a fair assumption that a staff member was doing something wrong if the computer got infected. Unfortunately, when perfectly reputable business websites get infected they tend to share the problem with hundreds or thousands of users, not just a few dozen. )
Limit administrator access. Ask your IT expert to set the computers up so that the users do not have Administrator access. If the person who is on the computer when it gets infected doesn’t have permission to install software, most malware can’t get very far. So, even if that user’s account is infected, the rest of the computer will likely be ok.
Keep your systems up to date. Make sure that updates are allowed to run automatically make – and keep up with – a schedule for regular manual update checks.
Make sure that you have an antivirus product installed. And ensure that you know how to keep it up to date. Money saving tip: You can pass on the bloated feature-rich security products sold in stores. For networks with only a few computers, the free options like Microsoft Security Essentials are fine. For larger networks, you’ll want to go with a product like Trend-Micro that’s designed to be managed from a central console. You also might consider supplemental products like Malwarebytes, Spybot S&D and CCleaner to help keep the computer clean and garbage free.
Have a good firewall. This creates a level of prophylaxis between your computer and the Internet. Newer devices do a great job at screening websites and scanning network content before it gets to your computer. As referenced in our last blog posting, all the heroic policing efforts of Google and others to scan the Internet and keep it safe are great, but it’s not safe to assume that they’ll catch every site fast enough. For larger or growing sites, I definitely recommend Barracuda to do this job. (Employer bonus: Barracuda can also help ensure that your users are primarily using their computers to do their jobs, instead of shopping, playing fantasy football or hanging out on Facebook.)
Protect your Email. Make sure that your Email systems are screened for spam and also well protected from viruses. We provide robust filtering on our Microsoft Exchange hosting services, but I feel very strongly that Email should be filtered long before it reaches your computers or servers. You’ll want to check with your Email providers to ensure that this is the case.
Get a Mac. I can hear the outcry from here. But think about getting a Mac. There’s at least a modest premium for purchasing Apple and they’re not the best solution for larger networks or environments with specific applications which don’t run on Mac; but I haven’t seen a virus on a Mac in at least 15 years, and even then, it was in Microsoft Office. Yes, Windows has made impressive strides toward becoming safer and there are (at least theoretically) Mac OS viruses out there, but it’s getting easier and easier for Macs and PCs to get along and everyone I know (including myself) who has one, loves them.
Backup, backup, backup. It’s the mantra we can’t afford to ignore. Almost always, your data is far more important than your computer. Make sure that you have a robust onsite and offsite backup solution in place so that if the computer is so badly infested that it needs to be wiped out, you will make sure you don’t lose the data that your business needs to function.
Seriously?! How am I supposed to stay up to date on all
of this? Shouldn’t my computers just work? I seem to get along ok. Who has time
for this? Isn’t this what my IT guy (or gal as the case may be) is for?
I feel your pain. But, as I said, a modest amount of education can go a long way, especially
when it comes to appropriate computer use. When it comes to the rest, it is
important to ensure that, even if you don’t know all of the details, there is
someone on your team with the right expertise who does. Some pieces can be
handled by a competent staff person or a decent computer consultant, but once
your business is starting to grow you’ll want to engage a managed service provider to deliver the level of experience and knowledge needed
to ensure that you have a reliable platform that meets your growing business
needs.
Remember: Don’t settle for computers that simply
function. Technology can and should be a tool to increase productivity and
drive your business forward in creative new ways.
Dovid Winter is Principal Consultant of Winter Solutions and has been providing hands-on IT management
services to small-business, non-profit and education since 1986. In addition to
website development and hosting services, Winter Solutions' offers an array of managed IT services. Whether you
are looking for assistance with a single project or to outsource your entire IT
department, Winter Solutions
has
a solution to meet your needs. Contact us at 781 821-0000.