Do away with antivirus software!

Do away with antivirus software!

Valid argument or indispensable shield? There are effective alternatives for protecting yourself.

  Installing antivirus programs on your PC does not offer protection; on the contrary, they open up superfluous vulnerabilities in the protective shield! This is what Robert O’Callahan argues. As a former developer of the Firefox web browser, he has called upon users to uninstall their AV software. Justin Schuh, a developer of the competitor browser Chrome, concurs: AV programs are not equipped with important and appropriate mechanisms such as sandboxing. Rather, some of them have significant quality problems, particularly with respect to their own security. The high-level system rights that most AV programs are granted enable attackers to exploit these vulnerabilities and cause direct damage on the end devices.

 

Virus software fails to identify viruses

  To make matters worse, there is a problem that various previous studies have already shown: namely that the mechanisms used to identify viruses are not as effective as they were a few years ago. Back in 2014, Lastline Labs tested the quality of various AV programs. One of the sobering results of the tests: Only 61% of all programs identified new viruses within two weeks of their emergence. At the same time, the updates must be installed much faster, because the duration of virus attacks are becoming shorter all the time. In other words, many attacks last just a few minutes or hours. What’s more, today’s malware is often a polymorphic phenomenon, transforming in manifold ways during an attack. Both create major problems for signature-based scanners.   So what’s to be done? Robert O’Callahan recommends that Windows users trust the already very reliable Defender module that is part of Windows 10. This makes sense, particularly considering that Defender is already an integral part of the operating system. While this doesn’t improve recognition, it at least prevents the opening of new security gaps. Additionally, it cannot be stressed enough that users should keep all programs up-to-date and always install the latest security patches.   Nevertheless, the question remains as to whether protection on local devices is still at all useful or whether protecting computers and networks should take place somewhere entirely different. It obviously makes sense to examine more closely how malicious software finds its way onto a computer in the first place.    

Spam filter + web filter > antivirus protection

  The two main gateways for malware are email and web traffic. Attacks via other routes such as infected external disks or active attacks by hackers, on the other hand, occur much less often. However, file attachments with malicious code or links to hidden downloads are frequently found in emails. Preventing these from ever landing in a recipient’s inbox in the first place is an effective way to protect against unwanted intruders. Cloud solutions in particular offer a protective wall that is located far upstream from one’s own IT infrastructure. In addition to this, by bundling the data traffic of very large numbers of users, undesired data can be noticed quickly – so all users benefit quickly from the results of the analysis. Professional cloud providers also offer additional security mechanisms such as sandboxing or the revising of links found in emails in order to increase the level of protection offered by filter systems. Web filter systems, on the other hand, check whether users are surfing on websites containing malware and block the opening of the destination page if needed, thereby blocking this attack route.   Of course, none of these measures offer 100% protection either, but they do greatly increase the likelihood of stopping data theft, extortion attempts, and imposter schemes.  
Emailing from the cloud – the smart alternative for SMBs

Emailing from the cloud – the smart alternative for SMBs

Digitization turns our working world and existing IT structures upside down. Products turn into services; fixed service packages turn into tailored solutions that can be customized in a modular manner to suit the changing requirements and IT budget of companies. The cloud makes this possible.   Small and medium-sized enterprises (SMBs) in particular have had difficulty keeping up with the rapid IT developments in recent years. The result: aging infrastructure and applications that are no longer on the cutting edge. This in turn lead to slower business processes. Media inconsistencies have often hampered the continuous flow of processes.   In addition to classic office or business applications, this also affected and continues to affect email traffic. Outdated solutions are still in use. Not least because many companies lack the necessary expertise – people use what they are familiar with and tend to shy away from innovations. Cloud solutions in particular can be a way of avoiding this dilemma for many SMEs. Professional cloud providers enable these companies to benefit from modern infrastructure and sufficient IT know-how that helps them make use of modern solutions.   Hornetsecurity provides its customers secure and convenient email traffic with Hosted Exchange. Companies that do not have a professional IT department particularly benefit from such a service, which provides a professional email landscape at attractive prices. Operating the solution is a breeze, as only some basic information is required to set it up. For the customer, this means “out of the box” emailing, i.e. getting started quickly and easily without a long installation process. The provider also takes care of maintaining the solution. Users no longer have to worry about updates, as hardware and software are always state-of-the-art.   Security is Hornetsecurity’s core competence. Spam and virus protection is thus a self-evident component of Hosted Exchange. The service also includes encrypted data traffic via TLS and the ability to recover deleted messages if necessary.   Individual service variants   Customer focus and service quality are key features of Hosted Exchange, which is offered in two versions. The service is generally aimed at users who either don’t want to or can’t operate their own email server. Hosted Exchange allows such companies the flexible use of a professional email infrastructure. The service offer includes 25 gigabytes of storage capacity and Microsoft Exchange, which Hornetsecurity uses as a platform for the service.   Hosted Exchange Enterprise Plus is based on the basic version of the service, while extending it to include additional options. This variant thus enables you to store your entire email traffic for three months. This is a particularly important criterion for critical business processes, as accidentally deleted messages can be recovered without any problems. Hosted Exchange Enterprise Plus also provides encryption mechanisms that allow emails to be signed and encrypted using the latest technologies.   With solutions such as Hornetsecurity Hosted Exchange, SMEs in particular should see the digital transformation as an opportunity rather than as a risk. Digital processes and services from the cloud increase flexibility, provide transparency and reduce IT costs, thus making SMEs fit for global competition.
Executable file interceptor – the Content Filter

Executable file interceptor – the Content Filter

  A central promise of our Managed Spam Filter Services is to protect our customers from malicious mails. Especially the automatic detection of spam and malicious software has rapidly gained importance in recent months – Locky, Tesla, Petya and co. send their regards! The Content Filter is an additional, customizable protection. Customers can use it to independently control the handling of attachments contained in incoming and outgoing emails. The maximum file size for attachments can thus be set – although the Content Filter’s ability to detect certain types of file extensions is much more important. This allows administrators to define specific file extensions, thus preventing the delivery of an email with the relevant attachment.  

Contentfilter-executables

The content filter can be quickly activated and customized in the control panel

Specifically, this means: If an IT manager wants to prevent their email users from receiving attachments with the .exe extension, they need only enable the Content Filter (if not already activated) and enter .exe into the open field. As a special service and for ease of use, we have set up several group extensions to provide improved protection in all the default settings: .executable, .mediafile, .xlsmacro and .docmacro. If, for example, “.executable” is specified, the Content Filter automatically blocks 58 extensions of executable files. This group extension is continuously maintained and kept up to date in order to always ensure the highest possible protection. The extension .mediafile, for example, can be used to filter out files with the extensions .wav, .mp3, .mid. mpg and several others. The two other collective terms are specifically designed to retain macros in Excel and Word files, which often transmit links to blackmailer viruses. The Content Filter can incidentally be configured for the entire domain as well as for specific groups within a domain.   If not already enabled, we thus urgently advise all customers and partners of Hornetsecurity to activate the Content Filter free of charge and add the file extension “.executable” to their list of files to be blocked. They can ramp up their protection another notch by doing so. The screenshot shows how this is done.   Note: This blog post was first published in April 2015 and has now been updated and adapted to the new ransomware threats.
Detect and control IT risks

Detect and control IT risks

This blog post by Petra Adamik addresses what companies can do to stay up-to-date in terms of IT security.   Whether in business or life: things don’t always work out as planned. In the age of globalization and continuously increasing competition, the business environment faces increasing risks and dangers. Companies are well-advised to start thinking about this and taking adequate measures early on:   What are the risks for our business? Where do dangers lurk? What mistakes can I make as an entrepreneur and how can I avoid them? And what is the likelihood of potential risk actually happening and pushing the company to the brink of existence?   You should be prepared for all of these questions and have an action plan waiting in the wings in case worse comes to worst. This procedure is called risk management.   Not only large corporations, but also small and medium enterprises (SMEs) can be affected by risks. It is thus advisable to take precautions in order to be prepared for all eventualities. However, many corporate decision-makers still have difficulties managing risks. This applies to IT risks in particular. This is nevertheless precisely where many dangers lurk – because, even in SMEs, IT has become an indispensable basis for vital business processes. Technology failures and other security problems can thus turn into a real danger. IT risk management can help you identify economic risks. Such a solution can, however, also point out possibilities for savings in the infrastructure and organization. Furthermore, tailor-made risk management can also optimize the existing emergency plan and bring it up to date.   Associations provide assistance   The whole thing is of course associated with a certain expenditure, which for many SMEs accounts for the failure to implement IT risk and opportunity management. Many companies also avoid cooperating with relevant experts, since they fear high consultancy costs. The high-tech association Bitkom offers such candidates free assistance in the form of a comprehensive guide. On the basis of case studies, the paper explains how smaller enterprises have introduced the active management of IT risks and opportunities, and how they benefit from it. It also describes a general methodology for identifying and assessing relevant risks. The relevant guide can be downloaded for free. Support and assistance is also offered by regional chambers of industry and commerce, who offer workshops and checklists to help with the introduction of risk management.   Introducing IT risk management is not as difficult as many believe. You should first create a risk matrix as well as prioritize the potential risks by making a list. Doing so can also facilitate analyzing the causes of risks. The analysis can in turn serve as the basis for drawing up an action plan that identifies possible solutions and preventive steps. In the final phase, the relevant solutions are selected and integrated into the existing environment. Detailed information and training of staff is an essential element for successfully implementing IT risk management.   Clever protection of corporate communications   The market offers a lot of tools to ensure the security of corporate communications today. Firewalls, antivirus programs and encryption are some of the essential risk management components that can provide protection against a number of risks.   Firewalls protect the corporate network from unauthorized access via the internet. A firewall can be used to monitor all inbound and outbound data traffic. It can be integrated into the corporate network as part of a router, but can also be connected as an external component upstream or downstream from a router to protect your data traffic. Firewalls are an absolute MUST for any IT risk management system.   This is also true for virus protection, which prevents computer viruses and worms as well as trojans or other pests from infecting corporate networks and the associated devices and applications. Antivirus software, virus scanners or virus protection programs are important defensive measures against cyber attacks. They can also detect threats, isolate them from your data traffic and help eliminate dangers. Locally operating virus programs require continuous upgrades in order to maintain effective protection; cloud offerings where the operator maintains the filters and the customer does not have to take care of anything are even better.   Companies encrypt electronic business correspondence to protect their crown jewels, namely critical business information. End-to-end encryption ensures that information, contracts or agreements sent by email are securely dispatched via the internet. Encryption solutions can be integrated into business processes without a major effort. Hornetsecurity’s cloud-based encryption technology, for example, automatically takes over the resulting administration effort. Rules and guidelines are essential elements of risk management and also help make an encryption solution an integral part of security measures.   Business emails with company-relevant content must not be lost. While this is part of legal compliance requirements, it is also important for business processes. Automatic and revision-proof archiving of emails is thus essential for any company. The flood of daily messages requires good search algorithms in order to keep track of things and quickly find said messages. Such algorithms facilitate searches in the digital archive. Different search parameters can be used to further restrict and more precisely define the results.   The objective of coherent IT risk management is to identify risks early on so that appropriate countermeasures can be initiated. The impact of adverse events on business processes can be significantly reduced in this way.  
Electronic archiving – the right way

Electronic archiving – the right way

  “Is it still important, or can it be omitted?” In the business environment, this question is generally difficult to respond to with a clear yes or no. Legislation has established some rules to help businesspeople find their way through the jungle of laws, directives and regulations. They also include very clear dispositions about archiving business-related email traffic.   The Commercial Code is the legal basis for business in Germany. For example, it also stipulates that companies must archive certain documents for certain periods so that processes can be tracked and verified at any time if needed. Account books and records, inventories, financial statements, management reports and the opening balance sheet as well as the work instructions necessary for their understanding these must be archived. Other documents that belong in the archive are received commercial or business letters and, not least, accounting documents and other documents that may be relevant to the tax authorities. This includes all correspondence used in the preparation, processing, conclusion or cancellation of a transaction. Examples include invoices, orders, letters of complaint, payment documents and contracts.   These rules of the game also apply if such documents are sent by email or as attachments to electronic messages. Appropriately adapted laws have already taken the digitization of business processes, as well as rapidly increasing IT-based communication, into account. The previous regulations were put under scrutiny last year. Since January 1, 2015, the GoBD (Principles for Duly Maintaining, Keeping and Storing Books, Records and Documents in Electronic Form and for Data Access) have stipulated the rules of conduct. In the process, several changes to the lawful storage of electronic business data have resulted. This also affects email archiving.   Not every email needs to be archived   However, not every business-related email that is drafted or received has to be kept on record. Tax-relevant emails that can be considered as a trade or business letter or an accounting record definitely have to be archived, even when in electronic form. However, an email that merely serves as a vehicle for a business-relevant document, such as an invoice, and does not contain any information that is business-relevant and subject to retention does not have to be archived. After all, you don’t keep normally any envelopes in which paper documents are sent, either.   Nor do emails lacking content relevant to the tax office have be archived or kept on record for data access. An exception to this is messages that should be stored in the interests of the company, for example, when it comes to agreements on warranties or product liabilities.   Companies that have to deal with electronic archiving should bear in mind that this is an application that is extremely critical for business processes. They should thus first inquire about several points before accepting a solution proposal. This includes asking questions such as:  
  • Does the software comply with the principles to ensure the due maintenance and preservation of paper and electronic business documents according to GoBD?
  • Are the requirements of the German Commercial Code (HGB) and the German Federal Data Protection Act (BDSG) met?
  • What storage method is used?
  • How are documents stored and indexed to facilitate their retrieval?
  • Is the solution compatible with the existing infrastructure?
  A number of other factors could be added to the list and it could be adapted to suit a given company’s specific requirements. However, to avoid having to constantly ask such questions, many companies choose to simply archive all their email traffic. Among others, cloud solutions are suitable for this purpose.   The archive in the cloud creates compatibility   The cloud-based email archiving solution Aeternum from Hornetsecurity has no compatibility issues and can be put into operation immediately with little effort. Aeternum stores business emails from both the inbox and the outbox. It creates a copy of every email, which is then stored on Hornetsecurity’s servers – unchanged and unchangeable. This happens automatically and without the intervention of administrators. Electronic communication with external partners is already archived during the incoming and outgoing SMTP dispatch.   Databases are the central repository for all emails. In order to facilitate retrieval, information such as the sender, recipient, subject and date are stored, and the complete email is also stored in a customer-dedicated SQL database. RAID hard disk drives with RAID level 5 or 6 are used for storage. In principle, data cannot be modified once stored, thus ensuring its revision security. Once data is stored in the archives, it can be only be deleted after expiry of the period specified in advance or is then deleted automatically by the application.   Security is an important aspect of the proper archiving of business documents. Only authorized users are given access to the information archived in the Hornetsecurity cloud. Its data centers operate according to high German security standards. Access control, video surveillance and locking systems as well as traditional security elements such as firewalls, virus protection and encryption are standard. The multi-level security process, which is continuously adapted to the latest technological advances, excludes the possibility of manipulation, making the electronic archiving solution a “data safe in the cloud.”   This is a guest post by Petra Adamik, a freelance specialist journalist for various IT trade media.