Email Systems – Ensuring Viruses Aren’t an Issue

August 9, 2012 by  
Filed under Security News

It is really easy to run your own email infrastructure. Even systems like Microsoft Exchange can be deployed to manage your organization’s email infrastructure. Setting up a system is only a small part of what needs to be done; it is also important that any system you set up on the network is secure. Security is really a big job, and with email servers, you need to take other things into consideration besides keeping your Exchange Server secure – how your users will be affected. Let’s focus on one major problem – viruses. Viruses can affect your Exchange Server, or any other email infrastructure you might have set up, as well as your users’ machines.


How should one tackle the virus problem?


Exchange Infrastructure:

When it comes to protecting your Exchange infrastructure from viruses, the first thing that comes to mind is to simply set up an antivirus solution on the Exchange Server. This is obviously possible but tricky. Unlike a desktop, installing the antivirus alone is not enough. You’re free to do it if you really want to, but rest assured it will have a substantial negative impact on your Exchange Server’s performance. In order to ensure a good performance, there are various files you have to exclude from being scanned each time they are accessed. The reason behind this is that these files will be accessed by the system as soon as new emails are received for processing.


It is also important to ensure that you do not rely exclusively on your antivirus software for virus protection. Many viruses spread by leveraging software flaws, so performing regular patch management can greatly reduce the possible vulnerabilities for viruses to exploit.


Your Users:

The next step is that of safeguarding your users’ inboxes from viruses. Email is a popular vector for distribution of many different malware types, including viruses. There are many ways we can tackle this problem. The easiest way would be to deploy a simple antivirus solution on every single desktop, but is this really enough? If you move your antivirus system server side you can have greater control. Such server side products offer advanced features when it comes to antivirus as well – from multiple antivirus engines protecting your users, to features such as sandboxing and various other heuristic techniques to detect even custom-made malware that antivirus companies might have yet identified or provided protection against.


Preventing malware from reaching users is also essential because this lowers the risk that an employee will click on phishing links or attachments that lead to or contain malware.


Installing an email system such as Microsoft Exchange is only the first part of the job. Securing the infrastructure itself is not enough either. You must ensure that your users’ usage of the infrastructure is safe in itself. While doing this will involve some extra work, in the long run it will save you considerable amounts of both time and money!


This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right mail server antivirus solution for your company should include.


All product and company names herein may be trademarks of their respective owners.



Clean Your System When Uninstall Apps and Fix It With “Mirekusoft Install Monitor”

July 19, 2012 by  
Filed under Protection Tools

Are you tired of bloated applications that refuse to uninstall cleanly? Check out Install Monitor for a better way to deal with application management and removal. Install Monitor allows you to see the impact installing an application has and fully remove it when you decide to uninstall. It can help solve problems that are caused when a program does not uninstall properly. The result is a cleaner and more efficient system.


Install Monitor works by monitoring what resources such as file and registry are created when a program is installed. This allows you to see what impact installing a program has and helps you to remove it if necessary. For more information about how to get the most out of Install Monitor check out the blog.


Install Monitor is free for personal and home use. For business/corporate use contact To download go to the download page.



• Maintain a system that remains “clean” without reinstalling
• See how big programs are and what changes they make
• Fix problems caused when old versions of a program do not remove themselves


System requirements

• Windows 7, Windows Vista (Service Pack 1 or later), Windows XP (Service Pack 3 or later)
• 1 GHz or higher processor (2 GHz or faster recommended)
• 512 MB of RAM (1 GB or more recommended)


Download Here


3 Features Your Mail Server Antivirus Must Include

July 5, 2012 by  
Filed under Security News



Viruses and malware are complex pieces of code that can execute a wide variety of functions in an unlimited number of ways. In fact, at their core, a malware or virus is no different than any other program.


This means it is not easy for an antivirus solution to determine whether a file is legitimate, or if it is in fact some kind of malware. Home desktop-based systems are protected sufficiently well with most antivirus solutions. Assets on home machines are likely to be of limited value, so cost savings and simplicity are more important than the product having advanced technologies.


However, when we’re talking about a mail server system the situation changes drastically.  The risks are much higher. If a piece of malware reaches a user’s machine, then it is highly probable that the user will do something that will execute it. Users often have a false sense of security, believing that the mail server’s antivirus system will block any and all threats. Such reasoning could spell disaster for your business, leading to downtime, delays, lost productivity, material losses and, potentially, also customers.


So what should we be looking for in a mail server antivirus solution?


1. Multiple Antivirus Engines:

Traditionally, antivirus solutions work by having the vendor identify a new malware, creating rules that will detect said malware, and finally distributing those rules as an update to their software.


There are two pitfalls when using this method. A particular antivirus vendor might be late to the party, thus leaving users exposed until their software is patched. Therefore, the more antivirus engines there are protecting your server, the lower the risk will be that the server is not protected at any point in time.


The second is that no one is perfect. In general, different variants of a particular piece of malware are released. This means that antivirus vendors must analyze each one and develop individual rules when no single rule can be applied to all or a group of them. It is possible that a vendor might miss one, or more, of these variants. Multiple antivirus engines provide you with a multi-layered approach, so if one fails the other will not, and so on.



2. Heuristic Analysis:

The manual analysis of a malware file to create specific rules for it is just one method an antivirus solution can use to detect malware. Advanced antivirus systems also utilize a technology known as “heuristic analysis”.


This analyzes how a malware program works, what functions it uses, what behavior it has and what tasks it will execute if ran. Using this data the heuristic analysis procedure determines if a program is likely to be malicious or safe, without having to run it and suffer any potential infection. This system is ideal to detect new viruses that have not yet been analyzed by antivirus vendors, as well as custom-made malware that has been specifically designed to target your organization and would never have reached the antivirus vendors for analysis.



3. Sandbox:

Sandboxing is a more advanced system that is quite similar to heuristic analysis. Some malware programs are so sophisticated that they can actually rewrite themselves, a process known as polymorphism.


This type of malware may seem harmless when it is first analyzed by a heuristics system, however, upon execution, it changes itself in to a malicious file, eluding detection.


A sandbox system runs the malware in a virtual, contained environment. It allows the malware to run, while the sandbox monitors everything the program does. In this way it can discover if it is malicious or not based on the program’s behavior. Thus, even if the malware is polymorphic, the antivirus solution will identify it when the malware runs in the virtual environment. Sandboxing provides another layer of protection and allows for great detection levels and accuracy.


An antivirus solution for a mail server requires far more advanced functionality than desktop solutions have. If you have an email server, adopting a solution that uses the above technologies will give you a very high level of protection and prevent nasty stuff from doing anything. And, as always, prevention is better than cure.


This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right mail server antivirus solution for your company should include.

All product and company names herein may be trademarks of their respective owners.



7 Reasons to Consider Hosted Email Security

June 7, 2012 by  
Filed under Security News

Companies looking to provide the best defenses for their email users have a number of choices available out there. While many admins will prefer to implement a solution within their own datacenter, others are finding that hosted email security solutions are a great way to go. If you are looking to reduce your hardware sprawl and take advantage of the power of the cloud, a hosted email security solution may be just what you are looking for. If you are trying to decide if it’s right for you, here are seven reasons why it could be the email security solution that best suits your company needs:

1.     Effective Protection

Hosted email security providers focus on one thing; email. They have the processing power to run multiple engines for filtering spam and malware without slowing down the data flow or skipping over anything. The volume of messages they process enables them to quickly identify new spam campaigns and protect their customers from the latest phishing campaigns.

2.     Bandwidth Savings

If you look closely at how much bandwidth you use on processing mail and compare it to how much legitimate mail gets to your users’ inboxes, you may be amazed by just how much of your limited bandwidth is used up moving spam. Hosted email security filters out all the junk before it ever hits your network, saving tons of bandwidth for more important things.

3.     Lower Your Costs

Hosted email security is a very cost effective way to protect your users. Many services offer varying payment terms, keeping your costs low and letting you pay only for what you need.

4.     Better defense against attacks

Hosted email security providers have the bandwidth and capacity to handle even the largest spikes in volume from the latest bot-net attacks that could take smaller networks down from the sheer volume of spam. With a hosted email security system in place, your network won’t even notice the spam storms that can strike without warning.

5.     Extend the useful life of your existing systems

What could you do if each of your mail servers was suddenly twice as powerful as it is now? Could you handle more or your current users with fewer servers? Hosted email security breathes new life into your server by greatly reducing their workload. It’s like an instant hardware upgrade.

6.     Added Fault Tolerance

Hosted email security providers have redundant Internet connections, datacenters, and servers, but that’s not the only fault tolerance they provide. If your servers or Internet circuit is down, they can store mail for delivery to you once your system is back online, and some even offer a web portal your users can access to send and receive email, even when your systems are offline.

7.     Archiving

Archiving is becoming a major requirement for many companies, either from a compliance requirement or just to preserve intellectual property. Hosted email security solutions already process all your email, so it is a natural fit to add email archiving into the service offering.

So if you are planning to add email filtering to your messaging system, consider these seven reasons to go for a hosted email security solution and see whether it better fits your company budget and needs..

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using hosted email security.

All product and company names herein may be trademarks of their respective owners.


The Web Security Strategy for Your Organization

July 6, 2011 by  
Filed under Security News

In today’s business world, internet usage has become a necessity for doing business.  Unfortunately, a company’s use of the internet comes with considerable risk to its network and business information.


Web security threats include phishing attacks, malware, scareware, rootkits, keyloggers, viruses and spam.  While many attacks occur when information is downloaded from a website, others are now possible through drive-by attacks where simply visiting a website can infect a computer.  These attacks usually result in data and information leakage, loss in productivity, loss of network bandwidth and, depending on the circumstances, even liability issues for the company.  In addition to all this, cleanup from malware and other types of attacks on a company’s network are usually costly from both the dollar aspect as well as the time spent recovering from these web security threats.


Fortunately, there are steps a company can take to protect itself from these web security threats.  Some are more effective than others, but the following suggestions should help narrow down the choices.




Employee internet usage policy

The first and probably the least expensive solution would be to develop and implement an employee internet usage policy.  This policy should clearly define what an employee can and cannot do when using the internet.  It should also address personal usage of the internet on the business computer.  The policy should identify the type of websites that can be accessed by the employee for business purposes and what, if any, type of material can be downloaded from the internet.  Always make sure the information contained in the policy fits your unique business needs and environment.



Employee education

Train your employees to recognize web security threats and how to lower the risk of infection.  In today’s business environment, laptops, smartphones, iPads, and other similar devices are not only used for business purposes, but also for personal and home use.  When devices are used at home, the risk of an infection on that device is high and malware could easily be transferred to the business network. This is why employee education is so important.



Patch management

Good patch management practices should also be in place and implemented using a clearly-defined patch management policy.  Operating systems and applications, including browsers, should be updated regularly with the latest available security patches. The browser, whether a mobile version used on a smartphone or a full version used on a computer, is a primary vector for malware attacks and merits particular attention. Using the latest version of a browser is a must as known vulnerabilities would have been addressed



Internet monitoring software

Lastly, I would mention the use of internet monitoring software.  Internet monitoring software should be able to protect the network against malware, scareware, viruses, phishing attacks and other malicious software.  A robust internet monitoring software solution will help to enforce your company’s internet usage policy by blocking connections to unacceptable websites, by monitoring downloads, and by  monitoring encrypted web traffic going into and out of the network.


There is no single method that can guarantee 100% web security protection, however a well thought-out strategy is one huge step towards minimizing risk that the network could be targeted by the bad guys.



This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI web security software.


All product and company names herein may be trademarks of their respective owners.

Facebook changes privacy settings for millions of users – facial recognition is enabled

June 9, 2011 by  
Filed under Security News

When Facebook revealed last year it was introducing facial recognition technology to help users tag their friends in photographs, they gave the functionality to North American users only.


Most of the rest of us found the option in our privacy settings was “not yet available”, which meant we could neither enable or disable it. We simply had to wait until Facebook decided to roll it out to our account.


Well, now might be a good time to check your Facebook privacy settings as many Facebook users are reporting that the site has enabled the option in the last few days without giving users any notice.


There are billions of photographs on Facebook’s servers. As your Facebook friends upload their albums, Facebook will try to determine if any of the pictures look like you. And if they find what they believe to be a match, they may well urge one of your Facebook friends to tag it with your name.


The tagging is still done by your friends, not by Facebook, but rather creepily Facebook is now pushing your friends to go ahead and tag you.


Remember, Facebook does not give you any right to pre-approve tags. Instead the onus is on you to untag yourself in any photo a friend has tagged you in. After the fact.


If this is something you’re uncomfortable with, disable “Suggest photos of me to friends” now.


Here’s how you do it.


* Go to your Facebook account’s privacy settings.


* Click on “Customise settings”.


* Under “Things others share” you should see an option titled “Suggest photos of me to friends. When photos look like me, suggest my name”.


* Unfortunately at this point you can’t tell whether Facebook has enabled the setting or not, you have to dig deeper..


* Click on “Edit settings”.


Facebook privacy setting


* If Facebook has enabled auto-suggestion of photo tags you will find the option says “Enabled”.


Facebook privacy setting


* Change it to “Disabled” if you don’t want Facebook to work that way.


* Press “OK”.


Earlier this year, Sophos wrote an open letter to Facebook. Amongst other things, we asked for “privacy by default” – meaning that there should be no more sharing of information without users’ express agreement (OPT-IN).


Unfortunately, once again, Facebook seems to be sharing personal information by default. Many people feel distinctly uncomfortable about a site like Facebook learning what they look like, and using that information without their permission.


Most Facebook users still don’t know how to set their privacy options safely, finding the whole system confusing. It’s even harder though to keep control when Facebook changes the settings without your knowledge.


The onus should not be on Facebook users having to “opt-out” of the facial recognition feature, but instead on users having to “opt-in”.


Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.


If you are on Facebook and want to keep yourself informed about the latest news from the world of internet security and privacy you could do a lot worse than join the Sophos Facebook page where we regularly discuss these issues and best practice.


You should also take some time to read our step-by-step advice on how best to configure your Facebook privacy settings.



By Graham Cluley @


Sony Europe hacked by Lebanese hacker… Again

June 4, 2011 by  
Filed under Security News

By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc dumped another user database at Sony Europe containing approximately 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.

Snapshot of database dump on pastebin

The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.


SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.


Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: lol.”


If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.


A great resource with detailed information on how to protect against SQL injection attacks is available at


You can also download our free technical paper Securing Websites.

By Chester Wisniewski @


Idahc tweet about Sony hack