Return of the Guru

Online Security Enters a New and Scary Era

Ara Trembly
Insurance Experts' Forum, December 9, 2010

I suppose it was inevitable that this would happen, yet I couldn’t help feeling a bit shaken recently when a new kind of virus scheme almost propagated on my business computer. I’m talking about a virus that presents itself as a legitimate, well-known antivirus program.

Let me explain. One day, a message from Microsoft Security Essentials popped up on my screen and warned me of an infection by a Trojan. I was ready to click the “fix” or “quarantine” button (I can’t remember which it was) when a strange thought occurred to me. Just what is Microsoft Security Essentials and—more importantly—is it resident on my computer?

You might think a technology guy like me would be aware of all the programs on my hard drive, but in my defense, I will say that my job involves downloading and examining a lot of different programs. Anyway, a search of my current applications revealed that the answer to my second question was no—that program was not resident on this PC. Oh great, I thought, another phony antivirus program designed to trick users into loading malware onto their computers. But that was not the case either.

According to Microsoft, Microsoft Security Essentials provides real-time protection against viruses, spyware and other malicious software. It is a free download from Microsoft “that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure—when you’re green, you’re good. It’s that simple,” says Microsoft.

I found that out by Googling “Microsoft Security Essentials.” So if I were a user wondering whether or not that security alert from Security Essentials was legitimate, I would be comforted by the knowledge that it was a real program. Maybe I would then go ahead and tell it to fix the mythical malware it warned me about.

More ominously, however, if I did have Security Essentials resident on my computer, I would probably think nothing of clicking “quarantine,” since I would believe this was a message from my own software. The possibility of a phony Security Essentials alert did show up on my Google search, but the item was far down the page of hits. If I didn’t bother to scroll down to it, I would never have seen it. My own antivirus programs, of course, failed to detect the virus.

By the way, even after I realized the alert was fake, getting rid of it (it pops up every time you log on) was not easy. Fortunately, another Google posting helped me to accomplish that, but it involves getting down to the DOS (remember that acronym?) level.

While it’s certainly no news that there are virus schemes out there, this one was particularly disturbing because it anticipated reasonable user efforts to detect its legitimacy. I have no doubt that a fair number of Security Essentials users fell for this ploy, and I think we can anticipate that other malware producers will follow suit with similar believable schemes. Some of those users could be your employees in insurance or financial services. Needless to say, if such malware propagates inside your enterprise, this could present major problems.

The battle against cyber-crime is not just being fought on the technological front. Attacks that use deception on a human level to succeed are also growing in sophistication. Sadly, it means we must be suspicious of everything we see on our monitors, even messages that seem to come from our own applications.

For those not on thin-client hookups, the message is clear: Know what applications are on your systems and how they work. If anything you see gives you pause, check it out—thoroughly.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The 5 "I"s of Underwriting Innovation

Underwriting has come a long way in a short time thanks to data and analytics.

Insurers are Losing the Customer Satisfaction Battle – Can Social Media Help or Hurt?

GEICO and Progressive suffered the largest individual carrier dips in satisfaction, according to the ACSI report.

Claims Transformation: Modernization Is Just the Beginning

Claims transformation is bigger than modernization, encompassing changes to the entire claims business model and philosophy rather than simply the day-to-day processes of claims operations.

Why Insurers are Leading on Data and Analytics

A State Street survey finds insurance companies are more likely to be further along in becoming “data innovators” than their financial services counterparts.

Driverless Cars: Unintended Consequences for Insurers to Watch

When bad or unexpected or unusual things happen, the computer gives up control and hands it back to the now woefully unprepared occupant.

The Other Auto Insurance Telematics Shoe Drops

Progressive's decision to charge Snapshot drivers more if their driving data indicates higher risk has started the industry down a road of data-driven adverse selection.