It is difficult to find a title for this post. This is an important topic for even a "novice" computer user to get their head around. But it seems to be an onion in the sense that it takes layers of explanations to get to a common language description of what HIPS means to you; ie, why it is important to you.
HIPS stands for Host Intrusion Prevention System. That doesn't mean a whole lot to me and I suspect it doesn't mean a whole lot to you. But it is related to keeping your computer and home network secure; in fact, it is fundamental to maintaining your own security.
I use the term AntiMalware to stand for any computer program that detects and perhaps manages infections on your computer, your network, and the internet. Programs that are called AntiVirus fall in this category, as well as programs that extend their protection to unwanted programs on your computer or in your browser that perhaps just throw up additional ads while you are surfing the internet, or pop up ads on your computer that are a nuisance. Malwarebytes falls in this category.
AntiMalware detect malware through two major techniques. One is by Signature. They look at each object's (program module and data file) construction, such as number of bytes, or certain bit/byte patterns within the object, to identify it as a threat. This is the most common way to determine if an object is malicious. But there is another way to detect malware: look at what the program or data file is "doing." It might change a registry entry in a special way, or it might try to gain access to services on your computer that normal programs shouldn't access. That is what HIPS-based antimalware do. That is how they work.
Some antimalware programs do both Signature-based detection and HIPS-based detection. In fact, that is the main point of this blog entry: when you are evaluating antimalware for use on your computers, you should be looking in their description for both Signature-based algorithms and HIPS-based algorithms.
An important note: You don't need to have an antimalware program that does both. But you need to have both types of protection. So you might pick a good Signature-based antimalware program and a good HIPS-based program. Also, you might want more sophisticated protection on a laptop or tablet that sees public wifi networks. That environment is the most likely source of infection. (Then you bring the laptop or flash drive home and infect the other computers on your network.)
This discussion was inspired by an article I read on the Malwarebytes blog. (Click here) I hope with this introduction you can get something out of that article.
Thursday, December 12, 2013
Saturday, December 7, 2013
Obamacare and your personal health and financial information
I don't intend to "get into politics" in this blog; however, I do cover security. Obamacare does have some very major security problems. There are parts of government regulations that cover health data security/privacy. You've encountered these regulations when you are asked to fill out a HIPAA for for release of information. I've been directly involved implementing security in both the private business sector and in the health sector and continue to keep up with those fields.
I agree with most other experts that the Obamacare implementation is a disaster in these areas:
The article: http://it-security.blognotions.com/2013/11/27/hipaa-audit-tips-%E2%80%93-conduit-business-associate-or-something-else/?_m=3l%2e000t%2e21%2egw0akw6ons%2e1eh
I agree with most other experts that the Obamacare implementation is a disaster in these areas:
- Planning and project management
- Product
- Workflow associated with the product
- Security with respect to all of the above.
The article: http://it-security.blognotions.com/2013/11/27/hipaa-audit-tips-%E2%80%93-conduit-business-associate-or-something-else/?_m=3l%2e000t%2e21%2egw0akw6ons%2e1eh
Tuesday, December 3, 2013
Scorpion Saver... "Infection" is epidemic in our area
I'm encountering a lot of Scorpion Saver infections. Scorpion Saver is technically not a virus, and it generally doesn't get caught by antivirus programs; however, it is certainly a nuisance, if not incapacitating. You don't want it on your computer. So, if you are experiencing a lot of unusual ads popping up, even with the popup setting on your browser set, you may have Scorpion Saver.
It may be my imagination, but this problem seems to be especially prevalent in computers whose users use AOL as their email provider. You know I am not a fan of AOL; in fact, I am enthusiastic proponent of not using AOL. This is one reason.
In my opinion,Scorpion Saver is real malware and you need to get rid of it. A good writeup on how to do it is found here. Please review that web page, which has a good description of what an infection looks like as well as how to remove it.
It may be my imagination, but this problem seems to be especially prevalent in computers whose users use AOL as their email provider. You know I am not a fan of AOL; in fact, I am enthusiastic proponent of not using AOL. This is one reason.
In my opinion,Scorpion Saver is real malware and you need to get rid of it. A good writeup on how to do it is found here. Please review that web page, which has a good description of what an infection looks like as well as how to remove it.
Monday, December 2, 2013
Windows 8 to 8.1 Conversion: My List of Problems and Resolution
Introduction
I've converted some systems from Windows 8 to Windows 8.1 and hit some snags along the way. In fact, I'm finding new ones all the time. Rather than create a blog item every time I have a problem, I'm going to make this my on blog entry for all issues. As I hit an issue, I'll document it here; both issue and resolution. So return here every so often, or when you actually install Windows 8.1.Issue: Office 2010 Freezes
Description: Office 2010 works for a while but, when I do some kind of action, it freezes. In my case, I wanted to format a column. I right clicked on the column number, clicked "format", and the application froze.
Solution: There are discussions of this on the internet, but they are conflicting. My solution is to repair Office. Go to the Control Panel.Default Programs. Click on Programs and Features. Select (left click) the Office version that is has the problem. A link will appear at the top: Repair. Single left click that and let the repair take place. Restart your computer. The problem should have resolved itself. Note: Each edition of Office has different problems and ways to resolve the problems. For your situation, google "Office {your version} problem Windows 8.1."
Issue: MsiExec errors (Have to find in Event Viewer; might not "see" anything as a user except erratic behavior
Description: Faulting application name: MsiExec.exe, version: 5.0.9600.16384, time stamp: 0x52158c02
Faulting module name: SHELL32.dll, version: 6.3.9600.16456, time stamp: 0x5278fede
Exception code: 0xc0000005
Solution: See discussion here. Windows 8.1 is buggy.
Issue: General Instability
Description: System is not behaving well. Programs or printers hanging.
Solution: start a cmd window as administrator. (Type cmd on the Start screen. Right click "Command Prompt" from the search results. From the drop down, select "run as administrator." Enter sf /scannow.
Issue: This message: The "IWD Bus Enumerator" is disabled.
Description: This message occurs soon after installation of 8.1. If you go to the Device Manager, right click on IWD Bus Enumerator and select the "update driver software" option, you get that the latest driver is already installed. However, in the device manager there are two lines "IWD Bus Enumerator": the first line is normal (i.e., enabled), and the second line shows that error message (yellow triangle).
Solution:
I googled it and got: https://forums.lenovo.com/t5/
Subscribe to:
Posts (Atom)
Printfriendly
