How Many Aunt Sally Years Does Your Network Have?

Friday, October 29, 2010

Pascal Longpre


If you've been doing PC tech support for your friends or family, you've probably noticed that for some of them, no matter what you do to protect them, they keep getting infected over and over again.

For some people I support, I removed administrative privileges from their account, installed an A/V, an antispyware, made sure Windows Update is active, etc. and still, they keep getting infected.

I'm not talking about people downloading illegal games and cracks, I'm talking about the typical Aunt Sally and Uncle Joe: people who only have a basic understanding of computer security and who know nothing about social engineering, drive-by downloads and the latest Acrobat exploit.

When they see a popup saying their computer is infected, they can't make the difference between a fake message and a real one and they click on the "clean up" button. They are normal people and probably behave the same as those working and browsing on your enterprise network.

On average, the people I know will have their computer infected once a year (at least). If we extrapolate to a corporate network of a thousand computers where the machines have an average of three years of age, that makes a whopping 3000 "Aunt Sally/Uncle Joe" years of browsing, receiving emails and using untrusted USB sticks.

Hundreds of bots are available for rent in .mil, .gov and other high value domains. Thousands of strategic systems have been infected with the Stuxnet worm.

Are all of them poorly managed corporate systems? I doubt it. But malware keeps getting past protection mostly because of end user behavior.

Is your network differently or better protected? Probably not.

No matter if these attacks are targeted Advanced Persistent Threats (APT), linked to a cyberwar, or just a simple generic Zeus/SpyEye infections, the fact is that malware is installed, is remotely controlled and the organization is not aware of it.

This not FUD, it's a fact that our flagship product, ECAT, allows us to verify each time it is used to assess a network.

Governments are starting to be aware of this and are looking for ways to control the situation. The corporate world is further behind and seems to wait for tangible proof before taking action.

For most of them, the only thing they need now to get that proof is to simply take a deep look at their systems' integrity.

Let's hope they won't wait too many more "Aunt Sally" years before they do!

Cross-posted from Silicium Security

Possibly Related Articles:
Viruses & Malware
virus malware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.