TechByter Worldwide

Speak softly and carry a large microphone

 

07 Jan 2018

Your Computer or Network Needs a Robust Defense

The final program of 2017 looked back at some of the primary security challenges of 2017. Now it's time to take a look at what we might reasonably expect in 2018. Sam Curry, the chief security officer at Cybereason, says that he hopes this will be the year of defense. In an hour-long conference call, he explained and today's program will cover the main points.

Predictions for 2018

Curry's background includes 25 years in the security business. Cybereason is a company I've written about occasionally. The company is relatively new and it provides both paid services for businesses and a free application for individuals. RansomFree costs nothing and anyone can download and install it. The objective is to detect attempts to encrypt or destroy files and to shut the operation down before it can do serious damage.

I have eliminated most third-party protective applications on my Windows computers and rely on Microsoft's Windows Defender. This is because I feel that the operating system developer is in the best position to provide protection. So my computers no longer have Norton Antivirus or AVG or any of the other resource-hogging application. But I do bolster Windows Defender with two additional applications: Malwarebytes and RansomFree, both of which work without getting in each other's way and without causing problems for Windows Defender or for any of the other third-party protective applications.

RansomFree watches for activities that indicate malware is at work by targeting the common behavior of ransomware. The company says that this allows it to protect users by detecting ransomware, suspending the activity, and then displaying a pop-up that warns users that their files are in danger. Users can then halt the attack. The process involves directories and files that RansomFree creates on the user's computer. The files are small and are updated frequently. To malware, they look like recent data files. When the malware takes the bait, RansomFree warns the user. It's a clever approach.

Even so, Curry says that ransomware and destructionware, both of which we saw in 2017, probably are not the new normal.

Instead, he believes that crooks will spend most of their time developing and executing what he refers to as "supply-chain attacks". He's referring to attacks that target companies that supply goods or services to other companies.

Most large companies now have sufficient protective measures in place to identify and halt direct attacks on their systems, but smaller companies that supply the larger companies often have weaker defenses, so the objective is to move the attack to a weak link in the supply chain. If a vendor has access to a client corporation's network, it's possible to stage an attack from outside.

The bottom line for 2018 is this: Expect something bad to get through your defenses and plan your recovery process now. As scary as that sounds, it's good advice. The bad guys will continue to try anything and everything they can to breach your defenses. Even if you stop 99.9% of the attacks, you're eventually going to find an intruder on your network. Accept that and determine what you will do when it happens.

Curry says that crooks need to become more efficient because the cost of ill-gotten data has plummeted. Once stolen medical records might have fetched hundreds of dollars, but now might yield less than $10 for the thieves. As a result, crooks increasingly will attack supply-chain vendors because this will increase their reach.

What will be needed in 2018, he says is more attention to the access that outside companies have.

So if this will be a major threat in 2018, what can be done to mitigate the threat?

Although destructive attacks may be "retrograde", they're still happening and we need to be prepared to deal with them. Ransomware is less serious because the crooks will generally restore access to your files once you pay the ransom. But when the objective is destruction of your data, restoring from backup is the only solution.

Curry says these kinds of attacks are unsophisticated, cheap, dirty, and effective. Numerous malware tools are capable of causing severe damage. So understanding that it will happen someday is the first step. Planning to recover is the essential second step.

Cybereason's Sam Curry also says that advanced persistent threats will increase in 2018, so it's important to realize that you can't cover everything. In other words, you can't save every computer, so it's important to concentrate on protecting the data.

Fileless attacks, those that use the capabilities of Powershell and Windows Management Instrumentation are becoming more important. Both Powershell and WMI are strong and flexible languages and destructive scripts can easily be hidden so that they can't easily be found.

Protecting against these threats is relatively easy: If users don't need access, don't expose it to them. But there are other options.

If you're looking for good news, breaches are being identified sooner and contained faster so 2018 could be the year of the defender.

Those who work in corporate IT may find that security has (finally) become a board-level topic of discussion. The final point recalls the Hitchhiker's Guide to the Galaxy: DON'T PANIC! Nation states are launching attacks, but we need to understand what the threat really is.

Sam Curry, chief security officer at Cybereason. If Curry's optimism that 2018 will be the year of the defender is to be realized, we all need to be more cautious and more ready to deal with an attack when it happens -- because it will happen.

Short Circuits

Your Computer Probably Has a Security Flaw

If your computer has an Intel CPU and runs Windows, it probably has a security flaw. If your computer has an Intel CPU and runs the MacOS, it probably has a security flaw. If your computer has an Intel CPU and runs some version of Linux, it probably has a security flaw. Perhaps you've noticed a pattern here.

If short, if your computer is less than 10 years old and has an Intel CPU, it is affected. If, on the other hand, your computer has a CPU from Advanced Micro Devices (AMD), you're safe.

Intel has been very, very quiet about the flaw and the company is expected to release information later in January. Linux developers, however, have already made some updates to the kernel to mitigate against the flaw. An operating system kernel is the part of the operating system that, for want of a better description, "does stuff". The CPU problem involves what are called page tables and the Linux kernel is being modified to isolate the page table so that one will be used by the operating system and another will be used by the logged-in user.

Kernel page-table isolation (KPTI) splits the page tables that are currently shared between user and kernel so that each side has a table and cannot modify the other table. This is a big change to the way computers manage memory and Linux developer Jonathan Corbet says that this kind of change would normally be debated for years, "especially given its associated performance impact."

On the day after Christmas, AMD's Tom Lendacky notified system builders that AMD's processors are safe so long as one default setting is not changed: "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

For Intel computers, the change could result in applications running as much as 30% slower. Some applications may see only a small performance hit -- in the range of 5% to 10%, but others could see performance drop by one third. As noted, Linux developers are working on changes now and Microsoft pushed an out-of-cycle update to Windows users on Thursday and Apple is also working on a fix. Be sure to watch for upcoming security patches and install them.

Are Light Bulbs High Tech?

Incandescent light bulbs are on the way to extinction. If you're still hanging on to bulbs that get hot, burn out all too often, and increase your electric bill, there are better options.

Compact fluorescent bulbs were the first attempt to reduce power usage for lighting, but they had numerous problems. The most serious problem is the mercury vapor thats inside the tubes. Mercury is dangerous, but compact fluorescents save energy and that reduces the use of coal to generate electricity. Burning coal releases mercury. The bulbs contain less mercury than what would be released by burning coal. "Less" is not "none", though, so the bulbs are difficult to dispose of properly.

The bulbs also become quite warm when in operation and eventually the heat causes the ballast that's built in to the bulbs to fail. Many people don't like the light produced by these bulbs because it tends to lack a red component. Fluorescent lights have improved and the quality of light can nearly match that of incandescent bulbs.

Bulbs made with light-emitting diodes are the most promising. There's no mercury involved, the bulbs use less power than even compact fluorescent lights, they run cool, and they last for a long time. They're more expensive than incandescent bulbs, but their longer life and reduced power consumption lower their overall cost. LED bulbs do contain lead and arsenic, though, but in tiny quantities. Incandescent bulbs contain no lead or mercury, but result in more mercury contamination than CFLs because of their inefficient use of power and the fact that burning coal releases mercury.

Light-emitting diode bulbs seem to be the best choice economically and environmentally, so if you're thinking of buying some LED lights, here are a few things to keep in mind.

  • We think of light bulbs in terms of Watts. That's convenient, but inaccurate. Light is measured in lumens. Watts is a measure of power. A 100 Watt incandescent bulb produces approximately 1600 lumens, so be sure to compare lumens, not Watts.
  • Take the color of light into account. For an incandescent look, make sure that bulbs deliver light at 2800 to 3500 degrees Kelvin. The lower the number, the more red/yellow the light. "Neutral" bulbs will be in the 3500 to 4000 range. Daylight LEDs start at 5000 and go to more than 8000 degrees Kelvin. The higher the number, the more blue the light.
  • If you have a dimmer switch, be sure to buy bulbs that are specifically designed to work with a dimmer. Not all LED bulbs can be dimmed and virtually no CFLs are compatible with dimmers.
  • Some lamps have 3-way sockets. A standard bulb of any type will work in these sockets, but will not offer 3 levels of light. LED 3-way bulbs are available, but they're relatively expensive.

In December, I bought some LED that are rated at 2000 lumens, which is about equivalent to the light output of a standard 150W incandescent. They are very bright, the light is 3000 degrees Kelvin, they're expected to have a life of "13.7 years when used 3 hours per day", and instead of 150 Watts, the bulbs use only 17 Watts.

The bulbs are in use more than 3 hours per day, so maybe rating the life in hours might be more appropriate. 13.7 years is about 5000 days, so at 3 hours per day that would be 15,000 hours. Assuming the light is on about 14 hours a day, I can expect the bulb to last approximately 3 years.

Electric rates vary by region, but one source suggests that a good approximation is $1 per watt for a device that's powered 24 hours per day. My 150 Watt light bulb would be on about half of that time, so $75 per year for my one incandescent bulb. The LED bulb with an equivalent output in lumens consumes only 17 Watts, so it will cost about $8.50 per year. The economic argument is clear.

Assuming that a light bulb is on 12 hours per day, the cost to run the bulb will be approximately 50 cents per Watt per year. The following chart shows the approximate cost to operate incandescent, compact fluorescent, and LED bulb with equivalent light output. For example, a single 1600-lumen light bulb that's on 12 hours per day will use $50 of electricity per year if it's an incandescent bulb, $12.50 if it's a compact fluorescent, and $9 if it's a LED lamp.


Lumens Incandescent CFL LED
Watts Cost/year Watts Cost/year Watts Cost/year
450 40 $20.00 10 $5.00 7 $3.50
800 60 $30.00 14 $7.00 10 $5.00
1100 75 $37.50 19 $9.50 14 $7.00
1600 100 $50.00 25 $12.50 18 $9.00
2400 150 $75.00 40 $20.00 26 $13.00
3100 200 $100.00 65 $32.50 30 $15.00
4000 300 $150.00 85 $42.50 38 $19.00

How many light bulbs are on in your house and for how long every day? Using lower-consumption light bulbs, how much could you save? If you can get more lumens per Watt, wouldn't you want to?