Saturday, December 1, 2007

What is Grinch.exe and What Should I Do about It?

Chances are, if you work in an office, you're using your company-issued PC or laptop to do a little online shopping in advance of the holidays. You're not alone. Of the $116 billion expected to be spent on online retail purchases this year, $39 billion of that will be spent during the holiday season, an increase of 20 percent over last year, according to Jupiter Research. Nearly half of that shopping will be done during work hours; in fact, a recent Bill Me/Ipsos Insight survey revealed that 12 million Americans admitted to shopping online during work-related conference calls!

If you are surfing the web, such shopping might inadvertently take you to web sites loaded with spyware, key loggers, and other malicious software, making your credit or identity information vulnerable to theft and / or creating havoc on your operating system. But by the time your PC is infected with malware or unknown files such as Grinch.exe, it's too late. In fact, every time an employee shops online, they increase their risk, says Brian Gladstein, director of product marketing for Bit9, a leading application control and device control solution provider.

"As we launch into the holiday shopping season, employees will inadvertently expose their company PCs and laptops to potential security threats," Gladstein noted. "It's critical that IT professionals proactively protect their endpoints by stopping unknown software from ever executing."

For example, Gladstein observed that employees are very likely to have vulnerable applications running on their systems, which are easily exploited by the latest attacks. He recently authored a research brief on the top popular vulnerable applications for 2007.

Fortunately there are easy and efficient methods that will help IT professionals guard against these online threats. Gladstein advises a simple five-step approach, including:

1) Define an appropriate application control policy

This policy should answer questions such as: What applications will we authorize users to install and/or run on their own? What software will not be authorized? Are unknown files that could potentially be malware, such as Grinch.exe, authorized to run in our environment?

2) Monitor your PCs

Not sure what's being copied onto the computers you manage? Use a software identification service to understand the true nature of that software. Free services such as FileAdvisor (http://fileadvisor.bit9.com/) let you look up and identify unknown files like Grinch.exe.

3) Understand where the vulnerable applications are in your network.

A complete picture of where the vulnerabilities are on your network is required to ensure you are addressing them. After all, if you do not know a user is running a vulnerable application and they connect their laptop to a public wi-fi spot, you risk a possible intrusion and / or loss of data on that computer.

4) Be aware of new vulnerabilities

Stay on top of new vulnerabilities by visiting resources such as the National Vulnerability Database (http://nvd.nist.gov/), the SANS Institute (http://www.sans.org/), and the U.S. Computer Emergency Readiness Team (http://www.us-cert.gov/).

5) Stop unwanted software before it executes

Consider using application control and device control products such as Bit9 Parity™ to help you control what applications and devices can and can not operate. Stopping unwanted software before it can execute will always be your best defense in protecting desktops, laptops, and servers from malware, spyware, zero-day attacks, and any unknown, unwanted, or unauthorized software.

"The bottom line is that you can't be careful enough," Gladstein summarized. "We recommend everyone implement application controls to ensure that unknown, unauthorized, or unwanted software that is downloaded, either on purpose or inadvertently, never gets a chance to run."

No comments: