Tag Archives: Joern Wettern

About 2332 days ago Data Security

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2332 days ago Antivirus Software

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2363 days ago Computer Security

Security Starters: Critical Patches for Your PCs

The security software’s been installed. It includes anti-virus protection, a spam blocker, a firewall, a pop-up blocker and a spyware filter. Feel safe, yet? The good news: once all that’s done, the system is safe — at least for the moment. The bad news: a moment is about as long is it lasts. Malware programmers (whom most people call “hackers”) are constantly finding vulnerabilities in all brands of security software and writing code to exploit them. Security software vendors, at the same time, are constantly writing additional code for their programs to shore up those vulnerabilities from new threats. Those pieces of new code are called “patches” and without them your software is essentially worthless. Install all patches and updates It sounds so simple, but staying on top of those patches or updates is where the wheels fall off for most small and mid-size businesses that can’t afford a separate staff or department for information technology. No one can really blame the software vendors on this one, either. “Where there are updates available make sure you install them,” says Joern Wettern, co-author of Firewalls for Dummies. “Check all your computers at least once month to make sure no one’s turned off the automatic update feature.” Most security programs now include an automatic update feature that will have your computer download new updates directly from the vendor’s website on a regular schedule. The most it might require of the end user is the occasional request to reboot or a pop-up screen asking for a “click yes” to accept updates. For many end users, even that’s too much. “People get annoyed with those pop-up screens and just turn off the automatic feature. All it takes is one machine to not be updated and your whole network is vulnerable,” says security expert and partner John DeLozier, from Nply Security, a Dallas-based network security consulting group. DeLozier recommends utilizing what network security professionals euphemistically call the good old-fashioned “sneaker net.” What that amounts to is periodically have someone physically walk around to every single computer within the business to make sure the automatic update feature is toggled to the “on” position and is doing its job. Assign responsibility for patches DeLozier suggests that businesses follow this two-step strategy to keep the company’s systems safe. Have a maintenance plan. If you don’t have at least a part-time IT staffer to be responsible for patches and updates, then appoint someone else within the organization to be that person. Whether it’s once a month or once a quarter, have a set schedule to check all the computers and make sure patches are being downloaded on a regular basis. Make sure the plan gets executed properly. Once you make the commitment to a set a maintenance schedule, stick to it. Don’t let patches and updates fall off the priority list. Use reminders on project calendars and keep a written track record of dates and computers that have been checked. Don’t let a viral attack be your reminder that it’s time to update your software. Software solutions If the budget allows, there are a number of commercial software applications available that help organize and streamline the management of updates. Some of the popular software manufacturers who make products in this field include: Kaseya, GSI Languard, Numara, and Microsoft, the latter of which makes a Baseline Security Analyzer. Before committing to any software solution to patch your systems, just remember this: it’s one more piece of software someone has to be familiar enough with to properly utilize. The bottom line for small and mid-size businesses in need of developing a solution to patch their PCs is that they need to follow through. “Good security can be done on a budget,” says Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at conferences on security topics, “but you do have to manage it.”

About 2393 days ago Computer Security

When a Virus Strikes

A recent survey by the Computer Security Institute and the San Francisco FBI’s Computer Intrusion Squad revealed two very interesting trends when put side by side. Number one, virus attacks are the leading cause of financial losses among cyber crimes committed against U.S. companies. Number two, 98 percent of the companies and organizations polled for the survey say they use firewalls. Ninety-seven percent use antivirus software. Virus attacks happen There’s plenty of preventative advice available to protect business owners from a virus attack and even more security products to purchase. But small businesses, in particular, would be wise to also have a crisis plan in place for what some would argue is inevitable. “Small businesses are more vulnerable to attack,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York-based financial services firm, and the author of Computer Security — 20 Things Every Employee Should Know. Small and mid-size businesses “typically don’t have an IT department monitoring their network 24/7.” Signs of a possible virus attack So what can a company without an IT department do to prepare for the worst? For starters, know enough about viruses to know when the system’s been hit. Computers start crashing all around the office at the same time. One or more computers get flooded with pop-up ads. One or more computers get multiple warning screens from your security software. One or more computers get flooded with strange e-mails that seem to be replicating faster than they can be deleted. The company network slows down to near-standstill. Users are denied access when trying to log in. Respond immediately Once it’s been determined the network’s been attacked, you need to react. “Simply put, responding to a virus is like fighting a fire,” says Devin Jopp, chief technology officer for SCORE, a counseling service for small business owners. Here are some tips for hot to respond to a virus attack. Isolate Shut down all the infected computers and programs that appear to be infected to staunch the spread elsewhere within the network. As an added precaution, Joern Wettern, co-author of Firewalls for Dummies, says “disconnect any part of the system that is critical to your business… it helps to have those areas flagged in advance.” Treat Run your antivirus software. Jopp points out that 90 percent of all viruses can be identified and cleaned up by most antivirus programs. Diagnose In addition to identifying the virus, assess what parts of the network have been hit, the damage inflicted and what it will take to fix it. For more complicated attacks, have a local IT consultant with expertise in cleaning up viruses that can be called in on short notice. “A virus attack on a small business is too critical to let the fix-it guy in the office handle on his own” says Rothke. Learn See this as an opportunity to improve security for the next time. Chances are there’s room for improvement by way of updating software more frequently or training employees to avoid high risk web sites or dubious e-mail, for example. Don’t forget the customers Michael Shaw, California’s assistant state director for the National Federation of Independent Business (NFIB) advocates full disclosure to customers in the event of a virus attack. Employers need to have a plan in place to notify customers in case there is an attack that compromises customer information,” he says. In a growing number of states, companies are required by law to report data breaches to customers. Either way, a business owner may be wise to remember that a lost reputation is much harder to replace than lost data.

About 2393 days ago Computer Security

What Kind of Firewall Should You Use?

The average computer system left unprotected on the Internet will come under attack within 20 minutes after going online, according to the SANS Institute, a computer security watchdog. With that in mind, getting a firewall may seem like an easy decision. But, choosing a firewall and figuring out what exactly needs to be protected may be a little more complicated. Firewalls 101 A firewall provides a virtual barrier between an outside network (typically the Internet) and a private network or personal computer. It can be used to block viruses, worms, pop-up ads and spam, filter out contact with undesirable websites and protect sensitive files. There are two kinds of firewalls: hardware and software. Hardware firewalls (sometimes called embedded firewalls, as they are embedded into a router or switch) come housed in appliance form. It’s a device that is typically wired between the network and the gateway to the Internet. Software firewalls are loaded applications used to filter out unwanted traffic coming and going. And like anything else, either kind can cost a lot or a little ranging in price from less than a $100 to more than one hundred thousand dollars. A good mid-level firewall will range in price from about $500 to $1500 and accommodate up to 100 users. How to choose a firewall So which type of firewall is better for your business? “I don’t recommend a specific solution until I know what a company needs,” says Joern Wettern, co-author of Firewalls For Dummies. Wettern recommends that before picking out a firewall, a small or mid-size business owner would be wise to inventory what exactly is being protected and what kind of traffic is and isn’t to be allowed. Here are some criteria Wettern says to consider: Is the company network accessing the Internet strictly for surfing only? That being the case, a simple off-the-shelf consumer level software firewall may be all that is needed.  Is there a corporate website or an e-commerce component to the business? That’s a whole new level of liability, safeguarding customer credit card information for example, and it is far more complicated to protect. Most companies would choose both a hardware router-based firewall, with the added protection of an application-based firewall that does a better job of filtering out viral attacks. Does the business have employees that access the system remotely? For example, is there a sales force that is constantly “dialing in from the road?” Virtual private network (VPN) connections to the network present a great vulnerability and require more features in a firewall for full protection. A VPN quarantine feature that screens users for security risks for virus infections before allowing them to login remotely is available on most mid-level firewall products, like Checkpoint or Cisco PIX. Manage what you have One of the biggest problems that officials of small companies run into is believing that setting up a firewall is all they need to do to protect their business computers, network and data. Firewalls also need maintenance. “You don’t have to spend a lot, but you do have to take responsibility for it. You have to manage your firewall,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York- based financial institution, and a frequent speaker at industry conferences on network security. Rothke says that for anything more complicated than basic Web surfing, invest the money in a specialized IT consultant to do the initial set-up. Make sure the firewall is configured properly from the beginning. At least monthly, he says, check for any new updates or patches and install them immediately. Test the system. There are many websites and programs that offer system checks that will point out the weak links in the network. Features and pricing are important, but it’s not what determines the quality of a good firewall. In the end, what may matter most is how well a firewall is maintained once it’s in place.

About 2393 days ago Antivirus Software

When a Virus Strikes

A recent survey by the Computer Security Institute and the San Francisco FBI’s Computer Intrusion Squad revealed two very interesting trends when put side by side. Number one, virus attacks are the leading cause of financial losses among cyber crimes committed against U.S. companies. Number two, 98 percent of the companies and organizations polled for the survey say they use firewalls. Ninety-seven percent use antivirus software. Virus attacks happen There’s plenty of preventative advice available to protect business owners from a virus attack and even more security products to purchase. But small businesses, in particular, would be wise to also have a crisis plan in place for what some would argue is inevitable. “Small businesses are more vulnerable to attack,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York-based financial services firm, and the author of Computer Security — 20 Things Every Employee Should Know. Small and mid-size businesses “typically don’t have an IT department monitoring their network 24/7.” Signs of a possible virus attack So what can a company without an IT department do to prepare for the worst? For starters, know enough about viruses to know when the system’s been hit. Computers start crashing all around the office at the same time. One or more computers get flooded with pop-up ads. One or more computers get multiple warning screens from your security software. One or more computers get flooded with strange e-mails that seem to be replicating faster than they can be deleted. The company network slows down to near-standstill. Users are denied access when trying to log in. Respond immediately Once it’s been determined the network’s been attacked, you need to react. “Simply put, responding to a virus is like fighting a fire,” says Devin Jopp, chief technology officer for SCORE, a counseling service for small business owners. Here are some tips for hot to respond to a virus attack. Isolate Shut down all the infected computers and programs that appear to be infected to staunch the spread elsewhere within the network. As an added precaution, Joern Wettern, co-author of Firewalls for Dummies, says “disconnect any part of the system that is critical to your business… it helps to have those areas flagged in advance.” Treat Run your antivirus software. Jopp points out that 90 percent of all viruses can be identified and cleaned up by most antivirus programs. Diagnose In addition to identifying the virus, assess what parts of the network have been hit, the damage inflicted and what it will take to fix it. For more complicated attacks, have a local IT consultant with expertise in cleaning up viruses that can be called in on short notice. “A virus attack on a small business is too critical to let the fix-it guy in the office handle on his own” says Rothke. Learn See this as an opportunity to improve security for the next time. Chances are there’s room for improvement by way of updating software more frequently or training employees to avoid high risk web sites or dubious e-mail, for example. Don’t forget the customers Michael Shaw, California’s assistant state director for the National Federation of Independent Business (NFIB) advocates full disclosure to customers in the event of a virus attack. Employers need to have a plan in place to notify customers in case there is an attack that compromises customer information,” he says. In a growing number of states, companies are required by law to report data breaches to customers. Either way, a business owner may be wise to remember that a lost reputation is much harder to replace than lost data.