FB Business Records

Facebook Records

Update:   I have published fresh ideas on how to record Facebook messages when employees use them for official company or government business.  Social networks are becoming a more commonly-accepted tool of commerce.  –Ben

Block Viruses Distributed by Web Pages

Computer Security for Schools and Small Businesses

For a small-to-medium enterprise like a business or library, protection of its computer network is not easy.  Hackers are constantly concocting new ways to infect the network (with viruses and other malware) by way of the web pages that network users visit.  Although the enterprise can choose from an array of tools to protect its network, those tools can be expensive and cumbersome.  No tool or combination of tools is perfect.  Finding the right mix of cost, effectiveness and easy of use is a problem.

To answer this problem, CyberPatrol has developed a smart service for steering network users away from dangerous web sites.  Known as SiteSURV, the service relies on CyberPatrol’s SiteCAT system, which constantly crawls (spiders) the web to assess and categorize web pages.  The service provides two layers of filtering.  One layer examines sites according to their content and purpose, and then blacklists those that appear to be dangerous.  The second layer specifically analyzes files and downloads from each site to ascertain whether they contain signatures for known malware.

I asked Chris Overton, VP of CyberPatrol, to explain these two layers of protection.  First, he highlighted the security achieved just by keeping users away from sites of questionable content:  “Certain types of sites tend to deliver malware more than others.  Along with adult and XXX sites, “parked domains” and “warez” sites are more likely to deliver malware than other site categories.  We know this because files pulled from these sites have a higher percentage of malware infection than files from other sites.  So, we can infer that preventing access to these dangerous site categories will advance the fight against malware infections.  Preventing access to a dangerous site protects against all the malware at that site, regardless of whether anyone has developed signatures to detect any or all of the different malware there.”

Chris further described what SiteCAT does when it crawls a web site:  “SiteCAT’s algorithms analyze a web site based on several factors – content, structure, link count, link references, and so on.  Based on this analysis, our system decides which pages/files to download from that site.  Typically we’ll download the main index page of a site and analyze it; then our algorithms decide how much deeper to dig.  All files we want to analyze are pulled by the crawler and saved into our analysis archive.  Then the files feed into a malware detection engine, which looks for the signatures of malware such as a virus or a worm.  If we detect any malware when we crawl the site, we can blacklist it and prevent all of the malware the site might deliver, even malware that we have not specifically detected.”

In other words, SiteSURV allows an enterprise to adopt a conservative, one-strike-and-your-out approach toward web sites.  If a site either contains suspicious content or manifests one instance of infection, the enterprise can block it entirely.

–Ben Wright, advisor to CyberPatrol

Porn Sites as Malware Distributors

Library, School, Church and Hotel Network Security

Want to avoid viruses, botnets and trojans in workplace computers?  A key strategy is to prevent users from surfing to adult web pages.   According to Chris Overton, VP at Cyberpartol:   ”Pornography sites are one of the major distributors of viruses and other malware.   To quote from the CyberSharks book we’re about to release, ‘Websites offering adult content are the single most significant security threat for Internet users, comprising 31 percent of dangerous websites.  Adult and XXX sites account for the largest percentage of web sites from which viruses are spread.  (Web of Trust, 2008)’  This means that companies can go a long way toward protecting their networks from malware simply by blocking pornographic sites.  SiteSURV can provide this protection.”

–Ben Wright, advisor to Cyberpatrol

Web Filtering for Hotels, Libraries, Schools

Service for Blocking Porn and Viruses

SiteSURV is Cyberpatrol’s Internet filtering service for small-to-medium organizations, like businesses.  Using a technology called SiteCAT, it filters web sites by inspecting (also known as crawling or spidering) their content and categorizing them according to their apparent purpose.  Categories include malware, pornography, drugs and so on.  User organizations can choose to filter selected categories.

I asked Cyberpatrol VP Chris Overton to discuss how SiteSURV stacks up for user organizations in terms of efficiency, effectiveness and resource requirements.  Chris said:

“Since SiteSURV is a completely in-the-cloud product, it takes up no system resources on the computers it’s protecting.  The only caveat to this is that customers with a dynamic external IP must run our Dynamic IP tool on a single computer behind their access point.

“As far as bandwidth, all the filtering decisions happen at our SiteSURV server, so we’re not using any more of the user’s bandwidth than they’d already be using to browse the web.

“The setup for SiteSURV is very simple, but our online configuration portal gives users the ability to tailor their protection to their needs.  Users that want a set-and-forget product can leave the default settings in place.  Users that want more control can adjust the filtering to their specific needs.

“Filtering the web is hard work because the web is so big and ever-changing.  Our SiteCAT technology holds many advantages over its competitors.  Notably, the categorization results from one user get applied to other users.  For example, if one user of our system tries to browse to a site that SiteCAT has never seen or analyzed, the SiteCAT crawler immediately starts analysis of that site.  The results support all users of our SiteCAT system.  This means that we’re able to find new sites somewhat faster than other systems that rely purely on spidering the web.”

–Ben Wright, advisor to Cyberpatrol

Schools & Businesses: Avoid Drive-by Downloads

Viruses Spread by Booby-Trapped Web Sites?

To distribute viruses, worms, trojans and other malware, hackers increasingly use drive-by-downloads.  They set up bogus web sites (often they trick search engines into linking to those sites), and then they infect PCs with bad code when unsuspecting visitors arrive (drive-by).

To thwart drive-by downloads, traditional anti-virus software tries to evaluate incoming code and stop the malware from causing damage after it arrives.  That strategy is less-than-perfect.

A newer strategy is to avoid visiting dangerous sites in the first place.  Cyberpatrol supports this strategy with an angle that is especially cost-effective for small-to-mid-sized enterprises (schools, churches, libraries, businesses, community centers).  Enterprise customers can use Cyberpatrol’s SiteSURV 4.0 to prevent users from browsing sites identified as malware spreaders.

Cyberpatrol’s web filtering is based on SiteCAT, a system that constantly crawls the web, categorizing sites according to their purpose.  SiteCAT has upgraded specifically to look for sites whose purpose is to deliver malware.

Cyberpatrol SiteSURV thus becomes a powerful enterprise weapon in the war against malware.

“In early June, we’ll be releasing SiteSURV 4.0,” says Chris Overton, Cyberpatrol’s VP of Research and Development. “This product takes advantage of our SiteCAT system to protect users from a broad range of online threats.  SiteSURV can typically be configured to protect an entire network in less than 15 minutes, and is extremely cost-effective when compared with other network-wide online security tools.  This new 4.0 version includes very flexible configuration options that will allow each organization to tailor the protection to its specific needs.  It also provides basic reporting features that allow a customer to see what SiteSURV is doing to protect its network.”

–Ben Wright, instructor on the law of electronic records and data security at the SANS Institute.

Forbid Twitter at Work?

Selective Internet Blocking as Employment Policy and Warning

Twitter can be a distraction in the workplace.  Oprah, who boasts almost a million followers on Twitter, caused mob scenes at KFC stores by tweeting about a free chicken coupon download-able from her web site.  News spread as other Twitter authors repeated the message.

To be sure:  much of the Twitter traffic and downloading attending to this stampede happened in the workplace, on office computers.  What a waste of employee time.  What a tax on business computers.  What a threat to security.

As Twitter, Facebook, Myspace and other social media swarm the workplace, they’re almost impossible to block entirely.  The channels of communication (web pages, widgets, instant message and more) are too numerous.

Update:  A large percentage (24%!) of all Twitter Tweets are generated by robots (“bots”), not individual people, which suggests Twitter contains a lot of junk and spam.

So should management surrender control of company networks? No.

Selective blocking is a strategy.  Selective blocking can remind employees that they are expected to be responsible adults.  For example, here is a screen that Cyberpatrol could produce when employees visit web sites like Twitter or Facebook:

(Note: I created the custom message to employees by editing the html in one of the blocking screens available in Cyberpatrol. )

A screen like this cautions employees that social networking at work is a bad idea.  Will it stamp out wasteful e-chat in all of its forms?  No.  But it does respectfully display management’s concern and authority.  It reinforces an employee acceptable use policy.  And it hints that management may be able to monitor what an employee is doing on company computers.

–Ben Wright

At the SANS Institute Mr. Wright teaches IT administrators how to avoid going to jail.

Stop Adult-Oriented Advertisements

Internet Porn on Child’s Computer

How do you block pornographic ads from a family PC?

Our family maintains a personal computer for common usage in the den of our home.  Each user has his or her own Windows account.  My wife and young daughter were on the web together, using the daughter’s account, working on a homework project.  They were searching on Google for the answers to simple science questions.  Suddenly a small area opened in their browser, presenting a pornographic ad.  My daughter was disturbed, and of course my wife was angry.  My wife pressed ahead to complete the homework project, and did not keep a record of the incident.

My subsequent investigation has not revealed for certain how this offense happened.  Maybe a form of spyware has invaded the machine.  Or maybe Google sent the girls to a dangerous site.

At any rate, I installed Cyberpatrol, and set it to block sexually-oriented material from my daughter’s windows account.  I set Cyberpatrol to monitor (keep a log of) the sites that it blocked.

Then I logged into my daughter’s account, opened the web browser, and revisited many of the sites listed in the browser’s History menu.

I could see in the History menu the sites my wife and daughter had been visiting at time in question.  When I clicked on the URL for one of the sites, Cyberpatrol presented me this image, indicating it had blocked the site.

That suggests strong suspicions about the site. . . . Read the rest of this entry »

Digital Evidence of Pornography in Hostile Workplace Lawsuits

Internet Files Can Corroborate Sexual Harassment Claims

A new privacy feature in Microsoft’s Internet Explorer 8 may foster more viewing of pornography in the workplace.  It should heighten the incentive for employers to actively block Web porn sites.

Internet Explorer is the most popular web browser.  Forthcoming version 8 includes a so-called InPrivate mode, where browsing history is not retained and temporary Internet files are deleted upon completion of the browser session.  With the advent of InPrivate mode, some employees may be lulled into a false sense of seclusion at their desks and may succumb to temptation to peek at porn.

Legally speaking, pornography is very dangerous in the workplace, as it can be evidence of a hostile work environment.  Although InPrivate mode may make access to that evidence – in the form of retained files on a PC hard drive — more difficult, the digital evidence may still be recoverable.  Forensics experts have demonstrated that they can (with effort) still reconstruct browsing history when InPrivate mode is engaged.

Further, evidence of World Wide Web pornography on the job need not come just from digital records.  It can come from, say, Employee #1 testifying that he/she witnessed pornography on the monitor of Employee #2.

Some observers are recommending that employers to disable InPrivate mode.  But disabling is difficult, and it addresses the problem only indirectly.  The more direct and complete approach is to use software to block access to adult sites.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.

Youtube and Facebook: Workplace Morale and Internet Addiction

Should Management Monitor Employee World Wide Web Surfing?

Should an employer tolerate computer social networking on the job, or prohibit it? An Australian study suggests office workers are generally more productive if they relax every so often online, by reading news, shopping or chatting with friends on Bebo, Hi5, AIM, FriendFeed or Yahoo Messenger.  The study’s author, Dr. Brent Coker, argues that often employer blocking of web sites like Youtube or Amazon is counterproductive.  Employees need a break, he says.

But beware Internet addiction.  Dr. Coker sees signs of addiction in 14 percent of Internet users.  Addiction means the users overdo it.  They browse to excess; they can’t act responsibly.  From the perspective of an employer, 14 percent is a huge number.  How can an employer afford to idle 14 percent of its work force?  Dr. Coker warns that for these 14 percent, casual surfing can become a waste of time and worse .

So what is an employer to do?  Internet access in the workplace is not a black and white issue.  Different work environments – and different employees – need different rules and different degrees of guidance.  For example, while on duty, maybe an air traffic controller should not be watching comical videos.  But such videos are probably okay — and maybe even wise and recommended — when she’s on break.

Responsible Internet monitoring by supervisors and even blocking have a place in the modern job site.   If an employer does monitor access to the Internet, it is wise to inform employees in advance.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.

Facebook In-security

Warning for Business, Corporate and School Computer Networks

Is Facebook safe enough for access by office computers?  For many organizations, the answer is no.  The bad news about the popular social network grows with each passing week.  Facebook has been plagued with the Koobface worm (some call it a virus), which has through Facebook infected (or attempted to infect) work PCs.

Now Facebook faces the scrooge of the Dancing Girl.  The Dancing Girl exploit arrives as an e-mail appearing to be a typical notification from Facebook, saying someone has left you a Facebook message.  The rogue e-mail directs you, the victim, to click to see a video of a sexy dancing girl.  If the victim clicks, he is taken to a fake, Facebook lookalike page, which instructs the victim to download a software upgrade so that the video can be viewed.  But in truth the software to be downloaded is a group of damaging, malicious programs.

If an employer were to prevent (forbid) access to social network sites, then employees would not be tempted to fall for tricks like this.  To say it a different way:  failure to prohibit Facebook and Myspace can promote a lax computing environment in the office.

Local chapters of the Better Business Bureau (such as the Hawaii chapter and the Chicago & Northern Illinois chapter) have issued warnings about the transmission of malware and the propagation of other threats through social networks, especially Facebook.  Among other scams, bogus posts to a victim’s “wall” can link to dangerous external web pages, which might try to install malicious software through the victim’s web browser.

The Maryland General Assembly blocked its network users from access to social networks, especially Facebook.

Update:  Recent research compares the success rates for propagation of malware via e-mail and via social networks.  Hacker are ten times more successful on social networks sites.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.