Return of the Guru

Online Security Enters a New and Scary Era

Ara Trembly
Insurance Experts' Forum, December 9, 2010

I suppose it was inevitable that this would happen, yet I couldn’t help feeling a bit shaken recently when a new kind of virus scheme almost propagated on my business computer. I’m talking about a virus that presents itself as a legitimate, well-known antivirus program.

Let me explain. One day, a message from Microsoft Security Essentials popped up on my screen and warned me of an infection by a Trojan. I was ready to click the “fix” or “quarantine” button (I can’t remember which it was) when a strange thought occurred to me. Just what is Microsoft Security Essentials and—more importantly—is it resident on my computer?

You might think a technology guy like me would be aware of all the programs on my hard drive, but in my defense, I will say that my job involves downloading and examining a lot of different programs. Anyway, a search of my current applications revealed that the answer to my second question was no—that program was not resident on this PC. Oh great, I thought, another phony antivirus program designed to trick users into loading malware onto their computers. But that was not the case either.

According to Microsoft, Microsoft Security Essentials provides real-time protection against viruses, spyware and other malicious software. It is a free download from Microsoft “that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure—when you’re green, you’re good. It’s that simple,” says Microsoft.

I found that out by Googling “Microsoft Security Essentials.” So if I were a user wondering whether or not that security alert from Security Essentials was legitimate, I would be comforted by the knowledge that it was a real program. Maybe I would then go ahead and tell it to fix the mythical malware it warned me about.

More ominously, however, if I did have Security Essentials resident on my computer, I would probably think nothing of clicking “quarantine,” since I would believe this was a message from my own software. The possibility of a phony Security Essentials alert did show up on my Google search, but the item was far down the page of hits. If I didn’t bother to scroll down to it, I would never have seen it. My own antivirus programs, of course, failed to detect the virus.

By the way, even after I realized the alert was fake, getting rid of it (it pops up every time you log on) was not easy. Fortunately, another Google posting helped me to accomplish that, but it involves getting down to the DOS (remember that acronym?) level.

While it’s certainly no news that there are virus schemes out there, this one was particularly disturbing because it anticipated reasonable user efforts to detect its legitimacy. I have no doubt that a fair number of Security Essentials users fell for this ploy, and I think we can anticipate that other malware producers will follow suit with similar believable schemes. Some of those users could be your employees in insurance or financial services. Needless to say, if such malware propagates inside your enterprise, this could present major problems.

The battle against cyber-crime is not just being fought on the technological front. Attacks that use deception on a human level to succeed are also growing in sophistication. Sadly, it means we must be suspicious of everything we see on our monitors, even messages that seem to come from our own applications.

For those not on thin-client hookups, the message is clear: Know what applications are on your systems and how they work. If anything you see gives you pause, check it out—thoroughly.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

CIOs: “We Don't Have Enough People to Run Our Mainframes”

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.

Customer Experience Trend Watch

Three recent HR moves demonstrate that large life insurers recognize customer experience as a strategic differentiator.

Insurers Have a Lot of Data, But Too Many Silos

Insurers actually have more data analytics resources than other industries.

Are Data Centers Shrinking or Expanding?

Today's data centers are doing far more with much smaller footprints.

Too Much Manual Effort is a Show Stopper

Examining the administrative burden of doing business in the E&S market.

Advertisement

Advertisement