Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (81)
  • add to favourites
    Add to Bookmarks

Remote and unwanted

Read: 12034 Comments: 10 Rating: 15

Wednesday, June 3, 2020

It is clear that on their own devices, users are king. They have free rein to install whatever applications they want. And then completely forget to remove them. Meanwhile, when they opt for a default installation, they install adware and whatever other software is bundled with the application, too. As a result, the computers (especially if their users lack sufficient IT knowledge) turn into a menagerie of sorts. And the transition to working remotely has only exacerbated this situation.

Unfortunately, most companies have been unable to provide all of their employees with corporate laptops that are set up and controlled by their system administrators. So, left to their own devices, users search the Internet for the programs they need and install whatever they like (why should the company care what browser or mail client I’m using?) by clicking on the first link that pops up in the search results (and we know that all sorts of programs can find their way into a system that way).

As of March 27, installations of unwanted software spiked to 25%, against just 1% at the end of February.


And the consequences:

In the past week, the number of malware infections increased by 15% compared to the previous reporting period.

Malicious files get onto users' PCs in the guise of office software and messengers. Criminals also mount new phishing campaigns that take advantage of people's interest in and fear of the coronavirus.


And, as system administrators also have to manage corporate infrastructures remotely, they, in turn, install the software they need to do their job.

Analysts with ACRC have registered a growing number of incidents involving the installation of dubious remote administration software. These actions are usually conducted by staff members who require access to information systems protected by firewalls.


It is worth mentioning that to penetrate networks, attackers often employ the same remote administration tools as legitimate companies.

#malware #corporate_security #remote_access

The Anti-virus Times recommends

Let's remind you of our recommendations on how remote workplaces should be organised:

  1. Before employees start working remotely, system administrators (or information security staff) should compile a list of recommended software that staff members can install on their computers and make sure that the list is approved by senior officers.
  2. They need to prepare distribution files of the recommended software and place them in a storage location that employees can access to download the applications.
  3. Furthermore, users should be provided with software configuration guides, including the list of installed plugins, what default language they need to use, etc. That’s necessary to avoid situations like this:

    Lizet Ocampo, the Political Director at People For the American Way accidentally toggled on custom filters in her video call application and appeared as a potato during a scheduled call.

    She immediately noticed that something wasn't right and attempted to disable the filter but was unable to figure out how to do so. As a result, she had to stay as a potato throughout the meeting.


  4. We also recommend that a centrally managed end-point security solution be used. That will enable system administrators to respond promptly to any attempts to install malware and send notifications to users via the Control Center. A solution of this kind can also control what applications users install and make sure that security updates are applied in a timely manner. And, finally, application control features let administrators disable unwanted software as soon as it is discovered on the protected machines. You can find out more about these protection components in the usage scenarios.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.