Do Home Users Know How to Adequately Protect Themselves From Cyber Threats?

by Leave a Comment

Cisco Systems earlier this week released a report from its Talos cyber intelligence unit. It contained a warning of 500,000 routers and storage devices in 54 countries that have been infected with malware. Their findings (https://blog.talosintelligence.com/2018/05/VPNFilter.html) pointed to the Russian government as having sponsored the hack, calling it “VPNFilter,” and that the software was simply waiting for activation. With a high preponderance of these devices in the Ukraine, it seems that an attack might be pending, or at least imminent.

I won’t bore you with the details (and they are voluminous), but the recommendations for how to thwart the hackers are quite interesting. End users are instructed to reboot their routers, modems, and network attached storage (NAS) devices to the factory default state and then to install the latest firmware. Internet Service Providers (ISPs) are instructed to reboot routers and cable modems for their customers and to ensure the devices are patched. Those two steps should, for all intents and purposes, knock out any of the malware that may have infected the devices.

Here’s my question: How many home users – or business owners – know how to perform those two steps? I do, because it is something I learned a long time ago as part of my job. But I can’t see asking any of my clients to do that. For one thing, the recommendations didn’t take into account the main task of saving existing settings – or at least writing them down – so they could be recreated after the device was flashed and rebooted.

In a “best case scenario” I can imagine someone was using a Linksys modem they purchased from a big box store and they didn’t configure anything; they simply followed the installation instructions. But in all likelihood, the SSID (i.e., the broadcast name) of their Wi-Fi is going to change. That means all of their wireless devices – computers, printers, tablets, and phones – will also need to be reset.

The report acknowledges that most of these devices are what we frequently call “set it and forget it,” meaning that they are expected to simply do their job once they’ve been installed. My concern about the recommendations centers on the fact that most individuals have no idea how to obtain the current firmware for these network attached devices. It isn’t very obvious from any of the manufacturers’ literature (and these include Linksys, TP-Link, and Netgear) that this is a task anyone should ever consider doing.

Granted a half-million devices is only a small drop in the bucket in terms of world-wide network device distribution. Yet it seems we have entered into a new “normal” for what people need to do – and learn – in order to better protect themselves from cyber security threats.

Thanks and safe computing!

When It Is A Busy Thursday For The Wrong Reasons

by Leave a Comment

Microsoft issues its monthly updates on “Patch Tuesday,” the second Tuesday of the month. Since the beginning of this year it has tried to fix the critical issues associated with the Spectre and Meltdown problems. But in a totally unexpected turn, the March 2018 monthly update knocked Windows 7 and Windows Server 2008 R2 systems offline because the network drivers get clobbered after the computers were restarted.

As a result, for the past two months I have blacklisted the updates; meaning I prevented them from being installed. In cases where I missed that phase and the computer had not been rebooted, I ran a script to uninstall the update. And in some cases, I was altogether too late and had to manually reinstall the network drivers.

Unfortunately, the May 2018 monthly update was wrapped up with a critical security patch, so it was inevitable that I had to release it. And I regret it, because this last episode has pretty much worn me out – and I’m not done with it yet.

Of all the vaunted software tools I have at my disposal, the most valuable one is remote access. However, when a client’s computer cannot connect to the internet that tool becomes useless; and I am forced into “break/fix” mode.

So the second Thursday of the month has now become a day of running around to client sites and manually reinstalling drivers, getting internet access again, updating the drivers and fixing other elements that are listed as “Unknown” in the Windows Device Manager.

Knowing that I’m shouting into the wind, I’m going to make this plea anyway. “Hey Microsoft! Could you please figure out a way to get this update to work properly without any extraordinary measures on my part?” I would thank you, and my clients would thank you.