So what’s the big deal?

Well first of all let’s look at what exactly Big Data is.

As you’d probably expect, Big Data is a term used to describe a large amount of data, but more specifically it is referring to the abundance of information now available about essentially anyone and anything that has ever been near a computer.

When people talk about Big Data what we’re really talking about is all the infinite amounts of digital information that is constantly building up as more and more people across the globe continue to engage with digital technologies. This information can come from anywhere and everywhere. Digital photos and videos, posts on social media, customer purchases and transactions, medical databases, stocks and shares, search results, downloads, uploads… the list is endless and it’s all digital data.

When you think about it that way it does seem like quite a big deal.  There’s gazillions of digital information out there and it’s never going to stop getting bigger. Realistically though, it is still just data, yes it is going to take some mighty machines to deal with it all but at the end of the day it’s no different than any other data. There’s just a lot of it. And the IT industry has been dealing with large amounts of digital data for a lot longer than most.

So you could be forgiven for wondering why everyone is getting their collective knickers in a twist over it.

Should we care?

Well when it comes to MSPs and big data, what we are talking about here is the vast volumes of information passing through all the various networks, servers and applications that MSPs manage; this understandably is an ever increasing amount of data. The way I see it though, the big question shouldn’t be “how are MSPs going to cope with all this data?” but more importantly “what can we as MSPs do with all this data?”

Yes of course there are going to be some issues… traditional systems are just not going to cope with analyzing this ever growing amount of information, but this is an issue that will no doubt be resolved quite simply because it has to be; that is how technology continually develops.

The main thing to remember here is that, as an MSP, with your inherent knowledge of data handling you are already at an advantage over other businesses who are just now realizing the potential of all this lovely digital information.

It seems to me that instead of worrying about just how BIG data is becoming, you simply need to remember that it is there and to use it to your advantage.

First off, be sure that you are not only aware of the data available about your clients, networks and IT services but you are also doing your best to analyze it. This can help you gain invaluable insights into ways you can develop and improve your MSP offering. Obviously this will become easier and offer more comprehensive results as processes develop but by starting now you can ensure it is built into the ongoing development of your MSP.

Consider how the networks you support are being used; where cost and efficiency savings might be made, and how this can show extra added value to your clients.  Do they have bottlenecks in networks, underused elements on their overall IT system?  Can you help them improve and cement your trusted partner status?

Handling Big Data for your clients

Secondly, don’t forget your clients will have data flying around their own networks too – this will need to be looked after, especially in data critical organizations such as medical, legal or government.  You need to be able to provide a service to your clients that they can trust and rely upon.

We recommend a three tier backup process for all managed networks – disk > disk > online.  This provides the highest level of security and continuity. The scenario where the latest backup tape has been lost is one that occurs frequently; by changing this to utilize the cloud to provide backup and continuity services you have a foolproof method to ensure your clients can recover any data from any situation.

As well as handling big data for your clients, why not think about ways you can use your expertise to inform and advise your clients as they themselves become aware of the big data trend?

You could help them to understand the importance of the data they have at their disposal, make recommendations as to how they can best utilize this information and demonstrate the benefits gained from analyzing their own services and client base; all putting them at an advantage over others in their industry. Having the ability to help your clients in this way will not only demonstrate and reaffirm your expertise in the IT industry but also strengthen your client relationships. You may also find that you can monetize on this expert knowledge!

What it comes down to…

In the end it’s simple. Any MSP worth their salt is going to be keeping up to date with advances in technology and developments within the industry they operate; thinking about the impact of big data – and the opportunity – should be part of this process.

My advice? Keep it in mind, pay attention to what’s going on, utilize it to improve your service but at the end of the day remember…it’s just data!

Ian Bugeja, Product Manager for GFI MailArchiver

Ian Bugeja, Product Manager for GFI MailArchiver, talks about today’s release and what’s new in GFI MailArchiver.

Q: How do you feel about this new release?

I am very excited about this release. We have introduced some major requested features, particularly the role-based access. Now admins can give rights to the various GFI MailArchiver features based on the user’s responsibilities in the organization.

With the Archive Assistant importing emails is much easier for admins – they can import emails and clean up the exchange mailboxes within a few clicks. No more time spent collecting PSTs and manually exporting the PST files to import them in GFI MailArchiver or creating complex retention rules on Microsoft Exchange to clean up the mailboxes.

Q: What’s new in GFI MailArchiver 2013?

GFI MailArchiver now provides managers with the ability to better understand employee email habits and identify their email usage personality types.

Business intelligence and other valuable insights gleaned from email with GFI MailArchiver help managers evaluate job performance, boost productivity, and encourage efficient communications practices.

The latest version of GFI MailArchiver ranks workers according to who uses email the most often, who responds to emails the fastest, and who communicates with the greatest number of recipients. In addition, GFI MailArchiver now identifies top keywords that are frequently used and measures positive and negative email sentiment across the organization, providing managers with valuable insight into what is driving employee and customer email usage.

Q: What about the businesses that are already using the previous versions on GFI MailArchiver? Can these be upgraded?

Businesses using older versions of GFI MailArchiver can easily migrate to the latest version. We always make it a point to keep supporting older archive stores so all it takes is upgrading to GFI MailArchiver 2013 and migration will be done automatically – easy!

About GFI MailArchiver:

Accessible via any IMAP-enabled device, including Windows^®, Apple OS X^®, Linux, iOS and Android™ platforms, GFI MailArchiver 2013 enables companies to manage their email history all in one place, providing instant access at any time.  It offers control, choice and flexibility in managing an organization’s most important source of information – its email history – along with powerful business intelligence capabilities through MailInsights, MailArchiver’s exclusive reporting module.

New features of GFI MailArchiver 2013 also include:

• Automatic and manual archiving capabilities direct from Microsoft Outlook^®. This add-on can be used to automatically import old .pst files into the archive.
• Role-based functionality provides IT administrators with the flexibility and scalability needed to authorize individual users to access data, according to employee roles and business needs.
• A redesigned, single-view dashboard which enhances the ability of IT administrators to monitor storage and performance, making email even easier to manage.
• More powerful and intuitive searching capabilities, improving the user experience.
• Easy, first-time importing of old emails with initial setup.

Want to learn more about this product? Check out GFI MailArchiver 2013 and find out how you can get even more from your archiving solution, or register for a free trial and give it a spin today!

It is thought that the term Advanced Persistent Threat (APT) was first coined by the US Air Force in 2006 to describe complex (i.e. Advanced) cyber-attacks against specific targets over a long period of time (i.e. Persistent).

An APT is a highly organized, well-funded attack against a specific target usually involving a large group of people working together and each bringing their own specialized skills to the table. The word ‘specific’ is important here because the people behind an APT have an intended purpose for wanting to target a particular entity. Using different methods (either internal or external), the attacker will relentlessly attempt to gain access to the network and stay there until they have achieved their objective.

The main targets of an APT attack are commonly those organizations with a large amount of sensitive information (e.g. source code, trade secrets, personally identifiable information (PII), etc.) that will usually help the attacker gain a competitive advantage, identify a weakness or somehow gain an upper hand over the victim of the attack. Such organizations include the following:

1)    Healthcare firms

2)    Universities

3)    Financial institutions

4)    Government entities.

The APT Lifecycle

Whilst each APT attack is tailored by the attacker depending on the intended target, the lifecycle of every APT attack typically consists of at least the following phases:

1)    Investigate – research the organization, its employees, its policies, the applications and systems it uses, and so on

2)    Infiltrate – exploit a vulnerability, use an insider, etc. to gain access to the network and escalate privileges

3)    Explore – once inside, collect information about the infrastructure, domain hierarchy, trust relationships, security structure, etc. that will allow you to exploit the system even further

4)    Retrieve – move across the network to harvest data from the organization over a sustained period of time

5)    Clean up – cover your tracks to ensure minimal attention and maintained presence within the network.

The attacker will normally use a variety of attack vectors as part of the APT lifecycle. The tools and techniques they use are those commonly associated with everyday cyber-attacks, such as social engineering (spear phishing or targeted phone calls), infected media, zero-day exploits, as well as a rogue employee or contractor inside the organization.

APT Examples

Probably one of the most widely publicized APTs was a highly sophisticated piece of malware called Stuxnet that was first discovered in June 2010 and has been intensely scrutinized by security researchers worldwide ever since. Stuxnet exploited four zero-day vulnerabilities and spread via USB devices. Its intention was to search for industrial control systems and siphon off source code and project data over time. With the majority of Stuxnet activity coming from Iran, it is believed that one of Iran’s nuclear power plants was the main target.

Other examples of APTs include:

(1) Operation Aurora in 2010 where a zero-day vulnerability in IE 6.0 was used in an attempt to steal intellectual property and gain access to user accounts in Google, Adobe, Symantec and many other high profile organizations.

(2) An attack on RSA in 2011 where the APT started from a spear phishing email that was sent to a small group of employees at the well-respected security firm. The email contained an Excel file with an attachment that installed a backdoor via an Adobe Flash vulnerability (which Adobe has since patched).

In all of these cases, it is clear that the attackers had substantial financial backing, did a fair amount of reconnaissance and had specific targets in mind.

Reducing the APT Risk

Assuming you have a sound information security strategy in place that caters for areas like IDS/IPS, strong passwords, user awareness and training, an email and social networking usage policy, change management process, end point security solutions, gateway and host-based AV, and incident response plans to name but a few, there are specific methods you can take to reduce the APT risk. These include:

1)    A Security Information Event Management (SIEM) system for the collection, review and notification of security alerts, as well as the collection and review of audit information pertinent to sensitive data access.

2)    Scanning for security vulnerabilities on a regular basis.

3)    Maintaining a solid patch management process.

4)    Implementing Data Leakage Prevention (DLP) technologies to:

• Increase traffic monitoring for malicious outbound activity such as requests to malicious websites, dynamic DNS servers and sensitive file transfer.
• Scan outbound email and web traffic against a dynamic set of rules to prevent data leaving the organization.

5)    Using behavioural threat analytics to flag subtle yet suspicious outbound traffic that might be indicative of APT activity. Such a system would take a baseline of typical activity and then look for anomalies that are not true to everyday “normal” behaviour (e.g. FTP traffic from a department that never uses FTP or network traffic being sent to servers in a country where the organization has absolutely no affiliation).

According to Gartner research, going forward, we will begin to see more content and context aware security solutions to help with the fight against the Advanced Persistent Threat. Such solutions will be able to make more accurate decisions, automatically fine-tune configurations, provide recommendations on what areas of the network should be given attention, as well as perform proactive checks against suspicious content before it becomes a threat.

Conclusion

Going back to the original question I asked at the beginning, should we be concerned? Yes! It is better to be cautious rather than be naive and think you are unlikely to be targeted. Although victims of an APT attack typically belong to a handful of industries, even if you are not the specific target, your organization might be one piece of the attacker’s puzzle because of information you have that is deemed valuable to them.

As we saw above, there is no such thing as an all-in-one solution to APT attacks. Because different attack vectors are used, a multi-layered approach to preventing (or at least minimizing the impact of an APT) is required. Marketing or advertising agencies that state APT is a big problem and action is needed are right, but I would question those that claim to be a one-stop shop for APT prevention.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

Our seventh project suggestion was for spam filtering – here’s what we had to say:

Spam volumes continue to rise, and Outlook’s junk mail filters just are not enough anymore. 2013 can be the year you finally get a handle on spam by implementing spam filtering. Whether you deploy something on-premise or in the cloud, blocking spam, phishing, and malware infected messages before they get to your users is something everyone will appreciate.

With that in mind, here are some tips to help you jump start this project:

Get senior management sponsorship

Executive sponsorship is critical to the success of any project, and it should be there from the start. Your best bet is to find someone in the IT management team who hates spam as much as you do, and wants to do something about it. That person can help sway the opinions of anyone else on the leadership team who may object to spam filtering software or the efforts to replace what you already have, and can bring the needed authority to the project to help ensure success.

Decide where you want to filter

Spam filtering can be handled at your edge, or it can be handled within the cloud. If you want ready, instant access and 100% control (and therefore, 100% responsibility) then you may want to deploy an on-premise solution. However, in addition to the control and responsibility, you also have to allocate the bandwidth and the storage for quarantine. Outsourcing the solution, whether to a hosted or cloud-based solution, may be a preferable way to go – it can save you time, money, will require no storage from you, and can save significant bandwidth.

Decide what you don’t want to filter

There will be a number of business partners, customers, and others that you won’t want to filter, even if they include content that could be considered spam. Identify the important email domains and addresses that you will need to whitelist, and get that configured up front to ensure a minimum of false positives that might skew opinions of your solution.

Find a solution that will integrate with your existing messaging

The best solutions, whether on-premise or hosted, should be able to plug into your existing system with a minimum of changes. SMTP connectors and MX records should be all you need to adjust. Be ready in advance to make quick changes by reducing the TTL of your MX records now so you can plug in and fall back quickly if needed.

Determine how you want to handle filtered email

The biggest challenge you will likely face with a spam filtering solution is handling the quarantine. Do you want your Helpdesk or email admins to deal with checking the spam trap, or do you want your users to help themselves? There’s no right answer here since it’s based on your users as much as it is your technical team’s capacity, but it’s a decision you want to make up front, and not something to figure out later. Ticket counts may go up if you keep it within IT, while self-service will require end-user training and documentation. My advice is to go with a user self-service approach, but you know your users best.

Test

If you have more than one email domain, consider testing with the one that has fewer users before you look at the primary domain. If not, plan a weekend where you can cutover, evaluate, and then fall back if need be before Monday morning.

Notify

Let your users know well in advance of what is coming, especially if you are going to choose user self-service for checking and releasing quarantined mail. Plan on at least weekly communications starting a month before you go into production, and expect a lot of users who will still not read them or not know what to do. It’s the nature of the beast.

Deploy

Make your production cutover happen on a slow weekend; if you have a three-day ‘weekend’ coming up, even better to use that, so that you can build up gradually. Pay close attention to quarantine folders, queues and if any business partners or customers didn’t get on the whitelist and be ready to update quickly if necessary.

So now you have some tips to help you get started on spam filtering as a project, along with some of the key things to be sure you include to make this project a success. Management sponsorship, project management and consensus are all every bit as important as the more technical parts, even if they aren’t quite as exciting. Spam filtering solutions will impact the entire organization, so it’s in the best interest of the entire company to make sure this is a success.

Learn more on how your business can benefit from hosted email security and spam filtering or spam filtering software today!

While faxing may be viewed as legacy technology, it’s far from that. Faxing has moved on along with the rest of the world to become a fast, efficient method of communication.

In many countries, it is still the only method of electronic communication that is legally binding and it is the only way of sending compliant documents electronically. Those reasons alone make it a very valid technology.

Thanks to network faxing, it has never been easier or more straightforward to use fax in the day-to-day running of your business.

The GFI MAX team wants to know about the challenges you face in order to grow your business. What, if anything, is holding you back e.g. money and time required for training staff on internal systems? What do you see as the biggest challenge your MSP business will face in the next two to three years?

Help us understand how you are addressing the changing landscape and how agile you feel when it comes to reacting quickly.

When we reach 500 responses, GFI MAX will donate $500 to American Red Cross Disaster Relief.  Look out for the results which will be published by GFI MAX later this Quarter with valuable insight into international growth trends in the Managed Services environment.

Take the survey now!

Spotlight on GFI MailEssentials® Online

May 7, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET – Register now

APAC Date: May 16, 2013 – Time: 9:30 a.m. IST / 12:00 a.m. CST / 2:00 p.m. AEST / 4:00 p.m. NZST – Register now

Discover how GFI MailEssentials Online, GFI’s hosted email security service, protects organizations from spam and viruses, ensures business continuity, and optionally archives email communications. As a cloud-based service, GFI MailEssentials Online uses industry-leading spam protection and multiple antivirus technologies to block over 99% of spam and 100% of viruses – before they enter your network. Its built-in continuity features allow you uninterrupted access to email even when your mail server is offline. And its optional built-in archive securely stores historical email in multiple, geographically distributed data centers.

Spotlight on Patch Management – NEW service in GFI Cloud^TM

May 14, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET – Register now

Discover how easily GFI Cloud’s Patch Management puts IT managers and admins in control of their company’s IT, with security and performance patches for the most relevant applications for SMBs. Keeping software up-to-date, secure and running at peak performance, it offers missing patch detection and automated patch deployment for both Microsoft® and other third-party applications such as Adobe Reader and Flash, Java, iTunes and more.

*GFI Cloud services are currently available for trial and purchase in the Americas, UK, Benelux, Nordics, Australia, New Zealand, DACH, South Africa and Mauritius.

Spotlight on GFI EndPointSecurity™

May 21, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET – Register now

DACH Date: May 23, 2013 – Time: 3:00 p.m. CET – Register now

APAC Date: May 24, 2013 – Time: 9:30 a.m. IST / 12:00 p.m. CST / 2:00 p.m. AEST / 4:00 p.m. NZST – Register now

GFI EndPointSecurity allows a network-wide enforcement of usage policies for portable storage media such as USB drives and iPods – see for yourself how you can effectively take action against uncontrolled data exchange.

Managing Your Managed Services Business

May 23, 2013 – Time: 11:00 a.m. – 12:00 p.m. US EDT – Register now

Maintaining multiple systems that manage crucial pieces of your business can be draining on your bottom line and resources. You will learn best practices for pairing mission critical applications that will boost efficiency and eliminate unnecessary double entry.

Join former Managed Service Provider Len DiCostanzo, SVP of Business Development & Community at Autotask for an informative session where he will demonstrate how you can:

• Improve your tech response times
• Increase ticket/issue accuracy
• Heighten customer communication
• Stregthen incident capacity

Spotlight on GFI MailArchiver®

May 28, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET – Register now

DACH Date: May 30, 2013 – Time: 3:00 p.m. CET – Register now

Discover how GFI MailArchiver can reduce legal risk, save time and minimize costs by providing anytime access to your complete email history in a secure, central store and eliminating the need for PST files and email backups.

Seats fill up fast, so be sure to register today!

Yes, we were easily impressed in the olden days. Now many of us don’t even have traditional telephone lines, much less fax machines hooked up to them. The world has moved on, and the Internet is the method of choice for all types of communications. The post office is dying, landlines are disappearing and the once ever-present fax machine is found in fewer and fewer homes and offices.

Its spirit, though, lives on. Even before VoIP and cellular phones began to replace landlines, faxing moved from a dedicated machine to the fax modem, a peripheral that was once standard in almost every desktop computer.  The big advantage of this first metamorphosis of faxing (what I call Fax 2.0) was that paper no longer had to be involved in sending a fax. If your document or picture was already a digital file, you could send it without the hassle (and expense) of scanning it.

Out of this grew the concept of the fax server (I’ll call it Fax 2.5). With this advancement, you didn’t have to have a fax modem and a phone line for every individual computer. The fax server is located on the network and can send faxes for anyone whose computer can access it over the local network or even over the Internet. This saves money for businesses in a number of ways: fewer phone lines, less hardware, reduced paper usage, and you can monitor both incoming and outgoing faxes for accounting purposes to allocate expenses to the proper departments.

But there are problems. Integrating a fax server with the PABX system can prove to be a challenge, and fax modems and boards are quickly becoming obsolete technologies. Modern businesses – especially SMBs on limited budgets – don’t want to have to maintain expensive landlines just to be able to send and receive faxes.

Fax 3.0 takes it to a whole new level and solves those problems. Today we live in a cloudified world, and it makes sense to take your faxing to the cloud, too. Fax as a Service (FaaS?) simplifies the process of sending faxes across the telephony network without requiring you to have fax hardware and phone lines.

But what about security? One of the reasons fax machines have lingered on is that users feel more secure sending sensitive documents over the phone lines than over the Internet. But there’s a solution: if the faxing software connects to the cloud-based fax service over a secure connection, you don’t have to worry about your docs being “out there” for anyone to intercept and read. We already entrust personal information such as bank account and credit card numbers to HTTPS connections, so it’s the logical way to protect the confidentiality of faxed documents, too.

So what should you be looking for when you consider moving your faxing to the cloud? A good FaaS solution provides you with software that makes sending a fax as simple as sending an email message or printing a document. It can integrate with your Exchange (or other SMTP) server and use your Outlook contacts, or even a cloud mail service such as Office 365 or Gmail. Even better if you can create a document in your word processing application and send the fax directly from there, selecting the fax server as you would select any printer.

Those are the “must haves”, but what else might you put on your wish list? Given today’s trends toward mobile computing, your users are going to want to be able to send and receive faxes from their phones and tablets, too. Faxes are transmitted as images, but it would be nice to have an OCR option so you could turn incoming faxes into editable and searchable documents.

Faxing may seem “old school”, but many businesses still depend on it. Bringing the technology behind it up to date can save money for the organization and make the faxing process a lot less frustrating for users.

Learn more on how your business can benefit from simple, fast, online faxing or fax server software today!

Jackie Wake, product marketing manager for GFI Cloud

In GFI Cloud^’s most significant release since its launch last year, a new service is added to this web-based platform – patch management. In this Q&A style interview, Jackie Wake, product marketing manager for GFI Cloud, tells us a bit more about this new service and how this strengthens the GFI Cloud platform.

Q: What does patch management add to the GFI Cloud platform?

As an IT administrator, GFI Cloud already offers you one place to easily manage your company’s IT, with antivirus, asset tracking, workstation and server monitoring, remote support and from today, patch management.

The addition of patch management to the platform enables you to free up more of your time from essential but repetitive tasks, which GFI Cloud can automate for you. From one central point of control, GFI Cloud can keep your company’s software and hardware running efficiently, while protecting your network, from viruses and malware.

Q: Tell me more about patch management in GFI Cloud?

Patch Management in GFI Cloud offers missing patch detection, download and install, for both Microsoft and third-party applications including Adobe Reader and Flash, Java, iTunes and many more. As soon as software updates are made available the whole deployment process can be automated, giving you peace of mind that your software is up-to-date, secure and running at peak performance on all your servers, PCs and laptops on the move.

Q: Why do I need it?

The daily challenge of keeping all your systems patched and up-to-date can appear insurmountable in the face of the unpredictable and overwhelming volume of updates each software vendor releases.  With each vendor having their own update mechanism, there can be too many systems for a resource-strapped IT admin to keep on top of; leaving the possibility of security vulnerabilities for malicious software to exploit or simply productivity losses crippling your business from slowed down systems.

GFI Cloud makes it simple to take control of all this complexity, while still saving your time.  With GFI Cloud you have one easy-to-use management console, to track and deploy software updates from many vendors, without any specialist knowledge of each vendor’s own systems.

Easily configured policies contain all the settings needed to co-ordinate your patch management activity, including when to install, and what to do after, such as post-reboot control; as well as which software patches can be automatically approved and which you would prefer to approve manually.

It’s even easy to apply these settings across groups of devices, all from one central location, while still offering override options on individual devices, for more granular control.  As new devices enter the network, either provisioned by the company or employees bringing in their own devices from home, they can quickly and easily be covered by your patch management policies; reducing the risk of attack from cybercriminals looking to exploit any weakness in your end-point defenses.

Q: Where can I check it out?

You can start a free 30 day trial of GFI Cloud today and take a look at how easy it is to keep all your software up-to-date, secure and running at peak efficiency; you will be up and running in minutes.

Want to learn more about this product? Visit our website to find out how easily you can manage your IT with antivirus, workstation and server monitoring, patch management, asset tracking and remote control in one unified platform!

How do cracks work?

When hackers crack software, they modify the program’s code. Depending on the copy protection mechanics, the modification required can be as simple as changing one byte to something as complex as rewriting chunks of code. Before any of this can be done, a hacker will have to reverse engineer the software and understand how the copy protection mechanism works. This requires skill – more skill than that required to modify the software in order to defeat said copy protection. Why is this important? Someone who is capable of cracking software is probably also able to modify it in any way they see fit. This is where security risks come into play.

Crack distribution

Pirated software can be obtained in a number of way. Programs can download software that has already been cracked or they can download a small program that will crack the original unmodified software for them. Both pose security risks. The pre-cracked software could easily have been modified, not only to defeat inbuilt copy protection, but to cause harm to any organization where it is installed. Modifications, like adding a backdoor, could allow access to the company’s confidential data which is then stolen or leaked to others. In a similar manner, a crack applied to an original software package will rewrite part of the program’s code. These rewrites could change software in more ways than required to defeat its copy protection mechanism and may insert other mechanisms that put systems at risk – just like pre-cracked software could.

No technical expertise required

You do not need a lot of technical expertise to modify software and add malicious components to it. A few years ago, an underground outfit called Rat Systems released a Trojan kit system for as little as $20. Anyone who bought this software could modify any program they wanted to provide them with a backdoor to their intended victims’ machines. These automated tools that make Trojans out of legitimate software with little to no effort are easily detected by antivirus software  Unfortunately, this isn’t the case for software that’s manually modified by hackers.

Manually modified software

Although using off the shelf tools to manipulate software will most likely make the malware easily detectable by antivirus tools, this is not the case for custom modifications. If someone modifies Microsoft Office, for example, to send a copy via email to a disposable email address each time a document is opened – an antivirus solution will not detect this as suspicious activity. The user won’t notice anything suspicious because from their point of view everything would be working as expected. This type of malware will probably run undetected for the software’s shelf life.

Unreliable sources are a risk

Cracked software is not the only headache for an administrator. Downloading legal software from unofficial sources is a risk as well. There is nothing to prevent a cybercriminal from copying a free software package and modifying it to spy on users and then offer it back for download. That’s why it is  always a good idea to download software from official vendors and never from a random link provided by a search engine.

Staying safe

A good security policy should clearly state the procedures users need to follow to obtain and install new software. It is important to highlight the reasons why illicit software is not allowed. It is equally important for users to be careful even when downloading software they are authorized to use. When a policy is explained to users, they are more likely to obey them, and take an informed decision the next time they need to download and install any software.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!