Protection for your business you can trust

Malware is any software intentionally designed to cause disruption to a computer or communications network, leak private information, gain unauthorised access to data or systems, block access to information, or broadly interfere with the computer security and privacy. There are many types of malware, including viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wipers and keyloggers.

Often malware will exploit a security vulnerability to gain access to a computer system or network, to then perform its malicious activity, such as stealing data, capturing banking passwords, or encrypting files to request a ransom payment afterwards.

In the context of cybersecurity and computing, a security vulnerability is a flaw in a computer system that weakens the overall security of the device/system. They can be located in either the hardware itself, or the software that runs on the hardware.

Computer hackers will typically exploit security vulnerabilities to gain access to systems or networks. If we compare it with physical security in a building, a vulnerability could be a window or a door that maybe due to a manufacturing flaw do not close properly. If criminals find out, they could regularly infiltrate the building every night to steal valuables inside the building. Likewise, if hackers find out about a security vulnerability in an operating system or a popular software application, they will secretly exploit it to gain unauthorised access to computer systems.

Security vulnerabilities are actually sold in the ‘dark web’ for significant amounts of money, which hackers gladly pay so they can exploit them to infect their victims’ computers.

Ransomware is a type of malware that threatens to either publish the victim’s personal data or permanently block access to it unless a ransom is paid off. Payment is typically demanded in cryptocurrency, as it cannot be traced to the hacker. After payment, a decryption key is provided to the victim to recover her files, although it does not always happen.

Any malware that disguises itself as a standard application to mislead users. The term is derived from the ancient Greek story mentioned in Homer’s Odyssey of a wooden horse used by the Greeks during the Trojan War to enter the city of Troy and win the war.

The dark web is a part of the world wide web or Internet which needs specific software to access it, which ensures business can be conducted anonymously without divulging identifying information. These ‘darknets’ include small, friend-to-friend networks, as well as large, popular networks such as Tor, Freenet, I2P, and Riffle. Criminal activities take place within the dark web, from buying and selling software vulnerabilities and malware software tools, to simply collecting ransomware payment from victims anonymously.

New malware is usually detected as a result of successful infection of some devices. This problem makes the
effort of creating a new piece of malware worth the efforts to hackers, as they will still manage to infect a large enough number of systems and therefore achieve their malicious goals.

Most current anti-virus software uses blacklists and signature updates. The blacklist approach is a reactive
approach in nature, which requires continuous analysis for new malware and the creation of new “signatures”
and/or intrusion detection algorithms. It requires the distribution of black lists (in the form of updated
signatures and/or parameters) and therefore systems which have not been fully updated will remain
unprotected.

FinalAV Security differs by taking a novel approach:

• It enforces authentication for software with functionality that is “necessary” for malware to be effective,
  which is a much easier requirement than attempting to identify malicious behaviour;
• Otherwise, non-authenticated software runs under a very fine grained real-time sandbox (at kernel API
  level) allowing software to run unmodified;
• It thus shifts the burden of getting non-malicious software cleared by the security system to the software
  developers instead of the user and/or the security companies; and
• It ensures the chain of execution, including dynamically loaded modules, are all authorised before giving full rights (i.e. no weak link policy)

Our security framework is radically different from traditional anti-virus. Let’s compare it with the security of a bricks and mortar club. The traditional method used by the legacy anti-virus company is the equivalent of keeping a list of all the known troublemakers and thieves. When someone tries to get into the club, the security guard will check the list. If the name is there, the person will not be allowed into the club, otherwise they will be allowed without any limitation. This needs the ‘black list’ of criminals to be up to date. Any new criminal who is still unknown to the authorities will get in just fine.

The FinalAV Security approach is to check the identity of everyone trying to get into the club. If they produce a legitimate passport, they will be allowed in. Reason being that if they do anything malicious inside the club, we can trace and arrest them. If they do not produce a passport, they will still be allowed in (we respect the presumption of innocence) but with limitations (for instance, no permission to drink alcohol or to carry metallic objects into the building). Passports are a globally recognised way to identify people, and we do not need to maintain any updated list. Obviously anyone planning to create trouble is unlikely to want to identify themselves.

In the technology world the equivalent of a passport is a ‘digital signature’, which uniquely identifies the software developer that created an application and signed it. Not surprisingly, hackers do not tend to digitally sign their malware, as that would allow law enforcement agencies to track them and bring them to justice.

Best practices to protect yourself from ransomware attacks and to mitigate its consequences include:

• Backup your computers regularly
• Store your backups separately, not accessible from your network (so ransomware cannot also encrypt your backups)
• Update and patch your computers often, to minimise the number of security vulnerabilities.
• Be careful with links and attachments
• Train your organisation if you are a business
• Use anti-virus software with anti-ransomware capabilities, such as FinalAV Security

We provide both self-service options and assisted support. For instance, we address the most frequently asked questions in our FAQ section, and you may also find lots of useful information in our blog articles.

Alternatively, you can always contact us with any questions, from technical to billing and sales related. Please visit our contact page.

This can be done via the user preferences in the FinalAV Management Console, which you can open from the smart icon tray at the bottom right of your desktop. Click on the Settings menu, then on the User preferences option.

At the bottom of the dialog you will find the exceptions section. The first option allows you to exclude an application from FinalAV Security monitoring entirely.

The second option allows you the determine an exception for dynamic link libraries (.DLL) that are unsigned, and when loaded by an otherwise trusted application, would cause it to be deemed untrusted by FinalAV Security. This scenario can occur when using certain open source packages, which are legitimate but are not properly digitally signed by their developers.

This can be done via the user preferences in the FinalAV Management Console, which you can open from the smart icon tray at the bottom right of your desktop. Click on the Settings menu, then on the User preferences option.

In the Malware quarantine settings section, you can determine the default action. You can either ask FinalAV Security to suspend the process (quarantine) or to just terminate it. The detection notification option allows you to determine whether you want the action to be taken automatically, or a pop-up to appear so the user can have the ultimate decision.

While often there is no other option but to pay in order to recover critical data, such as customer, contract or product information, it is generally not advisable to pay a ransom. Firstly, because it reinforces the criminal behaviour: the more profit they generate from the activity, the more likely they will continue committing such crime. Secondly, because, it is very often the case that the hackers will not provide the decryption key after receiving payment, or they will but the decryption process will fail.