When your security software leaves you to the wolves

When your security software leaves you to the wolves

Summary: If a security product fails, lives can be destroyed.

SHARE:

Okay, I am pissed. I rarely write pure "I am pissed" columns, but this time it's necessary. The objects of my ire are D-Link and a company called Bsecure, which, apparently, is anything but.

First, some back-story. Like most of us, I'm not only responsible for managing my own computers, I'm also the neighborhood's "go to guy" when anything computerish needs doing. It's not a role I take on by choice, but at least the neighbors no longer complain when I play my stereo at dain bramagingly loud levels.

There's an elderly couple in the neighborhood I quite like. They have two computers, send email, and browse the Web.

The woman has a better understanding of tech; her husband tends to get a little lost. He's still confused about the difference between email and Web pages, tends to open any attachment that seems interesting, and browses any old Web page that catches his attention.

He is a malware magnet.

Now, I've gone over his computer in the past, and it's not like he surfs porn. It's just that he goes to lots and lots of sites, has a lot of not-entirely-careful friends, and gets lots of junk in his mail.

Basic antivirus wouldn't necessarily protect him. He worries me. I felt he needed more security. I wanted him to have Web site surfing protection and, effectively, parental controls.

So, with the consent of his wife, I spent about a hundred bucks to get them a D-Link router designed to work with D-Link's SecureSpot, a service which costs an additional $60 per year. My nice neighbors are on a fixed income (plus they feed me home-cooked meals from time-to-time), so I decided to pony up the cash for the router and service and buy them some added protection.

SecureSpot, which is actually run by a company called Bsecure Technologies, has a number of interesting features. It links directly with the router, as well as with light clients running on the PCs. It provides antivirus protection, time-of-access restrictions, and -- most important of all -- the ability to dynamically block my friend from blundering into malicious sites.

The Bsecure service constantly updates the router, telling it about new sites and IP addresses that are dangerous. Then, when my hapless friend tries to go to a nasty site, it blocks him from doing so.

At least it did.

I bought them the service in December, 2009 and paid $60 for a year, with an automatic renewal option. I don't have time to go to their house constantly. I figured this option -- especially since it was sold by D-Link and tightly integrated with their router -- would be a great way to keep my friends safe.

I haven't checked on their machines since November, but didn't think much of it. I assumed I'd be charged, or at least notified, when the next $60 payment would come due. Since I hadn't heard anything, I didn't worry.

Then I got a call last week. My friend's computer had started to go haywire. It actually started bothering him a few months ago, but he knows I work a lot of hours and didn't want to bother me. But by now, it had reached the level where he couldn't actually use the machine.

So I took a look. The Bsecure antivirus component didn't report any errors. But the symptoms he was describing indicated real problems. I downloaded Trend Micro's HouseCall program and ran that. And that's when I started to get upset.

Trend found the following malware on his machine:

  • TROJ_FAKEAV.FIZ: Payload carrier
  • TROJ_DROPPR.SMH: This is a rootkit trojan
  • JS_REDIRECT.SMA: Hosted JavaScript, uses Windows Scripting Host
  • TROJ_DROPPER.TSX: Payload carrier
  • TROJ_FRAUD.AL: Very high risk, sends and recieves information, arrives as email attachment
  • TROJ_Generic.ADV: Not sure
  • TROJ_PIDIEF.SMZB: Damaging

As you can see, nasty stuff. I then ran Microsoft Security Essentials, which confirmed that my friend had a computer filled with very, very malicious things indeed. He had a rootkit, along with a command and control virus, one that likes to send information back and forth.

I immediately told my friends to stop using the machine and visit their banks to make sure their finances hadn't been compromised. I've told them they now need to check their bank balances via phone or in person at least once a week, and keep a very close eye on them. They've also asked their banks to suspend online banking access completely.

At first, I thought my friend had somehow managed to power his way through the SecureSpot protections. He's a force of nature. Even though he doesn't fully understand computer technology, he's occasionally asked me about things like the Registry and Add/Remove Programs, so I figured anything was possible.

When I last looked in on my friends' computers back around Thanksgiving, they were fine. Their security software was doing its job, and everything seemed quiet.

To a degree, the infection was my friend's fault. I'd repeatedly told him not to open attachments, and at least one trojan I found on his machine only transmits via attachments, so I knew he hadn't listened.

Even so, the antivirus program and Bsecure should have caught it. After all, he undoubtedly disregarded my advice all through the year, and he'd been safe up until recently.

But he wasn't safe anymore. Do you want to know why? Do you want to know why I'm so pissed and why I'm writing this now?

I'll tell you why.

They just shut off his service. He's been unprotected since December -- and they didn't bother to tell any of us.

Apparently, D-Link and Bsecure have decided to "end-of-life" the SecureSpot program. Rather than billing me in December for another year, they just canceled my account. And then they stopped protecting my friends' machines.

D-Link and Bsecure never notified me of this. I had the registered email address for the service, and yes, I checked all my layers of spam filters, just to be sure. They never notified my friends of this (I checked their filters as well). D-Link and Bsecure didn't even pop up a message on their machines.

D-Link and Bsecure just simply stopped doing their job -- but left the little icons on the machines unchanged, so it looked like the same protection was in force that had always been in force.

It's as if you hired security guards to protect your house and instead discovered they'd dressed and placed mannequins outside your front door without telling you.

In fact, it was quite deceiving, even to an experienced geek like me. When I first looked at my buddy's machine, I saw the errors, but didn't think his AV program had stopped working. In fact, I went into the settings of the AV program, and there was nothing there to indicate it had simply stopped functioning.

One issue is that this particular suite of protection tools doesn't indicate the last date when virus definitions had been updated. It's designed to run in the background without much user involvement, so that detail isn't presented.

Bottom line: there was absolutely no way -- without going to the D-Link site itself -- to know that D-Link and Bsecure had abandoned my friends to the wolves.

The level of irresponsibility this demonstrates is staggering.

These are seniors on a fixed income. If their computers were penetrated, and if financial information had been exfiltrated, their lives would have been ruined.

Over the years, I've talked to senior executives at various security companies and discovered two types of people. The first type is the executive for whom security is life. Everything about the security of their customers is important and meaningful, and worthy of attention.

But there's a second type of security executive. This is the person who just got a gig. Maybe they were in marketing or PR in some other job, or maybe they were a friend of a friend. In any case, this type of executive doesn't take security seriously, doesn't really understand why people get upset when their software fails to protect, and really wishes everyone would just lighten up a bit.

This type of security executive has no business in this game. While I haven't yet spoken to D-Link executives about this transgression, I suspect I'll find people who just wish I'd lighten up.

Now, normally, I really like D-Link products, I own many of them, and I've recommended them. But I have to think that no one who lived and breathed paranoid security would ever have let a security product "end-of-life" without making absolutely, totally sure customers were aware and protected.

Security companies have an extra responsibility over the regular software company. If the guys who make Angry Birds fail at their job, people will be less entertained for a few minutes.

But if a security product fails, lives can be destroyed.

D-Link and Bsecure failed. Thankfully, my friends' financial information appears secure, but that's through no thanks to the companies we paid to protect them.

So what lessons can we take away from all this? First is the drum I've been beating all these years. You need to be constantly vigilant. I know it takes extra time, but it's necessary to keep safe.

Next is a question of trust. Choose your security partners very, very carefully. If you don't know them or haven't used their products, keep a constant eye on them.

Third, use layered security. Don't use a security suite from just one vendor. If you have malicious site blocking from one vendor, use antivirus from another. I know these tools don't play well with each other, but if one vendor gives up, there's at least a chance that the other will still do something of the job.

And -- finally -- before you go out and buy a security solution from either D-Link or Bsecure, think long and hard about the story you just read.

Be safe out there!

Topics: Software, Hardware, Mobility, Networking, Security

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

74 comments
Log in or register to join the discussion
  • RE: When your security software leaves you to the wolves

    Are you sure that Ubuntu is not better for them? Once configured you show how to shut down the pc, what browser to use etc. Safe with no extra cost.
    d.marcu
    • RE: When your security software leaves you to the wolves

      @d.marcu Actually, I do think Ubuntu would be better, but he's not thrilled with change. I've also considered an iPad (yes, it's true), but he thinks the screen might be too small to read.<br><br>This is probably a long, multi-stage story. I just found out about the problem this weekend, but I'll be working with them to come up with a new PC-usage plan over the next few weeks.<br><br>Given my personal preference, I'd slap them on Linux in a heartbeat, or put the guy on an iPad (and leave the iTunes password only for his wife to use -- he'd download everything otherwise). But since they get a vote, it's still open to debate.<br><br>Jason Perlow suggested a product called DeepFreeze, which resets the PC to a fresh, fixed condition on each reboot, and I'm considering that as well.

      I also considered this thing:

      http://www.zdnet.com/blog/computers/linux-for-seniors-kiwi-pc-builds-a-linux-pc-for-grandma-and-grandpa/5323

      If anyone's got any experience with it, please post below.
      David Gewirtz
      • RE: When your security software leaves you to the wolves

        @David Gewirtz, DeepFreeze sucks, it turns your install to a "live cd" and you won't be able to install anything new, no updates, no new browsing history, no more new saved passwords etc, and last time i worked with that software you had to define a folder where to save files. Save them somewhere else(let's say desktop) and they would be erased on next boot. That software is good if you have a internet cafe but not for home. You may install them ubuntu in dualboot mode for a while and see if they like it, and tell them that ubuntu means some new stuff to learn and no more problems vs current situation
        New idea: tell then that you can install them a new version of windows named ubuntu linux designed for older people, it's a little different from what they know but it's secure. It works with some people.
        d.marcu
      • DeepFreeze is GO!

        @David Gewirtz

        Dutchess Community College uses it, and they've had some good success with it. At my company we (briefly) tried MS Steadystate, but is isn't stable enough.... all it takes is a power outtage (or a user who knows about the 4-second button trick) and the hard drive and steady state system need a major administrative cleanup in order to reboot. My personal (user) experience with deepfreeze has been very positive, although I have not used it from the admin side yet. One caveat - it kills updates, including security updates. You have to disable it, then perform updates, and then reenable it.... At least once a month (update Tuesday?).
        rock06r
      • DeepFreeze

        @David Gewirtz
        I do *not* know if this is still true or not, but when I worked at the Apple Store we used Deep Freeze on all our floor Macs so that they would return to a steady, consistent state after people (kids) got done "test driving" (MySpace) the Macs each day. It is a very good product, but at d.marcu notes it basically turns your operating system into a live cd version.

        If I had the choice (I don't), this is what I would use on my Mother's PCs (Windows 7). I would do it in the following manner, though:
        1)Partition the drive one for the OS and one for data.
        2)Give them the machine for a few days so they can go to websites, email, etc... for which they may want to store passwords and so forth.
        2a)In lieu of the preceding step, consider a 1Password (or similar) service.
        3)DeepFreeze the OS partition.
        4)Teach my folks to save photos, videos, etc... to the data partition.
        5)Leave them with a scratch pad on which to note sites/services that they want to make changes to and periodically stop by to "thaw", modify, and "re-freeze" the PC.

        This is all based on my experience with DeepFreeze on the Mac, but I think it's an essentially sound strategy. You *must* remember that updates/definition files, etc... will not remain unless they are applied to the drive when it is unfrozen.
        use_what_works_4_U
      • RE: When your security software leaves you to the wolves

        @David Gewirtz
        I have a single XP machine at home (typically no MS products allowed). It lives in VirtualBox and once in a while I will revert to a snapshot. Of course this could be too heavy handed, but is as close to 100% safe as it gets.
        kirovs
      • RE: When your security software leaves you to the wolves

        @David Gewirtz
        If they are not using Windows-only apps, Linux does not need to mean much of a change. There are some very good theme "transformation packs" that can make the system look and behave like the OS they have.
        joblak2
      • DeepFreeze

        @David Gewirtz DeepFreeze is awesome, we use it at the college I work at.<br><br>But AFAIK, it works at the kernel level, and if a bug can escalate to that then DeepFreeze cannot protect you. Note that I have not seen this happen.

        Edit: @d.marcu: "Live CD"? That's the whole point of DeepFreeze, intercept hard drive writes and cache them. When the computer reboots all writes disappear.
        nightbirdsf
      • RE: When your security software leaves you to the wolves

        @David Gewirtz

        the 60 bucks u spent, u could get ESET Smart security for 30something bucks and it would have done a way better job of protecting their computer. i have been using it for ages and i never had a problem, it has a firewall and blocks malicious sites, etc...
        pongo2002
      • RE: When your security software leaves you to the wolves

        @David Gewirtz how about a Chromium notebook when it comes out? I still say Ubuntu is the way. Better to be a little inconvenienced and learn something new rather than get your identity stolen. Since he really isn't up to the task of using the internet responsibly.
        zaphod778
      • Try Open DNS

        @David Gewirtz
        You can configure which types of sites to block, up to entering a specific site if necessary. And it's free. I use it.
        linux for me
      • RE: When your security software leaves you to the wolves

        @David Gewirtz Faronic's Deep Freeze is an alternative but it is not a security solution. Its ability to remove changes (harmful or otherwise) is a side effect of the primary goal of the application itself: quick restoration of a computer or server to get it back into production as quickly as possible. It can also be difficult for those with a lack of technical experience to work with as noted by "d.marcu".

        There is a new breed of solutions in the security space however that DO have a security first design that I recommend you take a look at: Returnil System Safe Pro/Free 2011 and Returnil Virtual System Pro 2011.

        The design focus in RSS and RVS is to create an intelligent, layered approach to PC/network security by taking advantage of each component's core competency which is used to cover the weaknesses in the other technologies without overlap of functionality by combining System level vitualization (like DF, this would be boot-to-restore) with default-deny Anti-execute, VB100 quality Antimalware (RSS only and included in the Free version), and System Restore features that work to reduce the time to removal of potentially malicious content while keeping the real hard drive clean over time. Further, each component backs up the other components such as seamless removal of content (ref: boot to restore) even if it goes undetected, Anti-execute with 3 simple choices and no questions to answer or rules to configure (if it can't run, it can't infect), and if all else fails, simply restore your System to an earlier point in time where each restore point is scanned by the antimalware automatically before a user can force the restoration.

        Please feel free to contact me at support (dash) tech (at) returnil (dot) com and I would be very happy to answer any/all questions about the software and get you set up with licensing.

        With Kind regards
        Mike
        Mike_Wood
      • RE: When your security software leaves you to the wolves

        @David Gewirtz One additional, useful fact is that unlike other anti-solutions, the Antimalware/Antivirus component in RSS Pro/Free is fully compatible with most 1st and 2nd tier Antivirus solutions. This means that a potential user will not need to sacrifice their current licensing to try or use RSS. So for example, you could use RSS along side NAV, KAV, Eset, McAfee, Avast!, Avira, AVG, MSE, etc, etc without conflict.
        Mike_Wood
    • RE: When your security software leaves you to the wolves

      @d.marcu
      Actually not a bad idea.
      One challenge may be the learning curve of the malware magnet.
      rhonin
    • Use a more appropriate OS

      @d.marcu #<br><br>+1 <br><br>Over the last few years, I installed Ubuntu for quite a few "silver surfers" and potential "malware magnets". I found that by eliminating MS Windows from the equation, c/w some basic security precautions (i.e not letting users run as root, etc,) then our malware woes simply disappeared. So did the need for layer-upon-layer of resource-hogging (and frequently ineffective) <i>antifungus</i> software!<br><br>FWIW, as well as the boxes I support here in Blighty, I also look after a couple of Ubuntu machines 1700km away for my partner's family in Hungary. In addition to the issues raised above, this scenario also presents me with language difficulties too. (They don't speak much English and I can ask for a beer in Hungarian, but that's about it.)<br><br>Trying to support these folks remotely under MS Windows was a nightmare. However, Ubuntu's excellent language support c/w its very high resistance to malware makes running these remote machines relatively easy. <br><br>And, of course, if you want total control over remote 'Bunty boxes, then you can open a port on the firewall and SSH secure shell into it.<br><br>Just my 2p worth. Best wishes, G.
      mrgoose
    • Definitely.

      @d.marcu <br><br>Just slap on a XP or 7 like theme, would they even know the difference? maybe the wife, but then again...<br><br>Interesting though, that you chose MSE as your 'go to' scanner to remove the nasties... has Microsoft come that far with their anti-virus product? I would think a combo of Malware bytes + Avast because of it's 'boot scan' option; MSE's rootkit detection is that good, huh? hmmm, maybe another tool to add to the belt.
      UrNotPayingAttention
      • RE: When your security software leaves you to the wolves

        @chmod 777

        MSE is a good choice for AV, I won't say it's the best that changes all the time and it's also a matter of preferance but PCFormat liked it and I've been using it for a while in combo with Malware bytes. Avast didn't do so well when PCFormat tested it, I've tryed it an I like the boot scan but to be honest the popups etc anoy me, there's probably an option to turn them off but I like my AV programs to stay out of the way and do their thing with out constantly telling me they are up to date.
        Big_Belly_Bob
  • &quot;...he's not thrilled with change...&quot;

    Try tough love and a live CD. I had an older friend exactly like this. After the 10th+ clean up in 3 months, I sat him down. We went over everything he did/used. He didn't do anything but web surf, email and listen to music/videos. I spent an hour showing him Ubuntu via live cd. He said no, he'd stick with windows. I wished him well and told him he was on his own, so he reluctantly agreed to try it. I installed it and didn't hear from him for a month, so I went by for a visit. I used to be able to lock him out by turning on auto-hide, but he had changed backgrounds, turned on compiz, downloaded updates etc. As I left he informed me "we should have done this years ago!"
    ALISON SMOCK
    • My seventy-something mother didn't like the idea of changing either, but...

      @ALISON

      ...now that she has finally dumped MS Windows, she is delighted with 'Bunty. Not merely is she safer, but she [i]feels[/i] safer too, which is very important for elderly folks. She even does all her routine system updates by herself - unencumbered by the fear of breaking (or catching) anything. In fact, I hardly ever have to touch her machine at all.

      Consequently, today she does far more with her machine than she ever did under Windows. ATM she is particularly keen on the BBC iPlayer, now she's discovered that she can watch all the telly programmes she missed while she was doing the gardening, lol. :-)

      It's amazing what she can do now she is no longer in constant fear of "[i]catching something nasty[/i]".

      Best wishes, G.
      mrgoose
  • Sounds like you should have gone with MSE in the first place.

    I've been using it for a long time and it's never failed me yet. You say MSE found the malware, so it would have protected them, yes?

    Also, MSE is *free*, and run by MS. Not to mention if MSE were ever discontinued even sheep herders in Nepal would hear about it.... :)

    Agreed Dlink/Bsecure *really* dropped the ball on this one.

    Of course I disagree with you about running more than AV, *especially* from different companies. That's an invitation to disaster.
    wolf_z