{"id":9286,"date":"2015-07-09T13:21:15","date_gmt":"2015-07-09T17:21:15","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=9286"},"modified":"2017-09-24T08:15:34","modified_gmt":"2017-09-24T12:15:34","slug":"ask-expert-kamluk-malware-security-issues","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/ask-expert-kamluk-malware-security-issues\/9286\/","title":{"rendered":"Ask the expert: Vitaly Kamluk answers questions about malware and security issues"},"content":{"rendered":"<p>Vitaly Kamluk has more than 10 years of work experience in IT security and now he is Principal Security Researcher at Kaspersky Lab. He specializes in malware reverse engineering, computer forensics, and cybercrime investigations. Currently Vitaly lives in Singapore. He was hired on a secondment basis and now <a href=\"https:\/\/www.kaspersky.com\/blog\/ask-expert-kamluk-interpol\/\" target=\"_blank\" rel=\"noopener nofollow\">works in INTERPOL Digital Forensics Lab<\/a>, doing malware analysis and investigation support.<\/p>\n<p>https:\/\/instagram.com\/p\/1xKFAOv0I5\/<\/p>\n<p>We encouraged\u00a0our readers to ask Vitaly questions, and there were so many that we decided to break down this Q&amp;A session into several parts. Today, Vitaly will talk about general security issues and solutions.<\/p>\n<p><strong>Is it impossible to create a system immune to malware?<\/strong><\/p>\n<p>It is possible indeed, but you most likely will not have, say, Facebook on it. I am afraid that we are so used to systems that are easily upgradeable and extendable, we won\u2019t accept something radically different, even if it provides excellent security. In other words: You will not like it.<\/p>\n<p><strong>Which areas are the most vulnerable to cyberattacks and how do they work?<\/strong><\/p>\n<p>My colleagues use to say that the most vulnerable area is located between the screen and the desk chair. A lot of attacks succeed thanks to social engineering tricks: making users open access to their systems on their own will. This is the sad statistical truth.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Multi-stage phishing that starts with real links \u2013 <a href=\"http:\/\/t.co\/e2OUZw8Z4t\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/e2OUZw8Z4t<\/a> <a href=\"http:\/\/t.co\/xoSoteXR0I\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/xoSoteXR0I<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/607954073434865664?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>What are the possible dangers of applying a \u201cBYOD\u201d (bring your own device) policy in companies? And what are the suggested solutions to avoid these dangers?<\/strong><\/p>\n<p>It depends on what you mean by BYOD policy: restriction or limited permission. Apparently there is no danger in restricting external devices except one \u2014 it frustrates employees and makes them feel dissatisfied with their restricted working environment. Some may even take that as a challenge.<\/p>\n<p>To avoid that, make sure your own working environment is convenient, fast, modern and pleasant to use. Clarify that usage of any external device is not allowed because of high security standards in your organization. Make this tradeoff transparent and acceptable by the employees. Make them respect this strategy, not suffer from it.<\/p>\n<p><strong>What would be the most important measures to consider in order to keep availability and maintaining of cyber security?<\/strong><\/p>\n<div class=\"pullquote\">Each system is somewhere in the middle of the path from total security to unbound freedom. The closer you are to security the less features are available in your system<\/div>\n<p>Here is a model you want to consider: Each system is somewhere in the middle of the path from total security to unbound freedom (I prefer to call it flexibility). The closer you are to security, the less features are available in your system.<\/p>\n<p>If you rush toward total security you will lose your users as they might not be ready to lose features they are used to. However, regardless of what you do, people can adapt to anything. So if your plan is to move to the side of total security, it\u2019s better to do it slowly and gently to avoid hurting and shocking your users.<\/p>\n<p><strong>Are there still any hidden channels on the Internet?<\/strong><\/p>\n<p>It depends on what you call a hidden channel. There are ways to transfer information in a covert way by using protocol that is not recognizable by common tools and analytical methods. For example, one can use a Youtube video to transfer encrypted bits in the form of visual data. There are many other options and it\u2019s limited only to your imagination.<\/p>\n<p><strong>Is Facebook really spying on users?<\/strong><\/p>\n<p>Facebook is spying on users no more than the users are spying on themselves. That summarizes my opinion on Facebook.<\/p>\n<p><strong>What is the best way to secure our Facebook and email IDs?<\/strong><\/p>\n<p>A few simple rules that can help you enhance your security:<\/p>\n<ol>\n<li>Use <a href=\"http:\/\/strong%20and%20unique%20passwords\" target=\"_blank\" rel=\"noopener nofollow\">strong and unique passwords<\/a> for all resources.<\/li>\n<li>Don\u2019t use simple password recovery questions and answers.<\/li>\n<li>Enter login\/passwords only on your own computers, don\u2019t login on your friends\u2019 computers and certainly don\u2019t do it on publicly available PCs.<\/li>\n<li>Use <a href=\"http:\/\/kas.pr\/Z5yH\" target=\"_blank\" rel=\"noopener\">reliable security software<\/a> to defend against password stealers.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Facebook teams up with Kaspersky Lab to rid malicious software <a href=\"http:\/\/t.co\/lbYPkq5bie\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/lbYPkq5bie<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/614124742832988160?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 25, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Do governments own special systems to record phone calls or do telecom companies themselves do that?<\/strong><\/p>\n<p>I\u2019m not representing any government or any part of it, but it\u2019s my opinion that governments would rather command than learn custom protocols, maintain big data storages and implement efficient search engines. I hope that answers your question. ;-)<\/p>\n<p><strong>Kaspersky Lab has found a cyber spying implant in the HDD firmware. If I work too far from your office what can I do to check data storage devices at work? How does this spyware implant into firmware and can I protect my devices?<\/strong><\/p>\n<p>Yes, we had <a href=\"https:\/\/www.kaspersky.com\/blog\/equation-hdd-malware\/\" target=\"_blank\" rel=\"noopener nofollow\">an article about malicious implants aiming to reprogram the victim\u2019s hard drives<\/a>. I\u2019m afraid even if you lived next to the Kaspersky Lab office, it would not solve the problem. Currently it\u2019s almost impossible to check HDD firmware for virus infection.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Indestructible malware by <a href=\"https:\/\/twitter.com\/hashtag\/Equation?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Equation<\/a> cyberspies exists, but don\u2019t panic yet: <a href=\"https:\/\/t.co\/a3rv49Cdnl\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/a3rv49Cdnl<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/EquationAPT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#EquationAPT<\/a> <a href=\"http:\/\/t.co\/Gaf0HCjHoY\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Gaf0HCjHoY<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/567764207162167296?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Using software tools to receive the current firmware code, you ask the HDD firmware microcode to produce its own copy. If your microcode is modified you\u2019ll get false results without any signs of malicious code. Unfortunately, we can now only rely on preventive measures to protect Windows OS from viruses.<\/p>\n<p>But the situation is not as bad as it seems. It\u2019s not cheap and easy to create stable firmware modifications. That\u2019s why there will be no similar mass attack in the near future.<\/p>\n<p><strong>How should you act\u00a0if you suspect that your computer is infected or has a security breach?<\/strong><\/p>\n<p>First of all, I need to say that it\u2019s good to have suspicions, but avoid being obsessed by them. Some of the most efficient ways to check if you have malware include:<\/p>\n<ol>\n<li>Scan your system with <a href=\"http:\/\/kas.pr\/Z5yH\" target=\"_blank\" rel=\"noopener\">reliable AV solution<\/a> \u2014 that may save you a lot of time. But don\u2019t think that automated scan can give you 100% reliability, so keep looking.<\/li>\n<li>Check your process list for suspicious and uninvited \u2018guests\u2019: I think users should know all processes running on their system by heart.<\/li>\n<li>Check your list of automatically started apps. There is a free Windows app for that called Sysinternals Autoruns tool.<\/li>\n<li>Finally, an advanced check includes attaching your computer to another one (connected to the Internet) and recording all network traffic that passes through. This should reveal suspicious activity even if it\u2019s not visible from the compromised system.<\/li>\n<\/ol>\n<blockquote class=\"twitter-pullquote\"><p>Vitaly @vkamluk Kamluk answers our readers\u2019 questions about #malware counteraction and various #security issues<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fy7D7&amp;text=Vitaly+%40vkamluk+Kamluk+answers+our+readers%26%238217%3B+questions+about+%23malware+counteraction+and+various+%23security+issues\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Which Windows files are vulnerable?<\/strong><\/p>\n<p>Big and fat, small and thin \u2014 both can be vulnerable. All kidding aside, Microsoft does their best, really, but Windows OS is huge and it\u2019s almost impossible to test it inside out. Besides, unreliable solutions designed by third-party developers also add fuel to the flame.<\/p>\n<p><strong>Google announced a Windows vulnerability before Microsoft released a patch, do you have any comment on this?<\/strong><\/p>\n<p>I don\u2019t know behind the scene details of that story, but I think sometimes people forget they have a common enemy. Microsoft and Google\u2019s common enemy is the cybercriminal world that can use this vulnerability to attack innocent people. Instead of starting an internal fight, they should try to understand each other\u2019s concerns, find a consensus, and fight on the same side.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Microsoft?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Microsoft<\/a> Censures <a href=\"https:\/\/twitter.com\/hashtag\/Google?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Google<\/a> For Publishing Windows Vulnerability \u2013 <a href=\"https:\/\/t.co\/lN4CEOmizP\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/lN4CEOmizP<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/554720749483991040?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 12, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>How can I protect \u2013 among others \u2013 my email and blogs on PC and mobile from viruses?<\/strong><\/p>\n<p>You can secure them, but not protect them 100%. Here are five simple rules:<\/p>\n<ol>\n<li>Remove or lock unused applications and software to reduce the surface for potential attacks.<\/li>\n<li>Thoroughly update your system and remaining software.<\/li>\n<li>Use <a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">reliable and unique passwords<\/a> on every resource.<\/li>\n<li>Be vigilant when installing new software: check who develops the apps, where they got it\u00a0(from developers\u2019 headquarter or shady third-party site) and what users say about it. You should also follow your security solution recommendations.<\/li>\n<li>Set up a virtual machine without network connection to open suspicious emails with attachments.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Vitaly Kamluk answers our readers&#8217; questions about malware counteraction and various security issues.<\/p>\n","protected":false},"author":40,"featured_media":9174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2684,9],"tags":[1157,605,347,352,36,97,131,1158],"class_list":{"0":"post-9286","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"category-tips","10":"tag-ask-expert","11":"tag-great","12":"tag-interpol","13":"tag-kaspersky-lab","14":"tag-malware-2","15":"tag-security-2","16":"tag-tips","17":"tag-vitaly-kamluk"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ask-expert-kamluk-malware-security-issues\/9286\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ask-expert-kamluk-malware-security-issues\/5595\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ask-expert-kamluk-malware-security-issues\/5977\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ask-expert-kamluk-malware-security-issues\/5768\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ask-expert-kamluk-malware-security-issues\/6412\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ask-expert-kamluk-malware-security-issues\/6312\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ask-expert-kamluk-malware-security-issues\/4665\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ask-expert-kamluk-malware-security-issues\/8180\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ask-expert-kamluk-malware-security-issues\/9286\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ask-expert-kamluk-malware-security-issues\/9286\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=9286"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9286\/revisions"}],"predecessor-version":[{"id":19036,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9286\/revisions\/19036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/9174"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=9286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=9286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=9286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}