Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Computer Protection Enlightenment
1. Computer Protection
Enlightenment
A NEW IDEA
1 Presentation is the property of AspenMAS
2. When an Infection Occurs,
What are the Questions you Ask?
Where did this crimeware come from?
Why didn’t my virus software protect me?
Where is it in my computer?
Is it still in my computer?
What was affected in my computer?
Is my information Safe?
Is my computer safe to use?
2 Presentation is the property of AspenMAS
3. Given these Questions,
With the Existing Software,
How Many Questions can We Answer?
Basically……
None, Not even One
3 Presentation is the property of AspenMAS
4. Start the Analysis with a
Review of the Parts
OUTLINE
What do we know?
What should our approach be?
Considering the current software, What can we
use?
Prevention: If we know how, Can we Prevent it?
How Many of Our Original Questions can we
answer?
4 Presentation is the property of AspenMAS
5. DID YOU KNOW
Crimeware can come from any email, web site, CD,
Flash Drive, Memory stick, Floppy Disk or file transfer.
The primary objective of all crimeware is to NOT be
detected.
NO Antivirus or Anti malware software will find all the
crimeware that you can be subjected to.
On a Zero-Day infection almost NO protection
software will find the crimeware.
Most of the time the user has no idea where the
crimeware came from.
5 Presentation is the property of AspenMAS
6. Are the Viruses Really a Problem?
What are they doing?
Their objective is making money. It is a
Billion Dollar Criminal Business
A typical delivery package can contain multiple malware programs.
They can:
Search your drive and files for IDs and Passwords.
Capture Email addresses or Logins for outside systems.
Capture emails and go through the contents
Setup control links to subjugate the PC to a larger Bot Network,
making your PC part of the larger Problem
Use your system to send spam
Use your system to attack other systems.
6 Presentation is the property of AspenMAS
7. OK, Given we are not protected,
What approach do we use.
Turn off your PC and go home…..No
Disconnect from the internet and epoxy all the drives
shut….. No.
We have a much better idea.
Why don’t we track everything that runs
on your PC and store that information.
Lets also track the results of every
program that runs.
7 Presentation is the property of AspenMAS
8. The Virus Protection Wish
What can we use
Crimeware protection software uses the authors
“signature” file to identify bad files on your PC.
Each program author has there own signature file.
Here is the wish!
Lets compare our files to ALL of the
signature files.
8 Presentation is the property of AspenMAS
9. Alright, If I Knew How I got it,
Maybe I could Prevent it Next Time
Will our new approach tell us how the
crimeware was introduced?
YES
What if I don’t find the crimeware until later,
can I still find the source point?
YES, we can see anything that has
happened on the machine from the point
where the data collection started.
9 Presentation is the property of AspenMAS
10. ANSWERED QUESTIONS
Which Original Questions can we answer?
Where did this crimeware come from?
Yes, we can identify the source point.
Why didn’t my virus software protect me?
Yes, we can tell you if your author’s signature has the bug.
Where is it in my computer? What was affected in my computer?
Yes, we can trace every point that was affected.
Is it still in my computer?
Yes, if it is still here we can see it.
Is my information Safe? Is my computer safe to use?
Yes, if the infection is still in your computer we can tell if it is still
active.
10 Presentation is the property of AspenMAS
11. Summary
The Better IDEA
Develop a new tool with a completely different
approach
Track and capture every execution on the PC
Store all this information for immediate analysis
and future analysis
Using the captured program data compare it to the
signature files for the major virus software
Using the captured data identify the original
infection event
11 Presentation is the property of AspenMAS
12. AspenMAS
AspenMAS is a Colorado based MSP (Managed Service
Provider).
We provide one of the most effective PC and Server
protection systems available today.
Our security Plans include Firewalls, software, monitoring
and preventative security systems.
If we can’t stop the problem, our systems can identify the
problem and assist in the correction of the infection.
12 Presentation is the property of AspenMAS
13. What do you do Now
The AspenMAS security Plans are available to our regular
MSP clients.
If you are interested in becoming an AspenMAS client
contact us at:
AspenMAS
40 W. Littleton Blvd
Suite 210-284
Littleton, CO 80120
720-232-2921
sales@aspenmas.com
www.aspenmas.com
13 Presentation is the property of AspenMAS